We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.
Senior System Engineer at a tech services company with 11-50 employees
Stable with one central dashboard and good scalability
Pros and Cons
- "The product is great for medium to large-scale organizations."
- "The solution is likely not the best option for a smaller organization."
What is our primary use case?
What is most valuable?
I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.
The initial setup is simple.
The solution is stable.
The product is great for medium to large-scale organizations.
The product can scale.
Technical support is reportedly quite good.
What needs improvement?
What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.
The solution is likely not the best option for a smaller organization.
One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.
For how long have I used the solution?
We've been working with the product since 2018. It's been almost three years at this point.
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
In terms of scaling, the solution is best for medium to large companies. Smaller companies likely do not want to invest in IT security products, however, for medium to large organizations, especially banks, LogRhythm works well.
It's easy to scale. What we do for scalability is we always put the hardware capability higher than the license. For example, if a customer wants a 3,000 MPS license, we always provide 6,000 MPS hardware. If they want to scale the license to 4,000 or 5,000, we just put the license in, and then it works as the size capacity is there. It's easy. It's not that difficult.
How are customer service and support?
We are not an end-user and therefore do not directly deal with technical support. In terms of the support, the end-user would get a response from the technical team, and, so far, from the feedback I've gotten, they are good. Clients seem satisfied with the level of service they receive.
Which solution did I use previously and why did I switch?
I also work with Oracle.
How was the initial setup?
The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However, the deployment of LogRhythm is very easy.
It takes 12 to 15 days for a full deployment.
We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.
It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.
In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.
What about the implementation team?
As an implementor, we can handle the setup for our clients.
What's my experience with pricing, setup cost, and licensing?
LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm.
The price is in USD. For that reason, when we convert from USD to our currency, the pricing seems quite high.
Everything is included. We get the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as well. We get everything in one package.
What other advice do I have?
We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer.
We are working with the latest version of the solution. I can't speak to the exact version number, however.
I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.
Enables us to alternate incident automations but reporting needs improvement
Pros and Cons
- "The most valuable feature is that we can alternate incident automations."
- "We need to get better training for things like creating code and playlists. The way it's done now takes a long time."
What is our primary use case?
Our primary use case is for financial companies and telcos.
What is most valuable?
The most valuable feature is that we can alternate incident automations.
What needs improvement?
We need to get better training for things like creating code and playlists. The way it's done now takes a long time.
For how long have I used the solution?
I have been using LogRhythm NextGen SIEM for two years.
What do I think about the stability of the solution?
The stability depends on the client we installing or integrating for based on the server's requirements. We can create them according to that defined time period. It's not that difficult but depending on the customer or the other server requirements.
We can have a dashboard in a single platform, we can get notifications via email or SMS, and we have Smart Response actions. So that kind of possibility is there.
What do I think about the scalability of the solution?
Our clients are mostly on a larger scale.
How are customer service and technical support?
You can request support and they respond immediately. They're really good.
How was the initial setup?
The initial setup is easy. It can take two hours. The first day of deployment is easy. Then depending on the devices and log servers, it can take time. We can give them predefined or pre-created devices and logs. The deployment depends on the devices and systems we are integrating. But the initial stage is easy.
What's my experience with pricing, setup cost, and licensing?
Because we are a developing country, the costs depend on country development. We implement it for large-scale companies because normal companies, startup companies, can't afford products at that price. We mainly focus on large-scale companies.
What other advice do I have?
I would definitely recommend this solution if you can afford it.
We get customized reports and we get reports including all the details, but when we start using them we couldn't start with the Outlook editor. We can customize a document and we can write a report. The dashboards are very user-friendly and very attractive. But when it comes to the reporting part, I think that could use improvement in the next release.
I would rate it a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Cyber Security Researcher at a tech services company with 1-10 employees
Stable with an easy initial setup and good security
Pros and Cons
- "The initial setup is pretty easy."
- "For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
What is our primary use case?
We typically consult with our clients and help them with necessary services.
What is most valuable?
The UEBA flow is the most useful aspect of the solution.
The initial setup is pretty easy.
While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind.
What needs improvement?
I'm not a fan of the system's user interface.
For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country.
We'd like it if the solution could be more customizable in future releases.
For how long have I used the solution?
We've been dealing with the solution for about a year.
What do I think about the stability of the solution?
The solution is quite stable. There aren't issues related to bugs or glitches. It doesn't crash. It's reliable.
What do I think about the scalability of the solution?
The solution can scale if a client needs it to.
We have clients that have 10-15 users on the solution. They are mostly security analysts. In terms of those that can actually view and escalate cases, there may only be five with such access.
At this point, there aren't any plans to increase usage.
How are customer service and technical support?
We typically are the ones that handle technical support for our clients if they run into issues.
How was the initial setup?
The initial setup is not complicated. It's quite easy and very straightforward if you follow the guides provided. I followed the guides and found it to be rather simple. It's not difficult to get everything up and running.
The deployment doesn't take too long. You can have it ready to go in one working day. That includes installation and configuration.
We have a minimum of five people who handle maintenance and deployments.
What about the implementation team?
Our company handles the installation for our clients. We can handle the implementation ourselves. We don't need a separate consultant or integrator.
What's my experience with pricing, setup cost, and licensing?
In our market, for the price it costs, our clients aren't using this solution so much. It seems to be quite expensive in Nepal. That said, even with the fees and a rather high cost, it is the best product among other competitors.
What other advice do I have?
We're partners with LogRhythm.
We don't technically use the solution typically. We consult with clients and advise on products. We also provide services on the solutions we offer. In this case, we do use the product as we log issues.
We use the latest version of the solution.
For our customers, the pricing will scare off many. However, if users are concerned more with the security of their account, they'll find this is a good option.
I would recommend the product. On a scale from one to ten, I'd rate it at an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
IT Security Administrator at a financial services firm
Facilitates receiving alerts quickly and remediating them with partial scripts
What is most valuable?
The Web Console, and digging in through the logs.
How has it helped my organization?
We use a single appliance, around 5,000 MPS. We're a Windows shop, so mostly Windows servers, desktops, workstations, etc. Somewhat distributed as well, we have three main sites and 20 or so distributed sites as well.
Our key challenges are, mostly people, getting more resources, and the goal is just get better. Are we better today than we were yesterday?
I think it has helped immensely. I think the ability to quickly receive an alert and investigate that alert is pretty beneficial. I think it is pretty effective.
Also, the ability to remediate alerts with partial scripts is pretty good.
What needs improvement?
I would definitely like to see more things in the Web Console, in terms of the ability to run reports and generate reports out of it, and schedule those. Instead of having to go to the FAT client, you would just do it out of the Web Console.
Right now there are two brains, there are the Web Console and the FAT console so that hinders a little bit of flexibility or innovation that they can do. It is a tough spot to be in, but otherwise it is a pretty good product.
What do I think about the stability of the solution?
In terms of just stability of the product, sometimes we have run into some issues there.
What do I think about the scalability of the solution?
In our environment, we have X number of clients, so that's not extremely scalable, but I know that the solution is pretty scalable.
How are customer service and technical support?
Support has been really good.
Which solution did I use previously and why did I switch?
We were using Splunk prior to this but it was too expensive and we needed a true SIEM solution.
How was the initial setup?
A little complex, but usually any SIEM is; just all the components that are in that one appliance.
What other advice do I have?
I am pretty impressed with it. I have seen a it grow, just in the short time that we have had it.
It is very important for us that a solution be a unified, end-to-end platform. That is one of the biggest driving factors, having a single place that I can do network monitoring if we wanted to. We could do log correlation out of different security tools that we have.
Make sure you give it enough resources in terms of users. Somebody to manage it, whether that be a MSSP or in-house resource.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
I am impressed with their support. We ran into issues where it was not parsing correctly.
Pros and Cons
- "It supports most standard log sources."
- "It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources."
How has it helped my organization?
- Lower personnel requirements
- Improved vendor support services
- Ease of use
Key challenges are lack of personnel to manage LogRhythm. We are a small shop and we don't have a dedicated person to really manage LogRhythm, so our goal is for us to go to a level where we are doing a lot of automation.
What is most valuable?
- The SmartResponse piece of it.
- It supports most standard log sources.
What needs improvement?
We were having some challenges initially, especially ingesting those standard log sources. We ran into issues where it was not parsing correctly. That wasn't our expectation, because we considered them standard log sources, but there was some issue with parsing our logs.
As far as adding log sources, it is not as straightforward. At the same time, granting access we have noticed it's not using AD groups. It's more of the organizational unit in AD.
It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources. The way it works right now, it looks like we have to engage LogRhythm in order for us to make adjustments on the parser.
What do I think about the stability of the solution?
In a two month period, we had one hardware issue, which might not be LogRhythm-related. It might be on the hardware side. It's fairly new, so we were expecting that to happen, the actually failure on the platform manager (PM) side.
What do I think about the scalability of the solution?
I think it's scalable. So far, we haven't really reached the point where we can say, "Yeah, we can definitely expand the use of it."
How are customer service and technical support?
They're pretty good. I'm impressed with their support. It has been easy to reach the right person.
Which solution did I use previously and why did I switch?
We are migrating from a different product (Curator) to this product, and we think LogRhythm is better than the older product that we were using. We were looking for a solution with scalability and ease of management. Also, Curator is more expensive.
How was the initial setup?
I was involved in the initial deployment and setup. I have used another SIEM solution. It's not easy, but it's not also that really complicated to setup.
What's my experience with pricing, setup cost, and licensing?
Look for whatever will give you the most value. That's the main point. It is not one size fits all.
Which other solutions did I evaluate?
Splunk. Cost is the main reason LogRhythm stood out.
What other advice do I have?
It is important solution be a unified end-to-end platform, especially because we are a small security group. If we can have it in one place, that would be a big plus for us.
Most important criteria when selecting a vendor: support.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Security Administrator at a tech services company
The artificial intelligence engine is its most valuable feature
Pros and Cons
- "The artificial intelligence engine."
- "More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
How has it helped my organization?
We're in the process of a rollout right now. But from what I've seen, it will definitely be a huge benefit.
Our impression is the solution will be excellent toward meeting our meeting our existing security challenges.
Our biggest challenge right now, there is a big push towards docker containers and trying to wrap my head around how we are going to monitor and provide security for that.
What is most valuable?
The artificial intelligence engine.
What needs improvement?
Focus on open source, long sources like Linux and Docker, and those kind of things. More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it. This seems to be lacking.
It would be a huge help if there were some guidelines or some new technologies that were developed specifically for that.
What do I think about the stability of the solution?
It seems pretty stable. I'm not had any issues with it.
What do I think about the scalability of the solution?
It seems like you could grow it horizontally. The solution that we have, it is the one that can split out with a couple of different data indexers and data processors. However, we are still in the roll-out phase.
How are customer service and technical support?
They were excellent and very knowledgeable.
Which solution did I use previously and why did I switch?
No, just some open source type of things.
We searched for a security solution because it is such a huge surface area to cover for a very small security shop. It is just two of us, and we have about 5,000 servers. It is a lot.
How was the initial setup?
I was involved in the initial setup. It was somewhat straightforward, somewhat complex. There are a lot of moving parts.
If they had some type of a script, which you could run depending on the solution and what boxes you have. A script that would just go and automatically configure things and get that part of it done, then you could focus on getting the events in, things like that.
What's my experience with pricing, setup cost, and licensing?
I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway. Better to do it upfront and have that headroom.
Which other solutions did I evaluate?
We were evaluating Splunk, and also QRadar.
We chose LogRhythm because the price point was within what we were looking to pay. It seemed like a more mature solution than some of the others.
What other advice do I have?
A unified end-to-end platform solution is important but I understand that there will be different tools for different jobs. LogRhythm, that is their sweet spot and I hope they stay there because they do it really well.
Most important criteria when selecting a vendor: It is about the integrations with all the different products that we are using. LogRhythm seem to have most of those boxes checked. Therefore, it was a good fit for us.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Systems Architect at a university with 10,001+ employees
Parsing and its integrated nature are valuable but needs complete horizontal scalability and better analytics
What is most valuable?
- The integratedness
- The parsing
- Their partnerships with various device manufacturers
They keep it up to date, you don't have to worry about that when their products change.
I think as an aggregator it works very well, and as a case management tool it works very well. I think it works reasonably well for parsing. I think there's always room for improvement there; I'm thinking any solution that I've seen, it's just a difficult problem to solve.
How has it helped my organization?
We're an MSSB, we have about 10 or so different customers that all host with us. Currently we're licensed for 15,000 MPS, average, and we use about 8000 MPS average, consistently, and we're growing.
Among our key challenges is getting everybody on the same page about the value of security, and why it's worthwhile to pay for security solutions, and the people to staff them.
LogRhythm has absolutely helped improve the security of our organization. We're able to respond to potential threats in a unified system, where that was impossible before. This is our first SIEM product.
What needs improvement?
I would like to see more focus on it being a data lake. We have around 100 terabytes of data stored in LogRhythm, machine data, sensor data. That all could be used for operations tasks as well. It would really be awful to have to stand up another Splunk instance at 100 terabytes alongside of it.
Also, seeing more analytics features, and more flexibility around that, and their schema.
Bringing it out completely horizontally scalable, and also continued focus on supporting lots of different vendors, for a lot of data sources.
What do I think about the scalability of the solution?
Scalability is not great, at the moment. That's changing with newer releases, and I know that's been a focus of the team. It's actually the purpose of my coming to the LogRhythm user conference, to learn more about that.
They're moving towards a horizontally scalable system, and frankly a lot of their competitors don't have this yet either, so it's kind of a wash in that. I think once they get to that point where they're completely horizontally scalable in all components, they'll have a leg up on the competitors, at least for a little while, until they get there as well.
How are customer service and technical support?
Great in some areas, not so great in others. We had a lot of challenges during our initial deployment, self-inflicted in some ways. Others, we didn't have the right support, and the technical services team was stretched pretty thin when we used them.
It was hard to schedule time with them and get pre-deployment meetings, a proper architecture review on time, so we knew that our environment was ready for the deployment.
Which solution did I use previously and why did I switch?
We used EiQ. It was terrible. Just straight up, they didn't fulfill support promises. They pivoted from being a self-hosted company to hosting in the cloud and offshore, using offshore analysts. So, it just wasn't a fit anymore. And their product didn't scale.
We needed something that would give us a single pane of glass, that visibility over our whole organization - and correlate all the data - without too much staffing needs.
How was the initial setup?
We undersized the environment from a hardware perspective, which led to the system not performing well.
I'd say the requirements weren't really well defined, in our particular situation, but from what I've heard, other customers don't necessarily have that same issue. I think it was more so that LogRhythm was just growing at that time, and they had more customers than they knew what to do with.
Which other solutions did I evaluate?
We looked at RSA, we looked at Alien Vault, we looked at a vanilla ELK Stack homegrown solution. We actually evaluated that one. And we also looked at McAfee/Intel at the time, security.
We went with LogRhythm because aligning with the critical security controls, SAN security controls, was important for us. Also, the price was good, MSSP support was good. I think ultimately it was the combination of their willingness to partner with us, and the price.
What other advice do I have?
I would say for us, being an MSSB, when selecting a vendor, scalability is paramount. And the support ability. If we're going to drop a lot of money on a solution, it needs to be easy for our analysts to get up to speed with it. That's worth a little bit extra, versus going with something that requires months of training just to do the basic running of the system.
If I were to advise a colleague looking at this or a similar solution, I would say take a look at all the options, figure out what you need out of a solution first, and then just make sure you evaluate it. If possible, test drive it. See what it can do, not in a sales presentation. Don't just look at a PowerPoint, actually test drive it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Engineer at a tech vendor with 10,001+ employees
The Advanced Intelligence Engine alerts the SOC to potential security issues, though File Integrity Monitoring needs improvement.
What is most valuable?
Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.
How has it helped my organization?
The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise.
What needs improvement?
There is room for improvement in the area of File Integrity Monitoring.
For how long have I used the solution?
I've used it for 15 months.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
It's excellent.
Technical Support:It's excellent.
Which solution did I use previously and why did I switch?
I have used Tripwire, which was a poor SIEM solution.
What about the implementation team?
We used a vendor team. I recommend using LogRhythm's professional services for assistance with implementation.
What other advice do I have?
I highly recommend LogRythm for SIEM.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
USM Anywhere
ManageEngine Log360
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- Does LogRhythm NextGen SIEM offer good security?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?