LogRhythm SIEM Reviews

I am a new user who just made the decision to purchase Intuit.

We are in the process of deployment. At this point, we're in the middle of rolling it out to servers and just collecting logs, so as far as the actual deployment of rule sets, and anything like that, we haven't gotten that far yet.

Our environment is Windows and Linux. We have about 1200 users. We have about 500 servers and about 1200 machines that we can be collecting from, as far as endpoints. 

The initial configuration was easy. 

We worked with professional services, and they remoted in and got us the setup and explained the setup. 

We looked at eight or nine other vendors. 

We quickly eliminated four or five of them. We ended up with a final four, which was LogRhythm, Splunk, McAfee's solution, and AlienVault. From there, for various reasons, we narrowed it down to LogRhythm and Splunk. AlienVault, we felt was a nice solution as far as being able to plug it in, get it up and running quickly, but we felt we'd outgrow it. Splunk was on the other end of the spectrum. We felt that it was very powerful, probably more powerful than any of the other solutions, but we didn't have the manpower to configure it out-of-the-box. 

From our own analysis and a lot of other customers we talked with, they confirmed the configurations on Splunk is just too top-heavy, so we felt that LogRhythm was the happy medium. A lot of customers recommended it, because of the built-in rules, and the out-of-the-box configuration is much better than Splunk, and given our team size and our internal resources, we made the decision to go with LogRhythm.

Our key challenges in security include

• standardizing our policies
• having the end user population be aware on the security side of things.

And the solution, LogRhythm, is helping us today to enforce it. We see now what it is that we're trying to propagate into the environment, based on the policies that we're monitoring today. The goal is to 100% enforce our policies.

It has improved things tremendously. Going from a third-party vendor to an in-house solution, such as the LogRhythm solution, has given us visibility into the entire organization, compared to the limitations, based on budget and whatnot, from a third-party vendor. Absolutely, we have a lot more visibility now.

I can tell you that having the ability to monitor the semi-subsidiaries that are a part of our organization, is huge in that sense.

We have 10,000 EPS, as it is. And we have between about 500 and 1500 incidents daily.

One of the most valuable features is the investigation tab. It allows us to dig in deeper into the alerts that we receive today, based on the policies, that get triggered by our end-user population.

I think a must-have feature would be better reporting. Today, as you can imagine, the organization would like to see what is happening in our environment, and the reporting feature within LogRhythm, I would say, is very limited.

The reports do not provide information such as, who are your top ten end users generating the most activity within the environment, or appliances, per se, so that's very limited.

So far, from my end, I haven't experienced any challenges. We are able to integrate all of the solutions that we have out there: our antiviruses, our data-loss prevention tools, and even our web browsing filtering.

At this point, I really don't have any challenges. Maybe the architectural team has different ones for integrations, but no issues on my end.

I have not used technical support, as I do not troubleshoot the application itself. We are technically just administrators of it, monitoring.

Because the organization wanted to have an in-house solution, when we looked at what was out there, we thought that LogRhythm, based on the user interface that was somewhat easier to follow compared to the competition, was a must for our security analysts.

And the additional features within the investigation side of it, to dig deeper into what's going on out there. Those were two big selling factors for us.

• Curator
• Splunk
• Dell SecureWorks

We chose LogRhythm because, as I said before, the user interface was really a plus for us. It was easier to understand, compared to the competition. And the ability to dig in deeper in the investigation tab, those were the two major selling points.

The most important criterion, when selecting a vendor, is how easy it is to adapt to the solutions we have in house. Every organization, I understand, is different, but based on what we required, for the most part I'd say about 85% of our needs were met with LogRhythm, compared to all other competitors.

It's very important for our solution to be a unified, end-to-end platform because the organization might adapt new technologies. Our security architect needs to have the ability to integrate them. If it's a challenge then, definitely, that's going to be a downside for us.

If a colleague at another company was doing a SIEM solution comparison with this and similar solutions, I would say to give LogRhythm a shot and, if the possibilities are there, to implement a PoC to understand how the solution can help them.

The Web UI is perhaps the most valuable feature in the solution.

LogRhythm allows our IT/IS teams to quickly identify issues across the enterprise. Searches can be performed using any known value, IP address, hostname, username, event. The results are then used to "open a case". The case is assigned to an analyst, who can add additional info during the research and remediation efforts.

Report-building is in Crystal Reports and has a limitation. A non-editable template must be created, then the report is created against the template. OFI is this. The template needs a preview option, as well as an edit option.

8 months

None that were not easily overcome.

None

No, we right sized the deployment and also deployed as a high-availability environment.

I have been very pleased with customer service. I have only had to contact my CS a couple of times, and he has done a great job of followup to insure my company's needs were met in a timely fashion.

Great support team. Average call pickup time has been less than 1/2 hour. I have had a couple of "scheduled" appointments get delayed when the agent's previous call ran over.

We previously used Juniper STRM, rebranded QRadar. We faced 1. Log processing could not keep up with collection, so events were being dropped. 2. Support was poor. 3. When a ($45 at Bestbuy) disk drive went out, we were sent an entirely new system. 4. When faced with upgrading to support our log collection demands, the estimated cost was several times greater than the LR deployment.

Depending on the size and complexity of the deployment, i recommend paying for the Professional Services team to assist. All work was done in a remote session.

I also recommend not attending the training sessions until a few weeks of bake-in have occurred. Too many topics were covered to fully absorb all the information that was disseminated.

Our internal security team performed the majority of the installation, again working with the PS group at LogRhythm.

We immediately saw benefit on our first investigation.

Depending on the size, number of logs, I recommend deploying VM (or physical) collectors, and have the logs forwarded to the appliance. We are collecting logs from 2500+ systems, and did not want to impact the appliance with collection, but rather, analyzing logs. This solution has worked very well so far.

We reviewed several solutions including Alien Vault (not large enough for our needs), Splunk (would need a full time programmer to write queries), QRADAR (since we already had a previous version. We did a month long POC on Correlog, attempted to POC EIQ Networks.

We are very pleased with the LR solution and are looking forward to the upcoming update.

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

We started with LogRhythm about three years ago.

LogRhythm is stable. 

Scalability is a matter of cost. LogRhythm has the technical capacity to scale if you pay for the components and licenses. 

LogRhythm's support is good.

Setting up LogRhythm is straightforward. It is not complicated.

We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context. 

We use it to alarm our help desk. 

We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

It allows us to automate a lot of things with a smaller team.

• AI
• SMART Response
• Looking forward to using the playbooks

• Move it to Linux. I would like to see it get off the SQL Server.
• I would like it to be containerized. 

Our appliance is a little older, so we need to upgrade it. We are going to probably move to the software-only version. However, the issues that we have are our own fault because we didn't buy the right-size appliance.

We are not that big of a company. We are only at about 800 events per second.

We have had a couple of custom logs built, but we don't call in that much.

The initial setup is easy with the physical appliance.

We have two people who are setting it up and doing the admin side.

Make sure you size the appliance correctly.

We use Ansible and Terraform for infrastructure, so the same concept as the playbooks. We are looking to use the playbooks going forward.

We have about 1500 log sources. We do about a 25 million logs a day. Obviously, they're not all events.

• The user interface (UI)
• Ease of use, especially if you are starting off
• The AI

Key challenges and goals: Anytime you are building a program from the ground up, there is a lot of legwork to be done to get things tuned to the point where they are usable.

Effectiveness of solution in meeting security challenges and goals: It is very effective. It is a single pane of glass for all of the logs, that not just myself, but anybody who is looking for information about how the network is behaving can use. So, not just primarily a security tool, it is a tool for everybody if it is set up that way.

We run across the odd vendor which we are using that we think are large players in their environment, but there is not necessarily a native support for their log ingestion per se, where it requires customization in order to be able to parse and accept their logs. I would also like to see them expand on some of the ability to interact with other technologies in real time via the programming platforms.

It pre-existed before I got there. Once it was deployed, I have been responsible for most of the log ingestion and the tuning efforts.

It seems scalable so far. I have not had to add more devices to our deployment yet, but it has yet to be discovered.

We have used LogRhythm tech support and they are excellent. They have been very helpful.

This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.

It pre-existed before I got there.

I am very happy with the solution right now. I would absolutely recommend it and have.

Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them.

The most important criteria when selecting a vendor: It is very important for it to be unified.

It's allowed us to have more visibility into our network as well as be able to respond more quickly to incidents seen on the network.

• Being able to gather logs in one place
• Being able to process them and generate alarms

I work in a highly regulated industry. I know the product has compliance mechanisms, but being able to get more governance surrounding some of the compliance. Merging things that we have to be on top of would be helpful.

LogRhythm has been able to show that their products are very scalable. Usually, when you buy things that are out of boxes, you get them, they're old. But the new enhancements and things that LogRhythm continues to integrate allow you to scale up with them as they grow. They scale with you also.

I've used tech support. They're very helpful, very knowledgeable people who genuinely care about you and want to see not just their product but you, as a company, be successful.

This is our first iteration of SIEM at my organization. At the time, my superior had used Splunk previously, and that was what he was a fan of. But LogRhythm is one of the emerging leaders, price point was very important, and also to be with a company that's on the cutting edge of technology.

I think that anytime you're integrating SIEM monitoring tools into an environment, it is complex, but the LogRhythm Professional Services help make things easier, and I've worked with them every step of the way.

It's very important to our organization that the solution be a unified end-to-end solution.

I don't think any company is perfect, but I know that they're striving, and that's why I give them such a high score.

I understand that whatever you're buying with LogRhythm, it is not going to be static. It's a very dynamic company and a lot of new technologies emerge, so ensuring that you get the proper level of training upfront, as well as continued training for your staff, is important for being able to wrap your hands around what LogRhythm is actually doing and where they're going.

You start to talk about some things like blockchain and quantum, I'm sure that LogRhythm is already researching some of those new computer technologies. I didn't know what to expect back in 2015 when we bought the product, but it's showing to be agile, scalable, and the people are very knowledgeable.