LogRhythm SIEM Reviews

The primary use case is compliance requirements. 

It is performing at the moment, but we are still in the process of implementing it.

We haven't fully integrated it or stood up the platform, so the benefits are realized yet.

The most valuable features would be the automation, reporting, and the support.

I do plan to use the full extent of the correlation and AI Engine to streamline our processes.

My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome. 

If I remember correctly, there are some compatibility issues with different browsers. The user system work only on Chrome. In order to use something like this solution, we would have to have that extra browser. It would be nice if LogRhythm had a full support compatibility across all browsers, regardless of what platform they're using and whether they are on desktop or mobile devices.

I'm a little on the fence about stability, because the platform runs on Windows at the moment. There has been some finicky administration stuff, especially if we are going to try to integrate it with our own domain's policies which need to be correctly reflected. In the instance that we have, it is not necessarily a good idea to have an endpoint security, but when you have to meet compliance and follow rules, these are some of the exceptions. There needs to be a way to allow organizations to utilize these platforms and still be in compliant.

I don't what the demand is. I know the number of systems that we have. We try to forecast the demand ahead of time by coming up and listing the services that we need in the environment, but there are still things which are probably still yet to be seen.

As we run into systems which we were not aware of and need custom integration, I don't know what the pain points will look like or if things will be overlooked: Is the system scalable enough to where it will allow me to continue to log certain things without any restrictions? I don't know at this time, and I will find out once it happens.

So far, the technical support has been good.

I was hired in because I have the skill set to implement it. The original acquisition of the product was done by other people. Now, they have somebody who has the skill set and understands the technology deploying and configuring it, then going forward maintaining it.

For the development and maintenance, it will be just me. However, for the day-to-day log analysis, there will be a second person providing that function.

While we are aware of the playbooks, we still need to look into them.

We are close to a gig of messages a second, so quite a bit of data.

To capture your use cases, understand exactly what you are looking at ingesting. Do the research as far as what the company has done. For example:

• What have they provided at organizations of similar size?
• At peer organizations, how have they implemented the solution and what are some of their pain points?

Understand what everybody else has done previously with the solution.

It's allowed us to have more visibility into our network as well as be able to respond more quickly to incidents seen on the network.

• Being able to gather logs in one place
• Being able to process them and generate alarms

I work in a highly regulated industry. I know the product has compliance mechanisms, but being able to get more governance surrounding some of the compliance. Merging things that we have to be on top of would be helpful.

LogRhythm has been able to show that their products are very scalable. Usually, when you buy things that are out of boxes, you get them, they're old. But the new enhancements and things that LogRhythm continues to integrate allow you to scale up with them as they grow. They scale with you also.

I've used tech support. They're very helpful, very knowledgeable people who genuinely care about you and want to see not just their product but you, as a company, be successful.

This is our first iteration of SIEM at my organization. At the time, my superior had used Splunk previously, and that was what he was a fan of. But LogRhythm is one of the emerging leaders, price point was very important, and also to be with a company that's on the cutting edge of technology.

I think that anytime you're integrating SIEM monitoring tools into an environment, it is complex, but the LogRhythm Professional Services help make things easier, and I've worked with them every step of the way.

It's very important to our organization that the solution be a unified end-to-end solution.

I don't think any company is perfect, but I know that they're striving, and that's why I give them such a high score.

I understand that whatever you're buying with LogRhythm, it is not going to be static. It's a very dynamic company and a lot of new technologies emerge, so ensuring that you get the proper level of training upfront, as well as continued training for your staff, is important for being able to wrap your hands around what LogRhythm is actually doing and where they're going.

You start to talk about some things like blockchain and quantum, I'm sure that LogRhythm is already researching some of those new computer technologies. I didn't know what to expect back in 2015 when we bought the product, but it's showing to be agile, scalable, and the people are very knowledgeable.

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

This product has made it easier for our team to correlate security events and react quicker to incidents.

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

I've used it for five months.

The deployment was very smooth.

There were occasional stability problems, but they were resolved by support in a timely fashion.

No issues encountered.

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

This is our first SIEM.

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

We started with LogRhythm about three years ago.

LogRhythm is stable. 

Scalability is a matter of cost. LogRhythm has the technical capacity to scale if you pay for the components and licenses. 

LogRhythm's support is good.

Setting up LogRhythm is straightforward. It is not complicated.

We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context. 

We typically consult with our clients and help them with necessary services.

The UEBA flow is the most useful aspect of the solution.

The initial setup is pretty easy.

While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind.

I'm not a fan of the system's user interface.

For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country.

We'd like it if the solution could be more customizable in future releases.

We've been dealing with the solution for about a year.

The solution is quite stable. There aren't issues related to bugs or glitches. It doesn't crash. It's reliable.

The solution can scale if a client needs it to.

We have clients that have 10-15 users on the solution. They are mostly security analysts. In terms of those that can actually view and escalate cases, there may only be five with such access.

At this point, there aren't any plans to increase usage.

We typically are the ones that handle technical support for our clients if they run into issues.

The initial setup is not complicated. It's quite easy and very straightforward if you follow the guides provided. I followed the guides and found it to be rather simple. It's not difficult to get everything up and running.  

The deployment doesn't take too long. You can have it ready to go in one working day. That includes installation and configuration.

We have a minimum of five people who handle maintenance and deployments.

Our company handles the installation for our clients. We can handle the implementation ourselves. We don't need a separate consultant or integrator.

In our market, for the price it costs, our clients aren't using this solution so much. It seems to be quite expensive in Nepal. That said, even with the fees and a rather high cost, it is the best product among other competitors. 

We're partners with LogRhythm.

We don't technically use the solution typically. We consult with clients and advise on products. We also provide services on the solutions we offer. In this case, we do use the product as we log issues.

We use the latest version of the solution.

For our customers, the pricing will scare off many. However, if users are concerned more with the security of their account, they'll find this is a good option.

I would recommend the product. On a scale from one to ten, I'd rate it at an eight.

• The user interface (UI)
• Ease of use, especially if you are starting off
• The AI

Key challenges and goals: Anytime you are building a program from the ground up, there is a lot of legwork to be done to get things tuned to the point where they are usable.

Effectiveness of solution in meeting security challenges and goals: It is very effective. It is a single pane of glass for all of the logs, that not just myself, but anybody who is looking for information about how the network is behaving can use. So, not just primarily a security tool, it is a tool for everybody if it is set up that way.

We run across the odd vendor which we are using that we think are large players in their environment, but there is not necessarily a native support for their log ingestion per se, where it requires customization in order to be able to parse and accept their logs. I would also like to see them expand on some of the ability to interact with other technologies in real time via the programming platforms.

It pre-existed before I got there. Once it was deployed, I have been responsible for most of the log ingestion and the tuning efforts.

It seems scalable so far. I have not had to add more devices to our deployment yet, but it has yet to be discovered.

We have used LogRhythm tech support and they are excellent. They have been very helpful.

This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.

It pre-existed before I got there.

I am very happy with the solution right now. I would absolutely recommend it and have.

Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them.

The most important criteria when selecting a vendor: It is very important for it to be unified.

We're in the process of a rollout right now. But from what I've seen, it will definitely be a huge benefit.

Our impression is the solution will be excellent toward meeting our meeting our existing security challenges.

Our biggest challenge right now, there is a big push towards docker containers and trying to wrap my head around how we are going to monitor and provide security for that.

The artificial intelligence engine.

Focus on open source, long sources like Linux and Docker, and those kind of things. More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it. This seems to be lacking.

It would be a huge help if there were some guidelines or some new technologies that were developed specifically for that.

It seems pretty stable. I'm not had any issues with it.

It seems like you could grow it horizontally. The solution that we have, it is the one that can split out with a couple of different data indexers and data processors. However, we are still in the roll-out phase.

They were excellent and very knowledgeable.

No, just some open source type of things.

We searched for a security solution because it is such a huge surface area to cover for a very small security shop. It is just two of us, and we have about 5,000 servers. It is a lot.

I was involved in the initial setup. It was somewhat straightforward, somewhat complex. There are a lot of moving parts.

If they had some type of a script, which you could run depending on the solution and what boxes you have. A script that would just go and automatically configure things and get that part of it done, then you could focus on getting the events in, things like that.

I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway. Better to do it upfront and have that headroom.

We were evaluating Splunk, and also QRadar.

We chose LogRhythm because the price point was within what we were looking to pay. It seemed like a more mature solution than some of the others.

A unified end-to-end platform solution is important but I understand that there will be different tools for different jobs. LogRhythm, that is their sweet spot and I hope they stay there because they do it really well.

Most important criteria when selecting a vendor: It is about the integrations with all the different products that we are using. LogRhythm seem to have most of those boxes checked. Therefore, it was a good fit for us.

We used to use a third-party vendor. We migrated to an in-house security operation center, so it's been a big difference.

We're doing almost 10,000 EPS right now and we have anywhere between 5000 and 6000 servers, and a couple thousand network devices more or less.

Our goal is pretty much to gather all those logs. Keeping track of when new servers are deployed and new network equipment gets put out there and then have them report to LogRythm. That's mainly the biggest challenge so far.

Mostly for us the most valuable feature is its aggregation of all the logs into a single platform, and then doing the real-time monitoring based on that.

Also, the real-time monitoring piece of it, that's extremely valuable. Plus you can tweak a lot of their settings while other systems don't really let you.

Dashboards, reports. Right now I know there's a big issue with reporting. It's challenging, at least for us, to do some of the reporting within the system itself. Hopefully that's something that gets improved.

Also, when you're reaching out to any other solution out there, any third party, most of them have integrations with Splunk; that's something that it's lacking on the LogRythm side. They're lagging behind when it comes to integration to main platforms.

So hopefully, with the help of the entire community, we can build something a little bit more flexible when it comes to integrations.

We had some issues. Unfortunately, it was not sized properly from the beginning. But now with the additional boxes on everything, so far it's pretty solid.

They're pretty good. Sometimes I wish they would be a little bit quicker getting back to you, at least when you open a ticket, but apart from that they're pretty good. We usually do reach the right person within the SLAs they have.

We were using a third party, Dell SecureWorks. We wanted to go away from that and go into more of a centralized system in-house. We went through a bunch of factors and LogRhythm came out on the top.

It was good. We have a lot of collectors, we ended up having almost 50 collectors in total, so it was a little bit challenging, but it's not bad.

• Curator Security
• Splunk
• ArcSight

We took it as far as they were able to help us with very specific things we do as a company, and LogRhythm came out on top.

We're migrating to a dumb-terminal type of environment. That's the end goal that we have, because we have noticed that there's no way for us to secure everything. There's really no way. So having the users centralized into one location, it makes a big, big difference.

So far it's working fine. Like I said, we had some little things here and there but we've revised the architecture and now it's good.

For selecting a vendor we had a matrix. There were a bunch of points that we were trying to cover. How easy is it to use? For Roger's group, for example, to see how easy it was to adapt from the GUI base to the console.

In terms of a unified, end-to-end platform, I'd say we're not married to specific vendors or companies, that's the nature of our business, at least how we run. But it's good to have everything in one solution.

If I had a colleague at another company researching this and other SIEM security tools, I would give him my matrix.