LogRhythm SIEM Reviews

Probably the investigation part, being able to investigate any log. We've got so many sources that go in there that, at any given time, we can easily look up the logs on just about any system that we have.

What I'm looking for was actually in a session, here at the LogRhythm User conference, about the PIE phishing analytics. That was real interesting because right now we've got a guy that walks through that process attempting to see if the email came in, who got it, and whether or not it was exploited. That's all manual at this point. 

I think they're limited now with this to Office 365. We've got on-prem Exchange and it would be interesting to act like they're going to evolve that into that, to have that ability to look at that information a lot quicker.

We've had it for about nine years, going on 10 years. 

It's definitely evolved. It's gotten to the point where you can scale it well. We recently got the AI Engine running and realize that we need to spin off the Web Console and the AI Engine to a separate box, and off the platform manager. Then we can easily add a data processor or a data indexer to expand our processing power too.

We had some other vendors at the time, but LogRhythm beat them out. We had RSA, I don't remember what the name of their product was, and LogLogic.

It's just amazing, that you can get the information, especially the AIE information, where it correlates different logs together. It's just incredible. It's something that in the old days, that you had to use grep and go to multiple servers, versus now you just tap in and drill-down and, bam, you've got all the logs that you need. It's just amazing, the process.

It is creating a whole ecosystem, integrating different security components together, whether it is bringing the CloudAI, a UABE solution or smart response case management.

Definitely, the LogRhythm solution is a central piece. It helps us in visualization, it helps us in monitoring of our different log sources, and helps us with auditing compliance.

This is all tying things together, bringing a lot of functionality and benefit to us.

One of the features that we'd definitely like to see is the user inference, entity inference, where one entity would have a unique ID and then with that unique identity you could pull out the information or log associated with that. It helps a lot in the investigation, because currently what happens when we get an alert from LogRhythm it's just the tip of the iceberg. Then we need to do lot of investigation. But having this entity inference kind of tool would help us. We could tie all the logs with that unique entity, and we would be able to collect the information, I think it would be really cool to have something like that.

Also, with automation, like identifying new log sources and the environment, or automation of log sources that have not been reported from last month or a week. You can put up some kind of alerting system there so you can retire or look into it.

It is quite scalable. This whole solution, you can have different components on different servers or platforms. For example, I was in that meeting, and we were talking about collecting 50,000 to 60,000 messages per second, which is really a high number. I was very impressed to see how many records, 12 DPX or five or six AIE servers or similar platform managers. It looks like it's quite scalable and they are quite happy with that.

LogRythm technical support is really excellent, very good in timing and answering questions very quickly. I have not seen such a good time response with any other product we are using. In those terms they are very good.

Though we had some issues initially in terms of technical support, the expertise of technical people, but I am seeing that they have improved a lot now, so a lot of our questions and queries get solved with the technical support.

I was not initially involved in the deployment but I read all of them on the business case at that time: Splunk and ArcSight and one other.

We've got around 2500 logs per second, and primarily a Windows-based environment. We have around 300 Windows-based servers, and we are also collecting a lot of logs from the end-user devices, which are primarily on the Windows base. We also have some Lynux-based servers and also some network component firewall proxies.

Over a period of time, LogRythm has improved a lot and the future, the road map of the product, really looks nice.

The most important criteria when selecting a vendor is the scope you have defined for the business objective you want to solve, whether it will meet that objective or not. Also, for us, feedback from industry peers matters a lot, and the people who are really using a product help us a lot. It needs to suit the budget as well. So financial, commercial and meeting the business objectives.

It is quiet important that a solution be a unified, end-to-end platform
because we have limited resources. It's very difficult if we have to scale and train on all the different platforms or security tools; and once someone leaves the organization it is difficult to hire a new resource. So having something unified under one platform means that scalability. We can have someone and utilize their skills to fulfill our requirements.

I would definitely recommend LogRhythm to someone looking for this kind of solution.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

I have been working with LogRhythm NextGen SIEM from a company perspective for three years. 

All of the deployments that I have been involved in have been very stable, over long periods of time. There's very little in the way of breaking and fixing at all. Most complaints are typically just that the customer comes across extra requirements that need to added on to the base product.

There are some issues with scaling that I'm aware of. Most of the time, the scalability becomes increasingly more complex when increasing the indexing or when processing the loss security complex. It's not easy when we go to a high-volume customer environment where many laptops are involved, for example. In that case, it's perhaps not that easy to scale.

The technical support is good, and they are available at any time. They allocate customer assistants and account managers for taking care of all the application support. Any time that I need a technical fix and the customer is not certified, they will escalate the issue to the customer success manager who will then help solve it.

Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.

The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required. 

My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term.

I would rate LogRhythm NextGen SIEM a nine out of ten.

Key challenge, of course, is how the threat situation changes every day. LogRhythm is on top of that and very helpful. Another challenge, of course, like many other companies, staffing is not where it should be, money is not where it's supposed to be, but we do well.

We service the University of Massachusetts, but we also have other customers, all higher-end. It's up to the customer what they want us to look at and LogRhythm, absolutely, has the tools that we need to find the data threats that the customers are interested in.

We're MSSP and we've only been using LogRhythm this past year and we've actually found several instances where we've benefited our customers with the data that we have found, that we've collected. We were able to find out what was wrong, deep dive into it, and suggest to our customers what they need to do.

I would say the amount of data that it collects and the way it correlates it, extracts it, and makes it easy for an analyst to look at it and deep dive into it. I had another SIEM before LogRhythm and it was nowhere near what LogRhythm does.

The idea to me is collecting all this data and then extrapolating all that data, and it's phenomenal.

From what I saw yesterday here at the conference, they seem to be right on track with making the Web Console much easier, case management much easier.

When you're searching on something, you see something that you think may be a threat, you have to keep threat-hunting, deep diving, and from what I saw yesterday, it looks like it's going to get a lot easier and more helpful.

Unbelievable! Very good.

Very good. I was very impressed, especially yesterday, here at the LogRhythm User Conference, I did the 7.3 session, what's coming out. We've been around, as I said, less than a year and within that time frame - and from what I saw yesterday - it's unbelievable the way LogRhythm is moving forward.

If I look back to my other SIEM solution providers, the one we had before this, it's light years difference. LogRhythm support is very, very helpful, very knowledgeable. There's always somebody there. If they don't know the answer, they're going to go find someone who knows the answer. So it's very good.

We used their Professional Services, I was one of a group of three - and the professional services - that helped roll out. It was pretty straightforward. Of course, it was different because it was all new to us, and using the Professional Services was very helpful.

The driving factor in searching for a security solution would be, in this day and age, the threats that are out there are incredible. I think LogRhythm addresses a lot of the issues that are out there. Again, it's on us to make sure LogRhythm is a solution. It's a tool. If we don't use it properly it's pretty useless at that point. It's on us.

I would say it's very important that a solution be a unified, end-to-end platform, especially in a higher-end environment.

My nine out of 10 rating is based on what they offer, and what I saw yesterday at the conference, what they're coming out with. They seem to be on top of things.

Among the different SIEMs that are out there, the companies, I would definitely recommend LogRhythm.

The speed at which I can get into forensic data is the most useful thing.

It’s very easy to overwhelm the system. I have some of the beefiest data that they provide, and I can still overrun the system.

The native ability to identify the correct time of logs and data also needs work, e.g. if I bring in a system log data stream, LogRhythm's ability to natively say it's a Cisco firewall or a Palo Alto firewall -- sometimes it struggles to identify the device.

I've used it for 18 months.

I love the tech support people. Everyone I have worked with knows their stuff, which is great. I have worked with other SIEM products before and it was hard to find a knowledgeable person. At LogRhythm, everyone I have talked to has been incredibly good.

We were a RSA Envision customer. Our platform was going away, so that’s one of the reasons we switched. We weren’t really impressed with the security analytics platform that they wanted us to move to. We didn’t want to make the investment they wanted. For our industry they were lacking.

I had seen LogRhythm before, and back then a few years ago, they weren’t a player in the market. Since then they have moved to a much better security analytics platform. For what we need, LogRhythm is a perfect fit.

It was very straightforward.

We did it in-house.

We have had the production environment up now for over a year. I foresee a ROI. The thing about a SIEM, is that it allows you to get a visibility quicker. It’s hard to quantify that soft cost. I’d say we are there or about to be there.

I'm not a fan of the big names in the space. I recommend it as a solution for medium to large business.

I’m in contact with them on a very frequent basis. I work with my contact a few times per month. I can’t complain about them at all.

I use the solution for logistics and metrics. We use LogRhythm SIEM for our company and our clients. The solution is deployed on separate machines.

The log correlation is the most valuable feature.

Our clients enjoy having one dashboard to monitor their environments in real time.

The coordination and load bussing has room for improvement. 

There is room for improvement with separate running sources or better integration.

I would like to have a better way to investigate the logs by adding correlations to the dashboard.

I have been using the solution for one and a half years.

The solution is stable.

The solution is scalable.

The technical support is responsive and always resolves our issues.

I previously used IBM Security QRadar and switched to LogRhythm SIEM because it is the best in the market.

The initial setup is straightforward. The deployment takes between nine to twelve hours.

I give the solution an eight out of ten.

The solution is for medium and large organizations.

Mostly, the use cases involve detecting lateral movements, malware infections, and insider threats.

We serve small, medium, and large companies, mostly in the finance sector, here in Sri Lanka.

It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable.

LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful.

I've been working with LogRhythm NextGen SIEM for around five years now.

We have deployed both to the cloud and on-premies, but we've mostly deployed on-premises.

It's very stable, unless something happens on the Windows storage side.

The performance is good, and we don't often get any complaints from our customers.

LogRhythm NextGen SIEM is horizontally and vertically scalable, so scalability is not an issue.

We have six people working with LogRhythm directly in our organization.

The technical support has been very good. They are very supportive, and I'd give them a rating of ten out of ten.

Positive

When compared to other SIEM solutions, LogRhythm is very easy to use, and I like the correlation rule building.

The initial setup is a bit complex because we need to be certified first. Otherwise, we have to get their PS for the deployment process. Even if you're certified, they shadow us. There are some processes for which we need to obtain their advice.

The initial setup and configuration can take around half a day. That is, a single box deployment can take 6 hours.

If I were to rate my deployment experience, I would give it a four out of five.

LogRhythm's licensing is based on MPS. There are some add-on features like advanced UEBA, the cloud component for advanced UEBA, and SIEM.

When you implement, you need to know LogRhythm's architecture because it is quite difficult and different from that of other SIEM solutions. So, you need to know the architecture, how the processes work, and how the logs are processed.

Overall, I would rate LogRhythm at eight on a scale from one to ten.

We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior. 

In our compliance environments (NERC and SOX), we are able to provide evidence of compliance.

The most valuable feature is scheduling the KB update, which reduces administrative effort.

I would like to see support added for Exchange 2016, and Check Point OPSec Lea.

Adding the capability to identify and perform an auto import of new log sources (especially Windows-based systems), based on specified criteria, would be a useful feature. 

Enhancing the creation of report packages would also improve this solution.