Cofense Intelligence ThreatHQ vs LogRhythm SIEM comparison

The compared Cofense and LogRhythm solutions aren't in the same category. Cofense is ranked #64 in Email Security , and holds a 0.1% mindshare in the category. LogRhythm is ranked #6 in SIEM , with an average rating of 7.6, and holds a 3.3% mindshare. Additionally, 89% of LogRhythm users are willing to recommend the solution.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Cofense Intelligence ThreatHQ and LogRhythm SIEM based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Cisco, Fortinet and others in Email Security.

To learn more, read our detailed Email Security Report (Updated: October 2024).

Buyer's Guide

Email Security

October 2024

Download the complete report

Helped 814,763 peers since 2012

Categories and Ranking

Microsoft Defender for Offi...

Mindshare comparison

Email Security

Security Information and Event Management (SIEM)

Featured Reviews

Luis-Brown

IT Director at a energy/utilities company with 11-50 employees

Aug 8, 2023

Allows for easy reporting of problems, valuable anti-phishing, and anti-malware support

Microsoft Defender for Office 365 lacks proactivity in assisting us with preparing for potential threats before they occur. While they employ a substantial amount of threat intelligence to preemptively prevent incidents, their effectiveness diminishes when it comes to delivering proactive threat intelligence alerts from Microsoft. Their focus primarily revolves around managing the internal environment. On the other hand, my other vendor, Check Point, along with my membership in MS-ISAC, supplements me with this type of information. The phishing and spam filters could use some improvement. It is adequate, but it doesn't match the quality of Proofpoint or Mimecast. However, it comes close in effectiveness. Plus, if we're obtaining it for free, investing in the other products seems impractical.

Read full review

MohamedShaker

Sales Team Leader at ITVikings

Apr 27, 2022

Secures the business for customers quickly and accurately

We are integrators. We sell and implement this solution to our customers. We have about 10,000 people using this solution. The solution is deployed on the cloud It secures the business for the customers. For instance, if any phishing emails come into the environment and employees see it, we…

Read full review

Joseph W.

System Administrator at GOLDENWEST FEDERAL CREDIT UNION

Oct 18, 2022

Has pre-built pieces for third party vendors and does not take a long time to implement

One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us. We use the Event Log Filtering feature a lot. We use it for simple troubleshooting tasks like when a user is logged out, to more important tasks like trying to investigate a threat. As far as its effect on productivity, we can go and search instead of trying to troubleshoot and guess what is causing an error. We can identify what the program is or where the hiccup is. LogRhythm helped us to identify a lot of blind spots. Originally, we didn't have a SIEM tool. We had auditors say that this is something that we should be doing. My management team asked me to go and find a product, and I researched a bunch of them and found LogRhythm. It really opened our eyes to see how much traffic we have, whether it's other IP addresses that are scanning us or external users trying to hit certain ports that could then get closed. It helped us tighten down some of those firewall rules that may have been left open unintentionally through other changes. It helped us a lot early on to identify who was trying to communicate with us or, essentially, who was trying to attack us. As far as our overall security posture, our SIEM tool was the initial push that really got us going into identifying where all of our threats were. We expanded over the seven years that we've had it, and I implemented at least eight other products that are all security related because the SIEM tool indicated the need to identify other risks. It really helped us as an organization to identify risks and move forward to a more secure environment.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Microsoft Defender has a feature to protect each and every attachment. Even if it's an encrypted attachment, it will check for any potential threats."

"The email protection is excellent, especially in terms of anti-phishing policies."

"There are several features that I consider valuable."

"It gives us visibility into threats and, for endpoints, it helps us to prioritize threats. We used to have a lack of visibility, but now our time to detect and respond has decreased."

"Defender helps us prioritize threats across our organization."

"Microsoft Defender for Office 365 is a stable solution."

"The technical support is good and quick to resolve issues."

"At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us."

More Microsoft Defender for Office 365 pros

"For instance, if any phishing emails come into the environment and employees see it, we direct the email to Triage. The Triage system will investigate it through AI technology to see if it's a phishing email or not. If it is a phishing email, it will quarantine it and erase it from the environment."

"LogRhythm SIEM offers advanced features such as AI engine modules, machine learning, and threat intelligence integration, which help reduce false positives. Advanced analytics streamlines incident response processes, enabling incident responders to prioritize and automate alerts."

"It allows us to automate a lot of things with a smaller team."

"The log analysis feature is valuable."

"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."

"The artificial intelligence engine."

"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."

"In general, the visibility of events and advanced analysis of events are good."

"Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."

More LogRhythm SIEM pros

Cons

"We need a separate license and we don't know how to get the license that is required."

"The phishing and spam filters could use some improvement."

"The certification training for Defender for 365 needs to be deeper and incorporate Sentinel. I took all the security courses except one, and Sentinel isn't included."

"We noticed that from time to time, Microsoft's stability does have problems. Sometimes the service goes up and down. Sometimes they change without prior notice."

"In some situations, it has not been able to pick impersonated emails having no attachments. Technical support definitely has a scope for improvement."

"Sometimes, phishing emails manage to pass through the filter, so the system needs to enhance its phishing email detection capabilities."

"Configuration requires going to a lot of places rather than just accessing one tab."

"Microsoft sometimes has downtime, and we'll get several incidents coming in back to back. We have a huge backlog of notifications, many of which may be false positives. However, there might be serious alerts, so we can't risk dismissing all of them at once."

More Microsoft Defender for Office 365 cons

"If they continue improving and enhancing this solution, it could be even faster and more accurate."

"I don't think the cloud model in LogRhythm is developed enough."

"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."

"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."

"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."

"LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful."

"The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."

"LogRhythm SIEM can improve its user interface. The current interface is quite complex and can be challenging to navigate. While it offers many valuable features, understanding how to access and utilize them efficiently takes time. Simplifying the client console's user interface would significantly enhance the user experience and make it more user-friendly."

"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."

More LogRhythm SIEM cons

Pricing and Cost Advice

"I was working in the government and it was too expensive for us to use our Microsoft products."

"Microsoft Defender for Office 365 comes with Microsoft Windows. It is free with the operating system."

"The solution saves money so we have seen a return on investment."

"For licensing, it's usually a yearly package for customers who are subscribed to Office 365, but they can also pay on a monthly basis."

"For large enterprise organizations, they can definitely afford it, but for small and medium organizations, they might struggle to cover the expenses."

"The product is very expensive."

"It is much more expensive than using another solution because we have had to include some options and upgrade our license."

"The solution could be better by simplifying the business model of their licensing. It was hard to figure out how to get the licensing done for the environment, initially."

More Microsoft Defender for Office 365 pricing and cost advice

Information not available

"I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."

"It is a very cost-effective solution."

"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."

"I give the price a six out of ten."

"In the context of our country, the price of this solution is too high."

"The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent."

"I would rate the tool's pricing around eight out of ten."

"Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product."

More LogRhythm SIEM pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Email Security solutions are best for your needs.

See recommendations

814,763 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

Manufacturing Company

Government

No data available

Educational Organization

43%

Computer Software Company

Government

Financial Services Firm

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

What do you like most about Microsoft Defender for Office 365?

Threat Explorer is an invaluable tool for me, and it plays a crucial role in helping me discern the origins of variou...

See all answers

What is your experience regarding pricing and costs for Microsoft Defender for Office 365?

The pricing is reasonable since it comes integrated with our Office 365 license.

See all answers

What needs improvement with Microsoft Defender for Office 365?

Sometimes, phishing emails manage to pass through the filter, so the system needs to enhance its phishing email detec...

See all answers

Ask a question

Earn 20 points

What is the difference between log management and SIEM?

Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon you...

See all answers

What do you like most about LogRhythm NextGen SIEM?

LogRhythm does a very good job of helping SOCs manage their workflows.

See all answers

What is your experience regarding pricing and costs for LogRhythm NextGen SIEM?

LogRhythm's pricing and licensing are extremely competitive and it's one of the top three reasons we continue to inve...

See all answers

Comparisons

Proofpoint Email Protection vs Microsoft Defender for Office 365

Compared 13% of the time

Check Point Harmony Email & Collaboration vs Microsoft Defender for Office 365

Compared 7% of the time

Mimecast Email Security vs Microsoft Defender for Office 365

Compared 6% of the time

Cisco Secure Email vs Microsoft Defender for Office 365

Compared 5% of the time

Microsoft Exchange Online Protection (EOP) vs Microsoft Defender for Office 365

Compared 5% of the time

More Microsoft Defender for Office 365 Competitors

No data available

IBM Security QRadar vs LogRhythm SIEM

Compared 14% of the time

Splunk Enterprise Security vs LogRhythm SIEM

Compared 13% of the time

Wazuh vs LogRhythm SIEM

Compared 6% of the time

LogRhythm Axon vs LogRhythm SIEM

Compared 6% of the time

Fortinet FortiSIEM vs LogRhythm SIEM

Compared 5% of the time

More LogRhythm SIEM Competitors

Product Reports

Buyer's Guide

Microsoft Defender for Office 365

October 2024

Microsoft Defender for Office 365 report

Download Microsoft Defender for Office 365 product report

Buyer's Guide

Email Security

October 2024

Download Cofense Intelligence ThreatHQ product report

Buyer's Guide

LogRhythm SIEM

October 2024

Download LogRhythm SIEM product report

Also Known As

MS Defender for Office 365

Cofense Intelligence, PhishMe Intelligence

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM

Learn More

Microsoft

Cofense

LogRhythm

Overview

Microsoft Defender for Office 365 is a comprehensive security solution designed to protect organizations against advanced threats in their email, collaboration, and productivity environments. It combines the power of Microsoft's threat intelligence, machine learning, and behavioral analytics to provide real-time protection against phishing, malware, ransomware, and other malicious attacks.

With Microsoft Defender for Office 365, organizations can safeguard their email communication by detecting and blocking malicious links, attachments, and unsafe email content. It employs advanced anti-phishing capabilities to identify and prevent sophisticated phishing attacks that attempt to steal sensitive information or compromise user credentials.

This solution also offers robust protection against malware and ransomware. It leverages machine learning algorithms to analyze email attachments and URLs in real-time, identifying and blocking malicious content before it reaches users' inboxes. Additionally, it provides advanced threat-hunting capabilities, allowing security teams to proactively investigate and respond to potential threats.

Microsoft Defender for Office 365 goes beyond email protection and extends its security features to other collaboration tools like SharePoint, OneDrive, and Teams. It scans files and documents stored in these platforms, ensuring that they are free from malware and other malicious content. It also provides visibility into user activities, helping organizations detect and mitigate insider threats.

Furthermore, this solution offers rich reporting and analytics capabilities, providing organizations with insights into their security posture and threat landscape. It enables security administrators to monitor and manage security incidents, track trends, and take proactive measures to enhance their overall security posture.

Cofense Intelligence ThreatHQ provides real-world actionable threat intelligence for improved phishing defense and strategic planning. You can now easily track emerging trends in phishing, research active threats, and supplement your highest-priority investigations. Our improved intelligence interface empowers you to move beyond indicators of compromise and pursue an informed strategic defense against today’s phishing attacks.

LogRhythm SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, LogRhythm SIEM is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyberthreats. Ultimately, LogRhythm SIEM is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. LogRhythm SIEM is for organizations that require an on-premises solution and offers:

● Streamlined workflow

● Secure data access

● Real-time visibility

● A unified user experience

● Management customization

Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology addresses threats before they become significant financial risks while simultaneously helping better manage an organization’s assets.

LogRhythm SIEM has many key features and capabilities, including:

● High-Performance Log Management: LogRhythm SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

● Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

● SmartResponse™ Automation: LogRhythm SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

● Automated Machine Analytics: LogRhythm SIEM's AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

● Case and Security Incident Management: LogRhythm SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

● User and entity behavior analytics (UEBA): Embedded deterministic UEBA monitoring helps protect against insider threats.

● Security orchestration, automation, and response (SOAR): LogRhythm SIEM includes our embedded SOAR solution to increase efficiency and higher-quality incident response with low mean time to response (MTTR).

Benefits to Using LogRhythm SIEM

● The platform offers great value to security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

Reviews from Real Users

LogRhythm SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

Jason G., a senior cybersecurity engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

Sample Customers

Microsoft Defender for Office 365 is trusted by companies such as Ithaca College.

Jackson Health System

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill

Find out what your peers are saying about Microsoft, Cisco, Fortinet and others in Email Security. Updated: October 2024.

DOWNLOAD NOW

814,763 professionals have used our research since 2012.

We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.