Sumo Logic announced new security features at the RSAC 2025 Conference that help build intelligent security operations. These features enable security teams to detect and respond to threats faster.

The new capabilities combine telemetry, context, automation, and AI to give security teams a head start on modern threats. The enhancements increase accuracy, reduce friction, and improve security outcomes.

The platform can process and analyze large amounts of data, enabling security experts to protect the business proactively.

Smart threat intelligence and baselining

A key part of the update is Sumo Logic Threat Intelligence, now generally available. This functionality supports multiple threat intelligence feeds and combines out-of-the-box sources with customer-defined feeds via STIX/TAXII. This increases visibility and enables organizations to tailor intelligence to their risk profile.

With the addition of Intel 471 as a trusted global feed, alongside existing providers such as CrowdStrike, Sumo Logic delivers broader, real-time context for high-value alerts and actionable insights at machine speed.

In addition, Sumo Logic’s UEBA (User and Entity Behavior Analytics) can assess user and entity behavior in minutes to improve threat detection accuracy. It analyzes historical data to train detection models that dynamically adapt to changes.

Detection-as-Code for automated threat detection

A new feature called Detection-as-Code bridges security and DevOps workflows by enabling teams to manage detection rules in GitHub while syncing directly with their live Sumo Logic instance. By applying software development practices to threat detection, rules can be tested, refined, and deployed at scale.

With this approach, users receive smarter alerts with fewer false positives by identifying anomalies based on learned behavior rather than static thresholds. This enables earlier threat detection, especially for insider threats or compromised credentials.

AI-driven insight summaries

As a preview, Sumo Logic is introducing AI-driven insight summaries that automatically generate concise, actionable summaries from large amounts of log and detection data. Powered by generative AI, this feature identifies important patterns, extracts relevant context, and highlights likely root causes.

This saves analysts hours of investigation time and enables security teams to quickly understand threats, prioritize actions, and respond decisively, without having to sift through mountains of raw data.

