Security operations and large-scale conferences have more in common than you'd think: too much noise, too many tools, and insufficient clarity. Both can leave you overwhelmed with information as you sort through one acronym or bold claim after another, only to end up with more questions than answers.
RSA conference is no exception. Booths are packed with AI promises and buzzwords, but there’s little visibility into how anything works. Staff scramble to scan your badge to “beat” their teammates, yet often can’t back up their company’s aggressive claims with real, customer-centric proof.
At Booth #6261, Sumo Logic is doing things differently. Our security experts are here to better understand the problem you’re trying to solve, not just to pitch you on how we think we can help.
This year, we're featuring focused enhancements to help you build and operate an intelligent security operation. See how centralized security log management at scale empowers TDIR with real-time analytics, automation, and cross-cloud visibility. These features were created to improve your day-to-day, by inserting intelligence into every layer of the security workflow while reducing friction and providing elevated insights across detection, investigation, and response.
What’s new:
Multiple integrated threat feeds for more flexible and accurate threat detection
Historical data that’s analyzed in minutes to create baselines for UEBA rules
Streamlined list views that surface relevant data faster
Execute playbooks to run actions in a workflow with Automation Service
Bridge security and DevOps workflow through CI/CD practices in GitHub
A preview of AI-driven Insight Summaries
Let’s make your time at RSAC worth it. At Sumo Logic, our vision is clear: We enable teams to stay ahead of threats without drowning in noise. We know the top security challenges aren’t changing; they’re becoming more complex with AI-powered attacks, a growing number of disjointed tools and alerts, and limited resources that you need to move faster.
Get earlier insight into emerging threats
Threat intelligence
Sumo Logic supports multiple threat feeds, including premium vendors and customer-defined feeds via STIX/TAXII. With each feed offering up to 90% unique data, layering intelligence boosts detection and investigation.
All feeds are normalized to a unified threat schema and integrated directly into the analytics pipeline, delivering enriched alerts and faster triage. Bring your own threat intel feed and get the coverage you need specifically for your industry or organization. Learn more about why having multiple feeds for unique context is vital.
Ready to add a new feed Cloud SIEM? Here’s how.
Baseline behaviors in minutes
UEBA with historical baselining
Traditional behavioral analytics rely on static thresholds and take days to train. Sumo Logic UEBA flips that model, leveraging historical data to baseline user and entity behavior in minutes, resulting in smarter alerts with fewer false positives.
This approach helps you detect threats earlier, especially for insider threats or compromised credentials, while minimizing the need for manual tuning. The result is faster, more confident investigations powered by dynamic behavioral intelligence.
Accelerate investigations
A smarter analyst experience
Sumo Logic is raising the bar for analyst efficiency with updates that reduce noise and accelerate response. Enhanced list views surface key data faster, offer more customization, and boost information density—helping you triage quickly with better context.
Automation Service brings low-code playbooks into Cloud SIEM and across the broader platform, supporting alert enrichment, notification, containment, user choice, and custom actions. You can automate enrichment tasks (like pulling threat intel on indicators), update statuses, and send targeted alerts across multiple platforms. You can even spin up dedicated Slack channels on the fly.
Actions can trigger automatically when an insight is created or closed, so you spend less time switching tools and more time resolving threats. These updates help teams streamline workflows, reduce MTTR, and act with confidence at every step.
Manage detection rules in GitHub
Detection-as-code
Detection-as-code brings modern software development practices into the security realm. Teams can now manage detection rules in GitHub with full version control, peer review, and CI/CD pipelines, all synced directly to their live Sumo Logic instance.
This structured, code-driven approach prevents rule drift, enforces consistency, and enables collaboration across security and DevOps. It’s security engineering at its best: automated, auditable, and aligned with how modern teams work.
If you’re at RSAC and you’re ready to learn more, stop by for Paul Tobia’s detection engineering session.
Turn complexity into clarity in seconds
AI-driven Insight Summaries (Beta)
AI-driven Insight Summaries take the heavy lifting out of investigations. Powered by generative AI, this feature distills large volumes of log and detection data into clear, actionable takeaways—highlighting root causes, attack paths, and next steps in seconds.
This drastically reduces cognitive load, helping analysts prioritize threats and act faster in high-pressure scenarios. When speed and clarity are critical, AI summaries deliver both, turning data overload into fast, focused decision-making.
All together, this range of capabilities and others form the foundation of an intelligent security operation that unifies telemetry, context, automation, and AI, helping teams move with greater precision and operate more efficiently. Intelligent SecOps isn’t just a strategy. It’s how modern security teams connect the dots and protect critical assets faster, fueling business continuity and innovation.
See intelligent security operations in action at booth #6261
If you're attending RSAC and need to defend yourself from conference fatigue, stop by the Sumo Logic booth #6261 in the North Hall at RSAC to get a demo of intelligent SecOps firsthand. Check out our RSAC information page to learn about our speaking sessions or book a meeting to discuss how Intelligent SecOps can transform your detection and response strategy.
Not attending RSAC this year? No problem - you can still book a demo and see what we’re showcasing on the show floor.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.
