Sumo Logic unveils innovations across AI, automation, and threat intelligence

Sumo Logic announced a number of new security capabilities that help organizations build and operate intelligent security operations to reduce risks, accelerate threat containment, and ensure stronger security postures.

“With the rise of AI-powered attacks, dynamically scaling cloud environments, and growing data complexity, legacy solutions are significantly slowing detection and response,” said Keith Kuchler, Chief Development Officer for Sumo Logic. “The innovations we’re unveiling fuel DevSecOps via the power of logs by centralizing security log management at scale to deliver intelligence through actionable insights that modern SecOps teams need to stay ahead of the evolving threat landscape without suffering from alert fatigue.”

AI-powered threat detection and response shrinks resolution time to near-zero

Sumo Logic transforms security teams from overwhelmed responders into proactive defenders, reducing risks, accelerating threat containment, and ensuring a more resilient security posture. New and updated capabilities bring together telemetry, context, automation, and AI to give teams the upper hand against modern threats by increasing fidelity, reducing friction, and improving security outcomes. These innovations include:

• Multiple threat intelligence feeds – Sumo Logic’s Threat Intelligence now supports multiple threat intelligence feeds, allowing organizations to integrate their own feeds via STIX/TAXII to expand visibility and tailor intelligence to their risk profile. Sumo Logic delivers broader, real-time context to ensure high-fidelity alerts and actionable insights at machine speed.

• UEBA historical baselining – Sumo Logic UEBA rapidly baselines user and entity behaviors in minutes to improve threat detection accuracy. It analyzes historical data to train detection models that dynamically adapt to changes, reducing alert fatigue and improving accuracy. By identifying anomalies based on learned behavior instead of static thresholds, analysts can receive smarter alerts with fewer false positives. This approach enables earlier threat detection, especially for insider threats or compromised credentials, while minimizing the need for manual tuning.

• Detection-as-Code – This new implementation bridges security and DevOps workflows, improving rule accuracy, consistency, and automation by allowing teams to manage detection rules in development environments like GitHub while syncing directly with their live Sumo Logic instance. Applying software development practices to threat detection—testing, refining, and deploying detection logic at scale – brings agility, precision, and automation to rule management and threat coverage.

• AI-driven insight summaries prototype – Sumo Logic’s AI-Driven Insight Summaries automatically generate concise, actionable summaries from large volumes of log and detection data. Powered by generative AI, this feature identifies key patterns, extracts relevant context, and highlights likely root causes, saving analysts hours of investigation time. It enables security teams to quickly understand threats, prioritize actions, and respond decisively—without sifting through mountains of raw data.

Sumo Logic’s cloud-native, AI-driven platform integrates logs-first analytics, Cloud SIEM, and SOAR to quickly ingest, normalize, and analyze terabytes of data while orchestrating automated responses to evolving threats. Customers are already seeing results across threat detection, SOC maturity, and operational efficiency, with forward momentum toward intelligent security operations.

“We rely on Sumo Logic’s scheduled searches to actively monitor for IOCs during incidents. This lets us focus on addressing ongoing incidents while staying on top of any emerging threats. With Sumo Logic, we can effectively manage incidents and be vigilant for potential additional threats,” said Bruno Miguel Cruz Braga, Head of SecOps, TrueLayer

“By filtering out the noise and pinpointing critical insights, Sumo Logic allows us to improve our team’s efficacy. We’re able to zero in on the most pressing threats and reduce alert fatigue,” said Tarek Chalaan, SOC Manager at Security Centric.