KELSIEM Blog

KELSIEM versus Sumologic

We were asked recently, "what is the main difference between KELSIEM and Sumologic?".

The main difference is KELSIEM shortens investigation times because you don't need to drill down to access more information.

In Sumologic you have to join multiple datasets together, which is not only difficult but also slow, whereas with KELSIEM we perform correlation automatically at ingestion time, so you don't need to do secondary searches to find out relevant information.

For example, in KELSIEM every network event has a Username and computer name attached to it.  Without KELSIEM, you have to first find the network event, then lookup the last known user login for that IP in another set of logs, then look up the computer name in another set of logs.

If you'd like to know more, shoot me an email at zak@kelsiem.com.

 

Zak Siddiqui

Written by Zak Siddiqui

Zak Siddiqui is the Founder at KELSIEM based in Sydney, Australia. He spends his time helping companies define and achieve their security goals using next-generation technologies. Unsatisfied by existing SIEM products, Zak embarked on a project to come up with something better, faster, and cheaper. As Co-Founder and Chief Software Architect of KELSIEM, he helped build and launch KELSIEM REALTIME SECURITY, a managed cloud SIEM service. Zak enjoys tinkering and exploring new technologies to embrace the future, break existing paradigms, and sharing his journey with others.