LogRhythm SIEM Reviews

Absolutely. It has helped us gain visibility into events that we didn't have before at all. We have a lot of remote locations. We manage national parks and point-of-sale devices on ships, at the top of mountains and little cabins, gas stations in the middle of Death Valley; we have a lot of difficulty around trying to keep an eye on things, and LogRhythm lets us have agents running almost anywhere we want.

It also has provided us ways to do compensating controls for systems that we couldn't otherwise secure, because of different product upgrade paths and costs. LogRhythm helps us on the compensating control side as well.

I think we're right around 1000 to 1500 (peak) logs per second, which is not a lot, but we've tuned it heavily in the last few months. We've added compression and we've turned off verbose logging, and just try to get the important things. We've been working with LogRhythm to tune what we collect, to make it is more useful or applicable. I wouldn't say that we're one of the higher end users or higher logs-per-second users, but we have 15,000 employees in peak season. We have six ships and we manage most of the national parks, so there's a lot of locations around the world. I don't have a number on buildings or assets though, but maybe 4,000 endpoints total, if you include routing and switching servers, desktop PCs.

Up until recently, I would speak with LogRhythm and they would ask me, "What do you want to do?" I'd say, "I don't know. What can you do?" "We can do anything. What do you want to do?" It's hard for us to know what we want. We just know that we want to be secure. We know we need to collect logs, we know we need to do basic things. But recently, LogRhythm came out with a package to help us tune our system for PCI compliance, like industry best practices. We don't know what all those are, so we're working with them to turn on all the bells and whistles that will make us more targeted in our strategy and collecting information, so that we're not just looking for things at random, or it's dealing with a crisis.

When we have a crisis we know what we're not getting, but we don't know how to predict that, we're fairly new into the maturity phases, so I think that they've compiled a lot of that for us, and I'm very happy that we're able to work with them now to get that hammered out.

The PCI compliance pieces that help us produce reports for our external auditor, and their support.

I constantly sing the praises of their support group. It's a complicated, vast product with a lot of breadth and depth. Things go wrong. But when I have a problem their support group will get a hold of me within minutes to hours, at the most. If it takes a group of people to solve the problem they pull a group of people together. They will create remote sessions. I don't have any other vendors with the same level of support that LogRhythm does.

Global management for registry integrity monitoring. Right now you have to apply what they call RIM policies, Registry Integrity Monitoring policies, one agent at a time. If you have thousands of endpoint agents, you have to touch each one of those one at a time. That is a pain in the rear, so I would really like to see some type of group or global management for RIM policies, like they have already for FIM, the File Integrity Monitoring. You can grab hundreds of agents at one time, and apply them across the board. I don't know why you can't do that with the registry piece.

It'll scale forever, and especially in the VM and cloud environment; so the time and money, those are the only two things. But it fit's our needs, where we are.

Like I said, we're not a really high volume user at this time, but that could change. We're owned by Philip Anschutz, he's always incorporating companies that he thinks will make us bigger, better, and more marketable; so that could change overnight.

But right now, where we're at, it meets our needs, I'm happy that it can scale anywhere that we need to go. There's no limitations there, as far as I know, and there are lots of options, with hardware, clusters, distributed environments, cloud-based environments, VM-based environments, combinations of all those things, so there's no problem with scalability.

They're a 10 - out of five stars! I have great success with them, very pleased. Love working with them, they're funny. They're also right here in Colorado, so when we need somebody on site it's not difficult. But it's rare that we can't solve problems with GoToMeeting or WebEx.

We used AlienVault, and before that Splunk, but neither one of them worked, and even their pro-services people couldn't get the products to really perform well in our environment. I understand the LogRhythm sales engineer who came out the first time to demo or do a proof of concept, was doing things in minutes that the other folks were trying to do in weeks, and my boss said, "That's what we want. I want that."

We need stability, ease of use, ease of investigation, so we had looked at a number of products in the past. Again, that was mostly before I came on board, but I understand the challenges with them included having to write a lot of custom parsing, and you either had to have Linux gurus on staff, coding gurus on staff, to make those products sing. LogRhythm has all that built in, and you just need to let them know what you want to turn on. They have all the features and policies and alerts that you could ever hope for, so you just have to know what you want to do.

The only other SIEM tool company that was even close to LogRhythm was QRadar, IBM's SIEM solution, in performance and cost and features. Actually, not cost. I think they're very expensive, and that company makes a lot of people nervous. LogRhythm is, like I said, local, and stable, growing, aggressive, helpful. IBM is a big monolithic company, which I have a lot of respect for and they've come a long way, but they're constantly splitting off and selling pieces, and you never really know where that product's going to be in a few years. LogRhythm hasn't had that problem.

It's effective, it's like a Ferrari. You have to have a lot of mechanics, and you have to fine tune it, and when it's running well it runs very well, but there are a lot of things that can go wrong too. I'm pretty much a one-man shop, and it's difficult for me, but that goes back to having good support and good communication with them. It's a struggle, but the product is strong and we just need to continue growing with it, in our understanding, in our use of it, so we'll get where we want to go. But it's a partnership, so we appreciate that.

I already mentioned some of the most important criteria when selecting a vendor, but the main ones for us were

• local presence: so we have a door to kick down when we need help
• support: LogRhythm has very strong support features
• scalability and cost: LogRhythm had a higher initial cost, but it had almost everything built in that we needed, there were no additional or hidden costs later, so it was much easier for us to plan ahead.

Also, our company likes to spend capital dollars, so the hardware option was more attractive to us. I like the VM and cloud, and I'd like to move in that direction, but having the multitude of options that they have was a big plus for us.

It's very important for us to have a unified end-to-end platform because we have so many different locations and we have such a small team. Having 50 different products and 50 different interfaces doesn't help anyone, even if they're good products. Having one single product that can do a lot of things is very important.

It's a 10 our of 10 for sure. Even 11. I love it.

Don't just look at cost because, as I said, LogRhythm was a little bit higher in the beginning, but look at the features that they have and the support, everything, especially in this field. It's a complicated business, so everybody's going to have problems. Can they fix those problems, and will they work with you to grow? Look at the big picture. Long term.

There are multiple use cases for the solution, such as long log formatting, log consolidation, data isolation, malware detection, identifying suspicious attacks, and locating ISU records across the network.

The GUI is very intuitive and the solution has good integration.

The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement.

The price of the solution has room for improvement.

I have been using the solution for ten years.

The solution is stable.

I give the scalability an eight out of ten.

The technical support is good.

The initial setup is straightforward.

I give the price a six out of ten.

I give the solution an eight out of ten.

The solution can meet the most mature customer's requirements.

LogRhythm NextGen SIEM is great. We use it for log management for security purposes.

The security operation center is excellent, and we can pick logs from any system, not only the IPS or firewall. In addition, it has the capacity to accept logs and provide smart dashboards and analysis.

The most valuable feature is the SOC Security Operations Center feature. This solution has two types of systems, virtualization and the appliance. The appliance is ready and configured, so we use the IP addresses and trigger the endpoint. It's very user-friendly, and whenever anyone deploys a virtualization system, they can experience it.

The customer support system is time-consuming and needs to be improved because it is not very good. For other solutions, you can deliver whenever you have a customer problem. All you need to do is open a ticket, log into the system, and the issue is resolved. However, for LogRhytm, we have to flag the problem and then send the log, and we never know if we will receive a response in one hour or one week.

In addition, LogRhythm NextGen SIEM has one of the best analysis features, but it can still be improved. However, I believe they plan to make improvements since they're only selling the product for two systems currently.

We have been using this solution for three years.

It is a very stable solution.

It is a scalable solution.

I rate the customer support a four out of ten.

Neutral

The setup was very easy. I rate the setup a ten out of ten.

The price is very good, and it is very cheap compared to other solutions. If we compare it to SolarWind, SolarWind is not as advanced as LogRhythm NextGen SIEM.

I rate the price a nine out of ten. We always consider the features and quality before the price, but the cost is still very good. We get about 98% of the features we want.

I rate LogRhythm NextGen SIEM a nine out of ten.

This solution's use case is abnormal administrative lockouts, most of the time.

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

We've been using the solution for two years. 

It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

We have seven people, admins, who are working directly with the solution. 

It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

Neutral

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

The deployment itself took about 90 days. 

I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

We are an integrator and service provider. 

We are not currently using the latest update.

I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

I'd rate the solution five out of ten.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

I have been working with LogRhythm NextGen SIEM from a company perspective for three years. 

All of the deployments that I have been involved in have been very stable, over long periods of time. There's very little in the way of breaking and fixing at all. Most complaints are typically just that the customer comes across extra requirements that need to added on to the base product.

There are some issues with scaling that I'm aware of. Most of the time, the scalability becomes increasingly more complex when increasing the indexing or when processing the loss security complex. It's not easy when we go to a high-volume customer environment where many laptops are involved, for example. In that case, it's perhaps not that easy to scale.

The technical support is good, and they are available at any time. They allocate customer assistants and account managers for taking care of all the application support. Any time that I need a technical fix and the customer is not certified, they will escalate the issue to the customer success manager who will then help solve it.

Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.

The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required. 

My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term.

I would rate LogRhythm NextGen SIEM a nine out of ten.

We use it for log ingestion and monitoring activity in our environment.

It is a simpler system than what we had before. We had IBM QRadar, which used to give us everything, and we had to dig through, figure out, and piece it all together. LogRhythm lights up when an event occurs. As opposed to just giving us everything, it will piece things together for you and let you know that you probably should look at this. It also provides the evidence. 

It is easy to find what you're looking for. It is not like a needle in the haystack like QRadar was. It is not a mystery why something popped or why you're being alerted. It provides you the details or the evidence as to why it alerted or alarmed on something, making qualifying or investigations a little bit quicker and also allowing us to close down on remediation times.

Automations are very valuable. It provides the ability to automate some of our small use cases. 

The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools.

Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. 

They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications.

The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products.

I have been using this solution for three years.

Bugs are there. We've encountered quite a few, but support is pretty quick at picking up and working with us through those and then escalating through their different peers until we get a solution. Now, the bugs are becoming less and less. Initially, they were rolling out features pretty quickly, and maybe some use cases weren't considered. We ran into those bugs because it was a unique use case.

It is easy to scale. We run different appliances. So, for us scaling is not an issue. Each appliance does a different piece of the function, so scalability is not a problem. We started off doing say 10,000 logs per second or MPS event, and then we quickly upgraded. Now, we're sitting at a cool 15,000. There is no need to upgrade hardware or anything. You just update the license. That is it.

We have multiple users in there. We have a security team, operations teams, server team, and network team for operations. We also have our research team, HBC team, and support desk staff. We have security teams from other universities in the States. We're sitting at a cool 50 users.

Their technical support is good. They are pretty quick at working with us. I would give them an eight out of ten. I don't know what they see on their end when a customer calls in and whether they are able to see previous tickets. It always feels like you're starting fresh every time. They could maybe improve on that end.

We had IBM QRadar for what seemed to be almost a decade. So, we just needed something different. There was a loss of knowledge transfer, as you can imagine, over a decade with different people coming in and out of security teams, and the transfer of knowledge was very limited. At the time I got on board, I had to figure out how to use it and how to maintain it and keep it going. We had some difficulties or challenges with IBM in getting a grasp on how we can keep getting support. It was a challenge just figuring out who our account rep was. After I figured that out, it was somewhat smooth sailing, and then we just decided it was time for something different, just a break-off because products change in ten years. You can either stay with it and deal with issues, or you do a break-off and get what's best for the organization.

It was complex simply because we had different products. 

We did have professional services to help us, which made the installation a little bit smoother. Onboarding of logs and having somebody with whom you can bounce ideas and who can go find an answer for you if they didn't have one readily available made the transition from one product to the other pretty straightforward.

We did a five-year agreement. We pay close to a quarter of a million dollars for our solution.

I would definitely advise giving it a look. If you're able to deal with it in your environment and just give it a chance, it'll grow on you. It is not Splunk, but it's getting there. They're gaining visibility with other vendors. The integration with third parties is starting to light up a little bit for them, unlike IBM QRadar that has already created that bond with third parties to bring in their services into the product. LogRhythm is definitely getting there, and it is a quick way to leverage in-house talent. So, if you want to do automation and you have someone who is good at Python scripting or PowerShell, you can easily build something in-house to automate some of those use cases that you may want to do. 

I would rate LogRhythm NextGen SIEM an eight out of ten. 

We utilize the LogRhythm solution to monitor most of our servers and our users to make sure that nothing anomalous is happening. What I really love about the LogRhythm platform is the fact that when something anomalous happens, I can see it almost immediately through the ability to collect a massive amount of logs in a very small footprint as far as hardware goes.

We do utilize everything. I think one of the most recent things that I've really enjoyed about LogRhythm is the ability to utilize smart responses published by LogRhythm. For example, one of our use cases is that when we have a termed users group, that when someone is placed in there, we want to monitor to see if their account is ever activated again. So we have a smart response set up that when a termed user is enabled, the smart response immediately activates and says bam, that user is getting disabled again. We don't want anyone to have access to that at all.

We've seen mean time to detect and to respond go down pretty significantly. We actually recently implemented the CloudAI solution, which allowed us to look into our users' anomalous behavior. Recently, we actually had some user who's a remote user, he traveled to somewhere else in the US, and CloudAI flagged it and was like, hey, this user is authenticating from somewhere new. This isn't somewhere we've seen before. I jumped right in, and I'm saying, "Hey, what's this user doing?" We emailed their manager who emailed them, and they said, "Oh, no, I'm just on vacation in California. It's okay." We had CloudAI learn about it, and now, it's really easy to see when a user does something anomalous.

CloudAI has been something in our environment that I have enjoyed immensely. It takes really a lot of the guesswork out of what our users are doing. Right when we implemented it, our CEO was actually out of the state, and we were having a hard time getting a lot of his user data because he was out of the state on vacation. When he came back, immediately CloudAI flagged him in the 80s with a threat score being from 0 to 100. Immediately, I was like, oh crap, our CEO's account has been compromised. But no, CloudAI was still learning our environment. It took it about a month or two to learn what was happening in our environment, what was going on, and then all of our threat scores, they kind of hover around the 20s now.

When something does something anomalous, when they work out-of-state, even when they authenticate to a different Microsoft server, it lets us know immediately what's going on, and it lets us know, and it lets us understand what our users are doing. CloudAI has definitely enhanced our security operations. It helps me understand what the users are doing almost instantaneously. It helps me understand what these users are doing in a daily report, and it helps me really feel why our users are doing certain things, why they're authenticating to certain servers. It helps me understand what their job would really want them to access or what their job has them access.

When they do something different from that, I really want to know why they're doing that. CloudAI helps me know what our users are doing. Rather than what hosts are doing or what servers are doing, it helps me know what the users are doing with their accounts. I think somewhere CloudAI would have room for improvement is maybe correlating hosts with IPs because often, I'll have a user, it'll come up with an anomaly score saying it's been authenticating from different hosts, but really what it is is it'll have the user's computer, then the user's IP that they're coming from, and sometimes their hostname with our domain name afterwards. Sometimes, CloudAI will usually be alerting us on some things that are really just the user's computer IP coming up multiple times.

LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to us, I can remediate that almost immediately, and then feel secure again knowing that that data is coming to LogRhythm, and LogRhythm is correctly dealing with it. I can know that our security is in place.

We haven't used any of the LogRhythm built-in playbooks yet. Stability has been really good. The LogRhythm platform in our environment actually sat for three years with no one really using it. I came in about six months ago. I was able to pull it from generating about a thousand alarms a day that were just heartbeat errors, or critical components going down, to it actually only generating about 100 alarms a day, some of those being diagnostic alarms, but most of them being very helpful alarms that rarely ever point to having a component being down. With some short maintenance daily, LogRhythm has been a very stable platform.

I think condensing and consolidating what a user accesses over and over again and just having CloudAI understand that that's all of the user's, and you can consider it as one thing rather than multiple things, and alarming on it, and alerting me on it, having me have a mini heart attack every time it tells me that this user is authenticating from a new place.

Scalability with the LogRhythm platform has been immensely easy. We went from about five system monitors to over 200 in a week. We implemented that through our system management thing, but rolling out 200 system monitors in a week was incredibly easy through the client console, which LogRhythm has documented immensely well.

Tech support with LogRhythm has been great. I've only ever had one bad case out of about the 15 or 20 tickets I've put in. They usually immediately get back to me, and even if it's something outside of their scope, there always willing to help refer me to the person that I need to talk to, and my issue is always resolved within the week. LogRhythm's support for log sources is great. We have about 3,000 log sources right now that we're taking in. Most of that is coming into our main data collector, but anytime we've had any new log sources that we need to onboard, it's been pretty seamless, and we haven't seen any performance hit on our main box.

With our LogRhythm solution, we're processing anywhere from 800 to 1,500 messages per second. With the LogRhythm platform, we're processing anywhere from 800 to 1,500 messages per second, and we don't see a performance hit at all.

We've had CloudAI implemented into our deployment for about three months so far, and out of that three months, we've only had one day of downtime. That was with a scheduled transfer from how they were hosting it before to where they're hosting it now. Stability and uptime has been 99% plus. It's been something that I can count on every day to come in and see this report and rely on it. We really haven't had the chance to scale CloudAI. We're a growing organization, but we're not ballooning, and we're not adding on new users. CloudAI is a great option to sync with AD to pull all your users and, and you can just set up the identities and run with it on day one. The reason why we went with CloudAI and decided that it was something we needed in our environment was because we had the log data for a lot of our servers, a lot of our hosts.

We had the authentication data from our domain controller on the users, but we really wanted to understand what the users were doing and why they were doing it. So we looked into other artificial intelligence programs that would do some of the similar things, but we realized that CloudAI would do what we wanted but then feed the data right back into the LogRhythm platform. With that, we were able to see what the users were doing along with what our servers were doing, what the hosts were doing, and we would have all that data correlated, and we could understand it in one big picture right in the web console.

The implementation of CloudAI was incredibly easy. We just ran a script, added a certificate, and all of the sudden, we were sending the data to them, and we had a report the next day. When we choose a vendor to work with, the number-one thing that we want to understand is that they understand the product. We aren't just going to go to a vendor and say, "Here's our money, please go learn about this product and then implement it in our environment," because I'll just implement it, I'll just learn about it myself and do it. But if I go to a vendor and learn that they know about this product, they've implemented something before, I'm going to go with them nine times out of 10 because they will do something that I can't do myself because I don't understand what's going on.

If I had to rate LogRhythm and CloudAI out of 10, I think I'd give it an eight. There's still room for LogRhythm to improve, and they've laid out a pretty great roadmap for what they want to do in the future. I think if they continued to innovate and continue to implement the things that they've talked about, that they'll continue to grow in my eyes. There is some room for improvement, but overall, if you want a very solid platform with stability and scalability, LogRhythm is definitely the way to go.

The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.

I think the biggest way that it's improved us from an organizational standpoint is giving us a single view into all of our log sources and all of our infrastructure devices. Whereas before we didn't ever have that. It was always a hodgepodge of stuff put together, so I think it's the best thing is that it brings everything together so that we can all one view of it.

The playbooks are definitely something I see a lot of value and so look forward to when we do get upgraded to be able to using those playbooks. I think that's a way of automating and making sure that we're standardized in the way that me and my team or are utilizing the LogRhythm. I think playbooks are very valuable.

We really aren't tracking our mean time to respond or mean time to detect as of now, that's kind of something that I want to get better at, to kind of formalize that process. So as of now, it's hard to say how much it has, but I know just from an anecdotal standpoint, I can guarantee that we're doing a lot better in responding now than we did before, before we had the SIEM in place.

I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment.

As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so.

I would say the thing that I'd like to see the LogRhythm do a better job of is staying ahead of the curve as it relates to like things like cloud. It seems like from that standpoint that maybe the cloud stuff was a little bit of an afterthought or wasn't done kind of as people started to move to cloud quicker. It's one of those things of where we kind of are doing it now, but it seems like some of the cloud connections are still buying, kind of being created as we go. So I think that's one area I think they could improve in.

Stability has been great. We have not had any unplanned outages, all the upgrades that we have done have gone as expected. So from that standpoint, stability's been great.

Scalability's been great as well. We've got a very disparate environment and the original servers that we have are from three years ago, are still in place. We haven't had any performance issues at all, so it scales to our solution, understanding that as we bring on additional devices, we know that it will scale up to be even bigger than where we're at right now.

Tech support's been great. Every time we work with them on any upgrades or any questions about any of the anything we want to add a new log source or whatever, they've been excellent on that and they're always right on top of it and always get us to where we need to go.

I was involved, actually one of the first. It was one of the first products involved when I started with the company. We didn't have a SIEM, didn't have any really from a monitoring standpoint, didn't have anything. So LogRhythm was really the first major product that we bought and the installation was awesome. I mean it went as expected, moved it along quickly, and it provided value as soon as we were done with the installation. So the install was amazing.

We're about 20 different log source types. I mean all total log sources, we're probably in the 400-500 range, so I mean it has a log source, there are log source types for everything that we have right now. One of the challenges we have had is adding all of our cloud infrastructure in there as well. So I know that's something that logarithm was working on.

We're doing about 2000 messages per second.

When we looked at putting a SIEM in place, we kind of realized that we wanted somebody that was a neutral vendor, where they're not tied to specific vendors that, you know, we wanted to make sure that with the SIM we were buying would monitor all the devices that we had in place. So finding somebody that's kind of an independent, not tied to specific hardware manufacturers, really important to us to make sure that, you know, the SIEM could monitor everything that we had in place.

So I think from a security program, maturity level, logarithm really got us started in that direction. As I mentioned, you know, it was one of the first products we bought and when we first started I really started the information security program myself. So it was kind of the first product we bought that we built everything around. So it really is the kind of the central repository for everything we're doing from an information security program standpoint.

I would say LogRhythm, on a scale of 1 to 10, it'd be a nine. I think it's a really solid solution. I think one of the things that they could probably improve on, as I mentioned, was being kind of a little more proactive when it comes to things like cloud and things like that, so I think that they are getting better, but I'd say a nine right now.