Try our new research platform with insights from 80,000+ expert users
it_user756360 - PeerSpot reviewer
Director Information Security at Vail Resorts
Vendor
An easy, centralized view of our environment

What is most valuable?

Being able to centralize and have one view of all the threat events coming out of all my multiple security sensors.

It has been the easiest SIEM platform that I have worked with or seen in production.

How has it helped my organization?

It is an easy, centralized view of our environment.

Our key challenges and goals are maturing our security operations and security event management process.

What needs improvement?

  • Better correlation of all events: We seem to get a lot of misinterpreted data coming from multiple sources. It would be nice to have an easier way to interpret the data and correlate it.
  • The challenge of maintaining it: Maintaining compatibility with all of our log sources is still a challenge for us.

We have implemented it as a necessary feature, but we need to be able to mature that.

What was my experience with deployment of the solution?

I was just involved in the decision-making process. However, I know that the deployment was straightforward.

Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It seems to be highly scalable and easy to scale.

How are customer service and support?

I have not used LogRhythm technical support.

How was the initial setup?

I was just involved in the decision-making process. However, I know that the setup was straightforward.

What other advice do I have?

It is extremely important for our solution to be a unified internal platform.

I would recommend looking into it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user756381 - PeerSpot reviewer
Manager Of Cyber Security at a healthcare company
Vendor
It gives us advanced knowledge of malware presence and persistent threats
Pros and Cons
  • "As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
  • "In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."

How has it helped my organization?

It has benefited the IT team's security functionality.

Our key challenge is HIPAA compliance. Then obviously, protection against malware, and particularly ransomware, is one vital threat to our organization.

What is most valuable?

As a healthcare company, what we use it for is compliance, then to protect our data from exaltation.

What needs improvement?

  • The greater AI
  • API support

Increased total costs of ownership (TCO): We have had to staff up our SOC. This has required analysts, which has required salary and staffing requirements.

In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution.

In addition, I'd like to see more automation coming in. Whilst they have SmartResponse, it does not yet configure with OpenAPI support. That is something that I feel they need to look at in their next edition.

What do I think about the scalability of the solution?

The scalability is very good. One of the reasons that we bought LogRhythm was because of its scalability. We intend to scale up as we increase our company size.

How are customer service and technical support?

It is mostly good. We are not always able to reach the right person. We have had a couple of problems that were escalated all the way to Level 3, but they have always been solved.

Which solution did I use previously and why did I switch?

We did not have a previous solution.

As a healthcare organization, we obviously have to have HIPAA compliance. This was the main driver for purchasing the solution.

How was the initial setup?

I was involved in the setup. It was mostly straightforward.

What's my experience with pricing, setup cost, and licensing?

Look at your staffing. Do you have highly technical people on your staff? If you do, then you obviously want to buy the product and look at your scalability options. If you don't have your staff, absolutely look into the co-pilot and factor that into your cost evaluation.

Which other solutions did I evaluate?

The SIEM tool list we considered from included Splunk and SolarWinds.

For LogRhythm against Splunk, it was their pricing model. For SolarWinds, LogRhythm's reputation and scalability.

What other advice do I have?

It is highly important for our solution to be a unified end-to-end platform.

Most important criteria when selecting a vendor:

  • Scalability
  • The ability to have support.

LogRhythm has their co-pilot, which is absolutely essential, and whilst we do not use co-pilot in our organization, knowing it is there is certainly absolutely valuable.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
it_user756390 - PeerSpot reviewer
IT Infrastructure Manager at Jeunesse Global
Vendor
We have to protect our eCommerce site and it's helping us do that. It needs ​better knowledge transfer during implementation.

What is most valuable?

Well our eCommerce site is very important to our business. So not only NetMon, but also just knowing the traffic that's coming in and out of there, and whether it's coming from bad sources. We have to protect our eCommerce site and it is helping us do that.

How has it helped my organization?

  • We have been impressed with the data that we're getting back. 
  • We have been impressed with the look and feel, ease of use, and things of that nature.

As a security organization, we are constantly attacked, either from disgruntled ex-distributors, as we're a distributor-based company, or just people that don't like distributor-based companies at all. Therefore, we are constantly attacked, and we are pretty confident LogRhythm will put us in a good way that we can deal with this. 

We have got a lot to learn. However, doing the research that we did, it looks like LogRhythm is going to be a great solution for us that we'll be able to monitor external and internal traffic with our SIEM, again with Netmon, and log the sources that we need. 

What needs improvement?

Better knowledge transfer during implementation.

We definitely thought it was complex when we initially set it up, but that is usually just a single pain problem. It could definitely be more straightforward.

For how long have I used the solution?

We are a new customer.

Events per Day

We are around 3000 logs per second. We have datacenters in Amsterdam, one in Florida, and some in Salt Lake City. It's a global company, so we get traffic from all over the place.

What do I think about the scalability of the solution?

I don't know that I have much to answer on this yet. We have only purchased a single appliance and the NetMon appliance. I think it will be interesting to see if we need to scale, depending on if we ramp up, how many logs we're actually processing. 

Which solution did I use previously and why did I switch?

We have come from a separate SIEM, SolarWinds, and just purchased LogRhythm within the past couple of months. 

They switched because they flat out didn't like SolarWinds and their interface or anything like that.

We've had, in the past in our company, ransom attacks. Prior to me being, there there was one that they paid out, and obviously, that is a painful way to go about doing business. We want to secure our data. We want to make sure that does not happen again.

How was the initial setup?

We have implemented the core implementation, but we haven't done any of the onboarding or anything like that yet, but I was there. 

We were overwhelmed at first, and now we're starting to figure out what the capabilities are.

Which other solutions did I evaluate?

7pace and Nagios.

We chose LogRhythm due to its better interface. We had demos and felt like LogRhythm was the better solution for us. 

What other advice do I have?

Do your due diligence. For the most part, you're dealing with the same data depending on who your SIEM is. It is still the same data that's being returned or that you can pull. Definitely do your research because your SIEM itself may not get you what you need out of that data. 

A unified end-to-end platform is very important to us. We don't want to go to 12 different user portals. We want to know in a quick way what we're dealing with. We want to be able to see the data without having to jump all over the place to get it. 

Most important criteria when selecting a vendor: 

  1. We are buying a product that is going to succeed for us.
  2. We want to know that we are going to have good support and help when we need it as we won't know anything or everything for a long time. But we have experts that we can lean on, that's a definite benefit.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user341232 - PeerSpot reviewer
IT Security Specialist at a manufacturing company with 1,001-5,000 employees
Vendor
Security management is what it's best at, but it's generally for medium-sized companies.

Valuable Features:

The advanced intelligence engine -- in fact, the whole suit -- is very powerful. It depends how you use it. Security management is what it's best at. As far I’m concerned, it’s one of the best.

Room for Improvement:

This product is in general for medium-sized companies. For bigger companies with millions of logs coming in, it just cannot support them. The solution is not robust. It depends on the size of the companies and the size of the firewalls you have which will determine if it will work for you. Thus product is really good and easy to use for medium sized companies.

Use of Solution:

I've used it for three years.

Deployment Issues:

Initially we had a lot of issues. Today it has improved dramatically, and it has no issues in deployment.

Stability Issues:

It is very stable, but we have to work with it and identify which logs we need. If we don’t, it doesn't handle the traffic well. 

Every tool is different, and you just have to work with it.

Customer Service:

It’s one of the best customer services you could find. Everyone is very knowledgeable and helpful. You aren’t waiting around for tickets to be resolved. If they can’t resolve it, they escalate and resolve quickly.

ROI:

Absolutely we have made a ROI. It resolves a lot of issues. It helps a lot of our infrastructure and everyone is benefiting. It’s absolutely worth the money spent.

Cost and Licensing Advice:

They are very transparent about the licensing. They are upfront. They tell you what can handle what. They are honest people.

Other Advice:

I have been invited to user group meetings and we have had good conversations. They have been very helpful and they understand my needs. They listen to our input and really take it seriously. They really work with us on different issues. 

Everything is fantastic.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security7ef8 - PeerSpot reviewer
Security Admin with 1,001-5,000 employees
Video Review
Real User
I would say we have seen a decrease in mean time to detect and respond over our previous SIEM

What is our primary use case?

My primary use case is threat detection.

How has it helped my organization?

LogRhythm SIEM has improved our organization by allowing us to bring in very widely diverse log sources, correlate them, and very easily create rules around alerting. We also use the case management features of the product to easily integrate both products into a single pane of glass for our analysts so they don't have to use two different products for alarming, as well as case management.

I would say we have seen a decrease in mean time to detect and respond over our previous SIEM. Basically, I think it can be attributed to the integrated case management. We are able to create cases, get eyes on those cases much more quickly than we were before.

What is most valuable?

The most valuable features are probably the AI Engine is very valuable, as well as Netmon.

We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks.

What needs improvement?

Definitely expansion on log parsing. There are some obscure log sources that we don't currently have parses for. We needed a new solution when our previous solution, the licensing expired on it. Hardware was out of life, as well as it wasn't scaling very well. Didn't provide a lot of the features that we needed.

What do I think about the stability of the solution?

Stability has been pretty good. We've had some road blocks, or some, I'm sorry, some road bumps, in terms of A&E stability, as well as with some log parsing with some of our larger log sources.

What do I think about the scalability of the solution?

Scalability seems great. We actually did an expansion recently, and so far, it seems to be scaled well.

How are customer service and technical support?

Tech support has been extremely helpful. They are generally very quick to respond. If the first level is not able to resolve the issue, they generally escalate pretty quickly, gather logs. They seem to be hands-on. They generally will take over your session, actually do a WebEx, take over your WebEx section and actually do most of the driving, to make things run a little smoother, a little more, than, you know, directing you to where to find logs in Linux or things that can be kind of obscure. They generally will do everything for you, short of making, you know, impactful changes.

As far as for supportive log sources, we find it to be very good for very common log sources, Palo Alto firewalls, you know, Windows log sources. There have been a few security tools that we've found that weren't supported out of the box, so we've had to either use professional services, try to create those parsing rules ourselves, or opened cases with LogRhythm support to have those created.

Which solution did I use previously and why did I switch?

The reason we switched to LogRhythm, one of the core reasons, was the case management, and, as well as the Netmon. We liked having the integrated Netmon, and the case management, again, gave us a single pane of glass for our analysts to view the data, import the relevant data into the cases without having to use separate systems.

LogRhythm is definitely influencing. Since investing in LogRhythm, we've seen a lot more visibility into our product, into LogRhythm. We have a lot of non-security operations teams that are using the SIEM tools, just to view logs, Windows logs, troubleshooting issues, troubleshooting security events, so we're getting a lot of by-in from other teams into the program, which has accelerated the maturity of our program.

How was the initial setup?

I was involved in the initial setup, and it was fairly complex. We did use a professional services to do most of the work, but, yeah, it was somewhat complex compared to some other solutions I've used in the past. However, with the capabilities of the product, it wasn't surprising, because, you know, with the feature-rich product, you're gonna have some complexity with it, as well.

What other advice do I have?

I would probably rate it as an eight or a nine, currently, mainly, probably due to the complexity of importing log sources that aren't natively supported.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees
Real User
The most valuable features would be the automation, reporting, and the support. There are some compatibility issues with different browsers.
Pros and Cons
  • "The most valuable features would be the automation, reporting, and the support."
  • "My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome."

What is our primary use case?

The primary use case is compliance requirements. 

It is performing at the moment, but we are still in the process of implementing it.

How has it helped my organization?

We haven't fully integrated it or stood up the platform, so the benefits are realized yet.

What is most valuable?

The most valuable features would be the automation, reporting, and the support.

I do plan to use the full extent of the correlation and AI Engine to streamline our processes.

What needs improvement?

My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome. 

If I remember correctly, there are some compatibility issues with different browsers. The user system work only on Chrome. In order to use something like this solution, we would have to have that extra browser. It would be nice if LogRhythm had a full support compatibility across all browsers, regardless of what platform they're using and whether they are on desktop or mobile devices.

For how long have I used the solution?

Still implementing.

What do I think about the stability of the solution?

I'm a little on the fence about stability, because the platform runs on Windows at the moment. There has been some finicky administration stuff, especially if we are going to try to integrate it with our own domain's policies which need to be correctly reflected. In the instance that we have, it is not necessarily a good idea to have an endpoint security, but when you have to meet compliance and follow rules, these are some of the exceptions. There needs to be a way to allow organizations to utilize these platforms and still be in compliant.

What do I think about the scalability of the solution?

I don't what the demand is. I know the number of systems that we have. We try to forecast the demand ahead of time by coming up and listing the services that we need in the environment, but there are still things which are probably still yet to be seen.

As we run into systems which we were not aware of and need custom integration, I don't know what the pain points will look like or if things will be overlooked: Is the system scalable enough to where it will allow me to continue to log certain things without any restrictions? I don't know at this time, and I will find out once it happens.

How is customer service and technical support?

So far, the technical support has been good.

What about the implementation team?

I was hired in because I have the skill set to implement it. The original acquisition of the product was done by other people. Now, they have somebody who has the skill set and understands the technology deploying and configuring it, then going forward maintaining it.

For the development and maintenance, it will be just me. However, for the day-to-day log analysis, there will be a second person providing that function.

What other advice do I have?

While we are aware of the playbooks, we still need to look into them.

We are close to a gig of messages a second, so quite a bit of data.

To capture your use cases, understand exactly what you are looking at ingesting. Do the research as far as what the company has done. For example:

  • What have they provided at organizations of similar size?
  • At peer organizations, how have they implemented the solution and what are some of their pain points?

Understand what everybody else has done previously with the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SnrArchi4b5a - PeerSpot reviewer
Senior Architect at a energy/utilities company with 201-500 employees
Real User
We use it to examine traffic patterns and anomalies, but have a hard time visually sifting through the noise
Pros and Cons
  • "We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
  • "We're still struggling to get a real return on it and finding something that isn't false noise."

What is our primary use case?

We have a small population of users, but we are large physically and geographically spread out with a lot of devices on our network. We need all that login capability going into one spot where we can see it and correlate events across all our infrastructure with a small staff.

How has it helped my organization?

We're still struggling to get a real return on it and finding something that isn't false noise. 

There have been a few things, such as weird service accounts that have an encrypted password which are locking things out. However, we haven't had a big security event success with it as of yet. We could be missing things here, not seeing what is going on.

What is most valuable?

We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.

What needs improvement?

We still have a lot of noise, so this is a problem. We are having a hard time visually sifting through it. We need help dialing it in. We don't have the in-house expertise. Do we hire someone just for this purpose and have them sit there all day, every day doing that? It is almost at that point. We are looking at Optiv as solution right now.

It is so robust. There are so many moving pieces that you can't dabble in them. This is the problem that we are struggling with. You have to have somebody who works with it, and that is their job. Maybe a bigger company could have a whole team which could do this, but we don't have the capability right now.

I would like to see the client and the web client merged, so all the administrative functions are in the same web interface. It is just clunky right now. If you leave it running, it slows down your machine. However, we are still on version 7.3.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It seems to be stable.

What do I think about the scalability of the solution?

It should meet our needs going forward. It seems like it is a mature enough product. 

As far as what it takes, I don't know if it's worth the effort to get it on all the desktops, like every single user desktop and laptop reporting to it or if it is better just to target the main controllers, etc.

How is customer service and technical support?

I haven't had to use them too much. We will find out after we go online with Optiv. 

I have my sales engineer with LogRhythm, who has been helpful. She reaches out to me every couple months just to see if we need anything and offers assistance, because we'd already used up our block of hours when we first provisioned this solution.

We probably will contact them, if we go with Optiv, then they can help us upgrade.

How was the initial setup?

We did an on-premise solution. If I had to do it again, I would probably do a cloud-based solution. They basically shipped two boxes which were essentially ready to go. Then, I worked with an engineer who had a block of hours and he got the HA capability going. We got it dialed in and tied it up with the mainframe.

Our team is in the process this week of doing a health check and trying to get everything up to speed. We are doing an upgrade, because we are still on 7.3. We need to be upgraded to 7.4.

We have been using it for about a year. We are probably only about 75 percent there. We need help getting it dialed in, having some of the noise tuned out, and getting the alerts set up properly, so we can work off hours on different triggers. This is where we are struggling because we need to sleep, and we are blind during that time. So, we something to help us with that.

What about the implementation team?

The installation wasn't too bad. LogRhythm did most of it. I just had to do the stuff that was specific for our environment.

Which other solutions did I evaluate?

We went back and forth between LogRhythm, Splunk, and AlienVault. 

I liked LogRhythm mostly for how it integrated with the network infrastructure. It was my decision, and I'm not 100% sure that I picked the right one.

LogRhythm works well with our network-centric environment. However, it may not be the best for other things.

What other advice do I have?

I am rating the solution a six out of ten, because we have not gotten it to work yet. With all its components, there is such a learning curve. 

I haven't gotten far enough along in the process to know if the solution has a shortcoming or if it is our shortcoming with somehow getting it dialed in.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
NetworkS5932 - PeerSpot reviewer
Network Security at a energy/utilities company with 501-1,000 employees
Video Review
Real User
Brings all my logs together to produce evidence in my compliance role for NERC

What is most valuable?

For me, one of the most valuable things about it is it helps me to produce evidence in my compliance role for NERC. It helps me to really bring all my logs together and easily translate that into evidence, to show I’m doing what I’m supposed to be doing.

What needs improvement?

In the canned reports, I would like to see, rather than a blank report come out, for it to say something like, "No logs found," or "No log sources available." I don’t like blank reports.

For how long have I used the solution?

I’ve only been using it a couple of months. I started in about March, 2017.

What do I think about the stability of the solution?

I think it’s wonderful. I use a high-availability version that fails over for me if needed. I’ve got one in one datacenter and one in another. It seems to function properly.

What do I think about the scalability of the solution?

I have not had any issues. Mine is a very small deployment.

How is customer service and technical support?

The LogRhythm support system is phenomenal. I can’t give those guys enough praise. If I have a problem or a question even, they’re quick to answer or connect me with an engineer to resolve the problem. The support system is really the selling point of this product.

How was the initial setup?

My deployment is very new so we are still implementing it. There’s a little bit of work left to be done to get it to full capacity. I would say that it’s been relatively painless.

What other advice do I have?

I gave it an eight out of 10 because of the ease of use, and the support really deserves high marks.

I would definitely tell colleagues to look into it. Again, the support that they provide, they’re there to hold your hand if you need it, or just give you guidance and let you go. They really do take care of their customers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.