{"id":11163,"date":"2025-02-02T14:09:35","date_gmt":"2025-02-02T22:09:35","guid":{"rendered":"http:\/\/www.sumologic.com\/?post_type=resource&p=11163"},"modified":"2026-03-18T14:15:53","modified_gmt":"2026-03-18T22:15:53","slug":"kobalt-io","status":"publish","type":"resource","link":"https:\/\/www.sumologic.com\/case-studies\/kobalt-io","title":{"rendered":"Kobalt.io"},"content":{"rendered":"\n
<\/div>\n\n\n\n

Results at a glance<\/h3>\n\n\n\n
<\/path><\/svg>Improved alert triaging by consolidating from two SIEMs to one<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Four-month payback with profitability within six months<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Able to onboard customers in minutes instead of days<\/span><\/div><\/div>\n\n\n\n
<\/path><\/svg>Doubled customer growth without having to increase security analyst headcount<\/span><\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

Challenge<\/h3>\n\n\n\n

Kobalt.io needed to modernize its SIEM and consolidate security tools.<\/h5>\n\n\n\n

Beset with two SIEMs, Kobalt.io suffered from common SOC challenges\u2014tool sprawl, alert fatigue, poor scalability, and high maintenance costs. With the renewal of their contracts with Splunk and Sentinel fast approaching, it was time to reevaluate how to improve their operations.

Kobalt.io SOC manager Chris Spindler noted, \u201cWe had to look after the care and feeding of two last-generation SIEMs, with our expenses higher than they should have been for what we were delivering.\u201d<\/p>\n\n\n\n

Spindler\u2019s 14-member team had become so overwhelmed by alert volumes and maintaining two SIEMs that he was considering hiring two additional analysts. \u201cOur systems were draining resources, and we weren\u2019t able to scale well,\u201d adds Spindler.<\/p>\n\n\n\n

<\/div>\n\n\n\n

Solution<\/h3>\n\n\n\n

Seeking higher alert fidelity, cloud-native functionality and transparent pricing, Kobalt.io evaluated half a dozen SIEM solutions, including IBM\u00ae QRadar\u00ae, LogRhythm, AlienVault, and Sumo Logic.<\/p>\n\n\n\n

After a two-week trialing, Kobalt.io unequivocally chose Sumo Logic for the following reasons:<\/p>\n\n\n\n

Ease of use<\/strong>
Sumo Logic\u2019s intuitive design meant that within just a couple of hours of tinkering in the trial version of the Sumo Logic platform, Kobalt.io could onboard sources and process alerts.<\/p>\n\n\n\n

International data residency<\/strong>
Sumo Logic also allows Kobalt.io to serve its international clients subject to data residency requirements, hosting data in their respective regions.<\/p>\n\n\n\n

Extensive integrations<\/strong>
Sumo Logic integrates with hundreds of data sources, including Azure, Google Cloud Platform, AWS, Kubernetes, and Docker, for optimal workflows and ease of customer adoption.<\/p>\n\n\n\n

Multi-tenant SIEM instances<\/strong>
Sumo Logic\u2019s multi-tenant SIEM software enables Kobalt.io customers to configure and customize their accounts. Customer data is tagged per organization, keeping it separate and secure, which persists throughout the data lifecycle and is enforced at every system layer.<\/p>\n\n\n\n

Actionable insights<\/strong>
Sumo Logic\u2019s Cloud SIEM combines event management with automated enrichment and contextual awareness, available via an interactive heads-up display, to help reduce false positives and filter out noise from actual indicators of compromise.<\/p>\n\n\n\n

Transparent pricing<\/strong>
Sumo Logic\u2019s pricing model means Kobalt.io doesn\u2019t have to pick and choose which data sources are analyzed, which gives the SOC team the necessary information when they need it to perform prompt and effective security investigations and launch the appropriate response.<\/p>\n\n\n\n

<\/div>\n\n\n
<\/div>
\n \"Chris<\/figure><\/figure>

Chris Spindler<\/p>

SOC manager<\/p><\/div><\/div>

\u201cPartnering with Sumo Logic was a no-brainer. Having a system of signals, insights and behavioral algorithms ensures our small team is focused on the right things.\n\u201d<\/div><\/div>
\"Chris<\/a><\/div><\/div><\/div><\/div><\/div>\n\n\n
<\/div>\n\n\n\n

Results<\/h3>\n\n\n\n

From 6,000 monthly alerts to 600<\/strong><\/p>\n\n\n\n

Sumo Logic\u2019s Cloud SIEM solution provides cloud-scale correlation based on rules for known threats and subquery-based correlation for emerging new threats. With enhanced alert fidelity from Sumo Logic, the Kobalt.io team can focus on actual potential security threats instead of being bogged down by a flurry of inconsequential user activity alerts.

Spindler explains, \u201cWith Sumo Logic, we start with investigation tools integrated into the primary SIEM console, which means instead of opening up 15 different browser tabs so that you could go to places like WHOIS and VirusTotal and all the rest of it, you could do that in one click right out of the interface.\u201d

Going from 6,000 monthly alerts to 600, Kobalt.io has reduced alert fatigue and ensured analysts are focusing on what matters.

\u201cOur analysts are our most valuable resource. Simple alarms don\u2019t tell you a story, and they don’t give you a focus for the investigation. Sumo Logic ensures we spend our analysts\u2019 time where it matters most,\u201d Spindler explains.<\/p>\n\n\n\n

Better alerting has also allowed Kobalt.io to do more with less. Before implementing Sumo Logic, Kobalt.io would have been forced to hire two more security analysts to handle its overwhelming alert volume. Since deploying Sumo Logic, Spindler has been able to keep his team to a dozen people. He adds, \u201cPartnering with Sumo Logic was a no-brainer. Having a system of signals, insights and behavioral algorithms ensures our small team is focused on the right things.\u201d

Days-long customer onboarding to 15 minutes<\/strong><\/p>\n\n\n\n

Kobalt.io\u2019s main concern was migrating its customers to a new solution. With Sumo Logic, they migrated 25 customers in 20 days without direct access to the environments that they were monitoring. Migration to Sumo Logic was easy enough for Spindler to delegate tier-two analysts to help customers, spreading the workload. Since migrating, Kobalt.io can spin up new customers in just 15 minutes.<\/p>\n\n\n\n

Spindler describes, \u201cSumo Logic is compatible with the predominant products that are out there on the market, so there\u2019s good support for what our customers are running. Migrating customers was easy for us because instead of having one person dedicated to onboarding, we were able to spread the tasks out across the entire team.”<\/p>\n\n\n\n

The ease of deployment and support for hundreds of third-party technologies has allowed Kobalt.io to grow faster than ever. \u201cWe have doubled our customer base since we first deployed Sumo Logic,\u201d Spindler notes.

Profitable within six months<\/strong><\/p>\n\n\n\n

There were hidden costs to Kobalt.io\u2019s original SIEM solutions that exceeded the cost of the tools and licensing. Spindler describes, \u201cSplunk, for example, relies on heavy forwarders, a server or a virtual server instance, and those come with a monthly cost. With Microsoft Sentinel, logic apps and functions and data volume charges need to be paid and accounted for, and you need the infrastructure to manage all of that.\u201d In contrast, Sumo Logic doesn\u2019t come with any of those extra charges.

Sumo Logic\u2019s flexible pricing model also means serious cost savings for Kobalt.io. \u201cThe advantage of Sumo Logic for us is that if a customer comes to us with a small data volume or a single source they want us to monitor, we can do that. We don’t have to say, \u201cNo, I’m sorry, you’ve got to give us half a terabyte a day, otherwise, we can’t offer you a data ingestion rate that you can afford.\u201d<\/p>\n\n\n\n

According to Spindler, Sumo Logic\u2019s pricing model means Kobalt.io can offer a full monitoring service for less than the cost of hiring an entry-level security specialist.<\/p>\n\n\n\n

Within four months, Sumo Logic Cloud SIEM had paid for itself. Once Kobalt.io sunset Splunk and Microsoft Sentinel, the organization was profitable within six months of rolling out Sumo Logic.<\/p>\n","protected":false},"excerpt":{"rendered":"

Kobalt.io needed to modernize its SIEM and consolidate security tools. With Sumo Logic, they doubled customer growth without needing to increase security analyst headcount and became profitable in six months.<\/p>\n","protected":false},"author":4,"featured_media":19338,"template":"","meta":{"_acf_changed":true,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","show_popup":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","place_holder_image_url":"","post_reading_time":"4","notification_enabled":false,"notification_text":"","notification_logo":"","notification_expiration_time":0,"is_enable_transparent_header":false,"selected_taxonomy_terms":{"resource-type":[29],"resource-solution":[46,45],"translation_priority":[]},"selected_primary_terms":{"resource-type":[],"resource-solution":[]},"learn_more_link":[],"featured_page_list":[],"notification_enabled_post_list":[],"_gspb_post_css":"#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg path,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg path{fill:#2184f9!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList [data-id='0'] svg,#gspb_iconsList-id-gsbp-a617356.gspb_iconsList [data-id='0'] svg,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-4a24fcd.gspb_iconsList .gspb_iconsList__item svg,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item img,body #gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item svg{margin:0!important}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-0bb5ad2.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-a617356.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item__text{margin-left:15px}#gspb_iconsList-id-gsbp-1d29c35.gspb_iconsList .gspb_iconsList__item{display:flex;flex-direction:row;align-items:center;position:relative}","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"3185,3180,3170","_relevanssi_noindex_reason":"","inline_featured_image":false},"resource-type":[29],"resource-solution":[45,46],"class_list":["post-11163","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource-type-case-studies","resource-solution-case-study","resource-solution-cloud-siem"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource\/11163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/types\/resource"}],"author":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/users\/4"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media\/19338"}],"wp:attachment":[{"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/media?parent=11163"}],"wp:term":[{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-type?post=11163"},{"taxonomy":"resource-solution","embeddable":true,"href":"https:\/\/www.sumologic.com\/wp-json\/wp\/v2\/resource-solution?post=11163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}