Sumo Logic Anomaly Detection Teaches Splunk a Lesson

On September 10, 2013, Sumo Logic unveiled its Anomaly Detection solution, a natural follow-on to its pattern recognition LogReduce technology made available during 2012.  The Anomaly Detection offering uses advanced machine learning to detect abnormalities in log data, suggests potential correlated events of risk to users such as IT operations or security personnel, and enables users to generate repeatable alerts to prevent risks from hatching into attacks or outages.

Or in more general terms, Sumo Logic Anomaly Detection helps IT and tech providers better predict and thus prevent application or system outages, and helps security and compliance professionals similarly predict potential security attacks or out-of-compliance scenarios before they happen.  And therein lies the big difference between Sumo Logic and Splunk:  Sumo Logic, like Splunk, optimally gathers machine and log data.  Splunk, however, merely offers visualization of that data.  If you want to actually analyze the data using predictive analytics (aka Big Data analytics), you need to dump Splunk gathered data into yet another solution from another vendor.  Sumo Logic takes that next, critical step, of offering a full predictive analytics solution, versus a piece of the solution.

Just a note that in my definition of “Big Data” you need to address all three sides of a big data triangle:

  1. Effectively handle vast quantities of different kinds of data.
  2. Process all that data through insight generating advanced analytics.
  3. Present the resulting analytics to users to improve their effectiveness, ensure the users are part of the analytics lifecycle, and empower them to act on the results.

Sumo Logic addresses all three of the Big Data requirements, not just the first one.

The three-year-old Sumo Logic, backed by $50.5m in venture funding, despite flying under the radar relative to the publicly traded and covered Splunk, has established a solid footprint in the market.  Sumo Logic has landed over 130 paying customers to date, has seen its typical upgrade cycle reduce to several months driven by more uses cases, not merely more data, and has started landing multi-year deals.

Another reason why Sumo Logic may have been low on awareness, to date, is that much of its success has been with the technology supply side versus more general purposes enterprises.  That is, a long list of software, networking, and cloud service providers including SaaS vendors have implemented Sumo Logic to ensure technology products and services are dependable and perform well.  In the case of cloud and SaaS, Sumo Logic is used to help monitor the meeting of Service Level Agreements (SLAs).  Though there is still enormous headroom for Sumo Logic in the tech sector, their adoption horizon will widen with other adopters such as:

  • Government regulators and security types are a natural fit for Sumo Logic’s log capture, LogReduce, and applied analytics applications
  • E-Commerce companies, and E-tailers in general, will tap into Sumo Logic for real time connections between customers buying patterns and demand planning

Wall Street  types who have enjoyed the rise of Splunk, and who may be licking their chops for a publicly traded alternative, may have to wait awhile for Sumo Logic to ripen a little more, for:

  • Sumo Logic remains primarily a direct sales organization.  Though Sumo Logic now works with several regional consultants and systems integrators, Sumo Logic needs to further broaden its channel to build the type of go-to-market scale that Splunk has established.
  • Tech vendors are seldom the best marquee accounts for other technology vendors (a by-product of the “not invented here” syndrome), so Sumo Logic needs to add a few other well-known brand name customers to its reference roster from outside the tech sector.
  • Sumo Logic is a cloud solution, taking advantage of Amazon Web Services as a virtual data center, which means that customers need not add to their own infrastructure costs and headaches, and can ramp onto Sumo Logic quickly.  Some customers, however, are simply not comfortable with a public cloud based approach, so a hybrid or private cloud version of Sumo Logic might lower the barrier of entry for future customers.

For the moment, Sumo Logic has its hands full with advancing its own R&D, adding customers albeit mainly one-by-one to its installed base, and identifying and building targeted analytics solutions rather than merely pieces to a solution.  But when the conversation turns to “who is next?” to go public from the larger number big data oriented start-ups, Sumo Logic has to be on the short list – if they aren’t snapped up before that event by one of many billion dollar-plus technology vendors.


Comments are closed.