Try our new research platform with insights from 80,000+ expert users
Monsur Ahmed - PeerSpot reviewer
Software management at Midland Bank
Real User
Good reporting and logging capability, but the training should be improved and the price lowered
Pros and Cons
  • "The most valuable feature is the log, which can be analyzed by our SIEM solution."
  • "The training for this product is not very good and needs to be improved."

What is our primary use case?

We use this product for network monitoring, to assist with our network security and performance.

What is most valuable?

The most valuable feature is the log, which can be analyzed by our SIEM solution.

The reporting capability is good.

What needs improvement?

The training for this product is not very good and needs to be improved. For example, the instructor came with a specific outline and does not like to go outside of the box.

There should be documentation the describes more use cases and how to implement them.

For how long have I used the solution?

We began working with LogRhythm NetMon less than a year ago. Our second phase of implementation was completed about three months ago.

Buyer's Guide
LogRhythm NetMon
December 2024
Learn what your peers think about LogRhythm NetMon. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the scalability of the solution?

This is a scalable solution. 

How are customer service and support?

We have consulted with the technical support team on a couple of things. I would say that they are ok.

How was the initial setup?

The initial setup for us was complex because we did not have much knowledge about this type of product.  

What's my experience with pricing, setup cost, and licensing?

The price of this solution is too high, so it should be made more practical and more valuable for the customer.

What other advice do I have?

In general, this is a good product. It is easy to configure and use.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Datasec4574 - PeerSpot reviewer
Data Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Good analytics features but it should have better integration with multiple products
Pros and Cons
  • "The analytics feature is the most valuable feature."
  • "I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products."

What is most valuable?

The analytics feature is the most valuable feature. 

What needs improvement?

I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products. 

I would also like to see some more customization with the analytics that LogRhythm offers because there are competitive solutions on the market that get much more analytics, unlike LogRhythm. We have second-hand features when we look at the analytics portion of it. Otherwise, the solution is good but I'm expecting a little more in analytics.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The stability is good. I would rate it a three out of five. 

What do I think about the scalability of the solution?

Scalability depends on the sizing. If you have lower sizing then you will not be able to scale the system. 

The security team of around five people are the main users. They do analytics for an organization of 3,000 plus employees.

How are customer service and technical support?

Their technical support isn't so great. 

Which solution did I use previously and why did I switch?

We were previously using ArcSight. We switched because ArcSight didn't have a roadmap for their company. We didn't get a clear roadmap for their technology innovation guidelines.

How was the initial setup?

The initial setup was a little complex. We have to manage a lot of devices, the dashboard needs to be set up. 

The entire deployment took a little over a month. We required five to six staff members for the deployment. The staff compromises of security and forensic analysts.

What about the implementation team?

We implemented in-house. 

What's my experience with pricing, setup cost, and licensing?

Pricing is okay. There were some competitors that were extremely expensive and there were some which were really inexpensive but LogRhythm stayed in the middle of them.

What other advice do I have?

I would advise someone considering this solution to do the assessments properly before you deploy the solution because it also depends on what kind of products you have to integrate with LogRhythm. Most products do have an integration out-of-the-box. You need to study the product first before you make the decision to go ahead with LogRhythm.

I would rate it a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
LogRhythm NetMon
December 2024
Learn what your peers think about LogRhythm NetMon. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
reviewer812187 - PeerSpot reviewer
Product Technical Manager at a tech company with 1-10 employees
Real User
Provides very good lateral visibility for easy detection of irregular traffic and attacks
Pros and Cons
  • "Visibility is a valuable feature, the ability to see even if the traffic is not going into the firewall"
  • "Could use a topology diagram which would help get an exact visual."

What is our primary use case?


Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view


How has it helped my organization?

We simply enabled the out of the box DPA rules within network monitor to look for Ransomware via SMB traffic and other types of attacks such as DNS hijacking where external DNS is being used instead of internal, and it was happening in our network environment



What is most valuable?


I think visibility is the most valuable feature - the ability to see what's going on with the network traffic even if it is not passing the firewall. It provides the lateral traffic visibility, which most can't see it in firewall and networking switch/routers with limited logs. In an internal environment, we have a customer with several database servers, and they want to know who is connecting to these critical servers, this solution enables that. In terms of attacks or any abnormal traffic, we can quickly detect it. Visibility to network lateral movement is significant.



What needs improvement?


Our customers would always like to see additional features. Ideally, they want one solution to do everything, particularly with networking products. Often customer request features that are related to their day-to-day operation such as traffic congestion and network usage at a specific endpoint. Adding operational flavor into the existing network threat detection product would allow more customers to use a single platform to satisfy all their networking visibility needs. I'd like to see more of these types of visualization or dashboard geared toward this kind of usage is built out of the box and ready to use.


Also, having network topology visuals from a specific endpoint can be a great feature that would help correlate and investigate faster.

For how long have I used the solution?

I've been using this product for four years. 

What do I think about the stability of the solution?

It's an excellent & stable solution, it's based on ELK and is a proprietary solution. It provides you with an ISO file that you can install in minutes.

How are customer service and technical support?


The technical support is excellent. You can find many pre-built rules, visualization dashboards, or the Kibana dashboard within the community portal. 90% of users can just use it right out of the box and use the many built-in deep packet analytics rules and dashboard or download from the community. If you like to build your own rules, it will require some learning on the rule syntax. Any more advanced integration with an external system can request to Logrhythm support. They will be willing to answer any questions you have.



How was the initial setup?

The initial setup is very straightforward and simple. It takes about half a day to get it all done. 

What's my experience with pricing, setup cost, and licensing?


Compared to many other products in the market, I think LogRhythm has the highest cost to performance ratio in terms of its value. Many customers compared us to a lot of other network tools that focused more on traffic flow and data flow, which often lack threat detections, visibility, and Deep packet analytics. However, LogRhythm NetworkNDR provides excellent visibility and threat detections because it identifies 3000 plus applications, built-in Deep packet rules, and provide SOAR capability at the same time.



What other advice do I have?

LogRhythm provides a freemium version of Netmon, so I would first advise anyone to download it and play with it first.  All features are the same as a full version, and it is the best way for anyone to understand the product capability and how it works. If it works well then consider buying the product

I would rate this product a 9 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner - Taiwan
PeerSpot user
Buyer's Guide
Download our free LogRhythm NetMon Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Product Categories
Network Monitoring Software
Buyer's Guide
Download our free LogRhythm NetMon Report and get advice and tips from experienced pros sharing their opinions.