Try our new research platform with insights from 80,000+ expert users
it_user756315 - PeerSpot reviewer
Security Analyst at Guitar Center
Vendor
Enables us to feed in logs from other solutions and build dashboards to show us what we need to see

What is most valuable?

AI Engine

How has it helped my organization?

It's got intelligence. Does a lot of the heavy lifting, you can create custom AI rules. I'm looking forward to this CloudAI.

It definitely complements all of the other solutions we have. We can feed all the logs into our system, build dashboards that the products themselves cannot provide. For example, we have web filtering, their dashboards aren't so great for that product. But when we feed it into LogRhythm, we can build dashboards that really show us what we need to see.

What do I think about the scalability of the solution?

Pretty scalable. We were on an HA setup. Got about 2000 messages per second. It's pretty scalable.

How are customer service and support?

They're top-notch. Every time I call, there's somebody willing to pick up the phone, somebody willing to jump on a WebEx, so I have nothing but good things to say about LogRhythm. Compared to every other product we have, LogRhythm support is the best. Without a doubt.

Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

Which solution did I use previously and why did I switch?

I've used Symantec SIM, which wasn't so great. This is a real breath refresher, because it's more scalable, and I feel it's a better product overall.

What other advice do I have?

The most important factor, for me, when selecting a solution is that it needs to be lightweight.

Advice I would give to a colleague at another company who is researching this sort of solution: Talk to me first.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756399 - PeerSpot reviewer
EMS-Scada Infrastructure Engineer at a energy/utilities company
Vendor
It is very stable once it is configured. We have not had any downtime.

What is most valuable?

Compliance. It's the main focus of the solution, and that is what we've been doing: logging, monitoring, and alerting.

How has it helped my organization?

We keep an eye on all the events which actually are configured as an alert. This keeps us on compliant for compliance purposes.

Our key challenge and goal is maintaining a secure infrastructure. We are a power electric company, so we are trying to be as secure as we can.

It is a very good solution. It is very robust. It is very extensive. We're trying to go into the minimum requirements for compliance purposes, but I would like to start implementing more for administration purposes and security.

What needs improvement?

  • More seminars.
  • Reporting: A reporting tool would be good for us, especially if we have better knowledge of them.

What do I think about the stability of the solution?

It is very stable once it is configured. We have not had any downtime.

What do I think about the scalability of the solution?

The scalability is very powerful. Our network is not very big, but we can configure it so we can always be up and running with redundancy. It's a great solution.

How is customer service and technical support?

It is a great experience all the time working with them. They are very useful, if they don't have the answer, they find the people that have the answer.

How was the initial setup?

On the last upgrade, I was part of the group to implement it. We did have some challenges, because the previous deployment was not configured right, then we did the implementation and it was very straightforward.

Which other solutions did I evaluate?

Alert Logic, but the laws were going outside of the company, so we want to keep it inside for security purposes.

LogRhythm was the best solution that we could find.

What other advice do I have?

We have LogRhythm in place and it's been working well for us.

It's a great solution but training will be a big key on the implementation. We can troubleshoot it and get the technical support, but it always being very good to have technical training on LogRhythm.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
it_user756372 - PeerSpot reviewer
Security Analyst at a tech services company
Consultant
Before we were compartmentalized, now we we have a central point with more integration between different departments

What is most valuable?

Being able to have all our logs all in one place, so we can easily correlate across the environment.

How has it helped my organization?

It has definitely matured our security posture. Before we started using it heavily, all our products were compartmentalized within the department that used it. Now that we have a central point, we have been having more integration with different departments.

The challenges are being spread out and using some of the technology that we do use, which are not easily integrated into the SIEM. We have a lot of custom parsers and just trying to get our custom products and applications to integrate into the SIEM, that was our biggest challenge.

As far as building custom parsers, it's very configurable. I've had some experience building parsers with it so far, and the ones that we have built have been working fine. Support has been pretty awesome with helping get those working well.

What needs improvement?

Adding more integration for security products would be an improvement.

What do I think about the scalability of the solution?

I have not had to scale it out too much yet. The environment was already set up when I came in. As far as the ability to scale out, I know it's there. I haven't had to put it to use though.

How are customer service and technical support?

I have used their support a lot. It is really good support. I don't think I've opened a case yet that I haven't got a solution on, and it is usually pretty fast It's easy to reach the right person.

Which solution did I use previously and why did I switch?

We had a previous solution, but I don't know who they were. I don't know why we switched. Compliance was our biggest driving factor to why we purchased LogRhythm.

Which other solutions did I evaluate?

I would not know. This was done before I came onboard.

What other advice do I have?

It is a really good product with good support.

If someone is reaching the solution, I would advise them to reach out to users and try to visit LogRhythm's online presence to see what they have. The LogRhythm community has been a pretty good resource.

Having a unified end-to-end platform is very important.

Most important criteria when selecting a vendor: support for the product.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user756414 - PeerSpot reviewer
Lead Info Security Architect with 501-1,000 employees
Vendor
We have used its alert capabilities to help us mitigate issues more rapidly

How has it helped my organization?

It helps by collecting logs from a lot of different security items, like firewalls and IPSs. It helps to give us alerts to let us know if something is happening on our network. It has really good log collection and event and alerting capabilities, so we have used those alerts to help us mitigate issues more rapidly.

We have been able to stop ransomware by being alerted through LogRhythm. That was probably one of the biggest things. Also, malware events and things like that.

What is most valuable?

Using the web console to get a quick look at what's happening on the network, so the different dashboards that are available. Those are probably the things I look at first. Probably very useful at really analyzing what's going on.

What do I think about the stability of the solution?

We haven't seen issues with the product itself. There are updates which are now automatic through the knowledge-base. So, I'd say it's a stable product.

What do I think about the scalability of the solution?

We have not had issues with scalability as far as LogRhythm's concerned. We're not big enough to have issues of scalability with it. It is a much bigger product than that. We're not a huge global organization, so it's more than enough for a company our size.

Our environment is about a 1000 users, about 900 workstations, and a couple 100 servers. It is a Windows and Cisco shop.

How are customer service and technical support?

They are really good. Whenever I've needed their help, opened up a ticket, I haven't had any issues getting help from them. We have a guy right now who is really excellent, and will go out of his way to help us with making sure we are getting things setup properly, so that's really been a big help. They have really smart people there. When you work with them over the course of a number of years, you see how bright these guys are, so it's nice.

Which solution did I use previously and why did I switch?

We're fairly close to Boulder, so buying something that was local, I like to do that, and it is a great product. We're happy with it. I think it is one of the best SIEM tools out there. So, no regrets about going local, and it's nice to have them down the road if we need to get to them.

What other advice do I have?

It is a great product. We brought it in initially as a central event log for PCI compliance. It's been really good for PCI compliance, but then we leveraged it for security across the network, so it has been really good that way. It really requires somebody to be able to dedicate a lot of time to getting sources into it. It's hard if you're a partial user of it. It takes a lot longer to really understand the product, because it's big. There's a lot to it.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user756300 - PeerSpot reviewer
Security Architect at a leisure / travel company
Vendor
Facilitates aggregating all the logs into a single platform, and then doing real-time monitoring

How has it helped my organization?

We used to use a third-party vendor. We migrated to an in-house security operation center, so it's been a big difference.

What is most valuable?

We're doing almost 10,000 EPS right now and we have anywhere between 5000 and 6000 servers, and a couple thousand network devices more or less.

Our goal is pretty much to gather all those logs. Keeping track of when new servers are deployed and new network equipment gets put out there and then have them report to LogRythm. That's mainly the biggest challenge so far.

Mostly for us the most valuable feature is its aggregation of all the logs into a single platform, and then doing the real-time monitoring based on that.

Also, the real-time monitoring piece of it, that's extremely valuable. Plus you can tweak a lot of their settings while other systems don't really let you.

What needs improvement?

Dashboards, reports. Right now I know there's a big issue with reporting. It's challenging, at least for us, to do some of the reporting within the system itself. Hopefully that's something that gets improved.

Also, when you're reaching out to any other solution out there, any third party, most of them have integrations with Splunk; that's something that it's lacking on the LogRythm side. They're lagging behind when it comes to integration to main platforms.

So hopefully, with the help of the entire community, we can build something a little bit more flexible when it comes to integrations.

What do I think about the scalability of the solution?

We had some issues. Unfortunately, it was not sized properly from the beginning. But now with the additional boxes on everything, so far it's pretty solid.

How are customer service and technical support?

They're pretty good. Sometimes I wish they would be a little bit quicker getting back to you, at least when you open a ticket, but apart from that they're pretty good. We usually do reach the right person within the SLAs they have.

Which solution did I use previously and why did I switch?

We were using a third party, Dell SecureWorks. We wanted to go away from that and go into more of a centralized system in-house. We went through a bunch of factors and LogRhythm came out on the top.

How was the initial setup?

It was good. We have a lot of collectors, we ended up having almost 50 collectors in total, so it was a little bit challenging, but it's not bad.

Which other solutions did I evaluate?

  • Curator Security
  • Splunk
  • ArcSight

We took it as far as they were able to help us with very specific things we do as a company, and LogRhythm came out on top.

What other advice do I have?

We're migrating to a dumb-terminal type of environment. That's the end goal that we have, because we have noticed that there's no way for us to secure everything. There's really no way. So having the users centralized into one location, it makes a big, big difference.

So far it's working fine. Like I said, we had some little things here and there but we've revised the architecture and now it's good.

For selecting a vendor we had a matrix. There were a bunch of points that we were trying to cover. How easy is it to use? For Roger's group, for example, to see how easy it was to adapt from the GUI base to the console.

In terms of a unified, end-to-end platform, I'd say we're not married to specific vendors or companies, that's the nature of our business, at least how we run. But it's good to have everything in one solution.

If I had a colleague at another company researching this and other SIEM security tools, I would give him my matrix.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user326481 - PeerSpot reviewer
Sr. Mgr of Network Operations at a comms service provider with 501-1,000 employees
Vendor
It allows us to detect and remediate Advanced Persistent Threats, but the log management database needs to be more efficient.

Valuable Features

  • Investigation
  • Advanced Intelligence Engine
  • Alarming and Response

Improvements to My Organization

We have made this the foundation of our security intelligence within our organization. It has allows us to detect and remediate Advanced Persistent Threats.

Room for Improvement

I would like to the log management database perform more efficiently.

Use of Solution

I've used it for five years.

Stability Issues

Some minor bugs with the mediator. Those have been fixed in patch releases a long time ago.

Customer Service and Technical Support

Customer Service:

9/10.

Technical Support:

9/10.

Initial Setup

Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.

Implementation Team

We implemented it in-house. Active Directory import makes initial configuration quick and easy.

Other Solutions Considered

We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.

Other Advice

We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756420 - PeerSpot reviewer
Security Advisor at a manufacturing company
Vendor
The UI allows us to hand it off to our SOC and train them

How has it helped my organization?

We have about 170,000 employees worldwide. We have thousands of unique log sources we're ingesting. Right now, it's kind of information overload in what we're trying to create logs off of.

Our key challenges are staffing and, right now, we're just trying to get the best bang for the buck on what we can create for alarms, so that's what we're trying to get out of being at the LogRhythm User conference.

We're about to ingest pretty much all of our log sources and write alarms based off the log sources. That's what we're working towards right now, getting valuable alarms to trigger for our SOC to action.

LogRhythm meets our problem statement, as a solution.

What is most valuable?

The UI. We can give it down to our SOC and we can train them.

What needs improvement?

The CloudAI obviously, that's going to be big for us. Hopefully that matures. I saw the problem statement video they did today at this conference, which is great. But I haven't seen anything tangible out of that yet, so looking forward to that.

I wouldn't give them a 10 out of 10 because there is definitely some room for improvement as far as in the GUI. Some of the things don't make sense. I think they need to better understand how a SOC would use that platform.

I don't think they understand that every morning we do a case review and we need a quick dashboard to go review open cases for our SOC. And that's not built into the dashboard, so we have to create that. There are some use cases that I think they should sit down a little bit more with the customer and understand how we use it.

What do I think about the stability of the solution?

It's pretty stable.

What do I think about the scalability of the solution?

It was scaled inappropriately when we got it, so we had to buy a bunch of hardware after that. But, it's working now.

How are customer service and technical support?

I don't use it. My cohort, who is more of the SIEM admin, he uses it quite a bit. I think he's happy with it, as far as I know.

Which solution did I use previously and why did I switch?

We used Q1 QRadar. After IBM bought it, it kind of died on a vine. They quit supporting it, so that was the main driver for getting off of that and going to LogRhythm.

How was the initial setup?

Pretty straightforward.

Which other solutions did I evaluate?

We did a RFP for all the major vendors, ArcSight, all the big ones. LogRhythm came out as the best SIEM tool.

What other advice do I have?

When selecting a vendor, for us, the platform has to be a unified, end-to-end solution. We've got so many unique platforms around our business that it has to be.

All SIEMs suck, but LogRhythm is the best.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756411 - PeerSpot reviewer
Security Analyst at a financial services firm
Vendor
Makes log information available on demand for investigation but generates a lot of alarms we have to overlook

What is most valuable?

The most valuable part of the solution is being to view all of the logs whenever you want. Any time an issue comes in or something that needs to be researched, I have the logs there. I can go in, run an investigation. It's pretty much at my hands. Information is available on demand. I feel like I'm in control of it, which gives me warm, fuzzy feeling.

How has it helped my organization?

Pro's and con's I would say. We are short staffed, like the majority of the people are here at the LogRhythm World conference. We have a lot of alarms that get overlooked, there's not a lot of prominence to them. So our SLAs are over extended. But other than that, we're getting alerted on things that we need to quickly look at, glance, and see what needs our attention right away.

Usually, anything that's really hot, urgent, rated 90 or above, we answer those right away, and get those tasks completed.

What needs improvement?

If they continue to do innovation, and listen to their customers, then they'll move forward, and I think that will be the best thing for all parties involved.

What was my experience with deployment of the solution?

One thing that surprised me was how many logs were being generated by our environment and how many logs are just a waste of time, looking at them. They're just there. It's just logging information, and we were able to reduce.

Deployment, I believe, took about two weeks, and going from, let's say, a 100 logs, we were able to reduce to about half of those logs in terms of what we're reviewing.

What do I think about the stability of the solution?

Stability is perfect. We have had no issues whatsoever with the servers, or with the Web Console or anything else.

What do I think about the scalability of the solution?

The scalability is awesome. Initially, when we first purchased LogRhythm, we purchased only about 20 lite agents. Then we realized, as we were looking for additional log sources, we needed more. Pretty much within a day, we were able to purchase additional licenses and get them rolled out to our organization.

How are customer service and technical support?

Tech support is amazing. They always follow up with a document on how to do something and if you still need further assistance, they're willing to get on the phone with you, without any doubt.

Which solution did I use previously and why did I switch?

We were using a different vendor and we decided to go against it. We wanted to bring this in, in-house. We were using Dell SecureWorks, and we were just not satisfied with their ability to give us reporting and information on a timely manner.

How was the initial setup?

It was a little complex, I did not have training prior to, so it was more of a hands-on learning, which I appreciate. I prefer to do hands-on. It's easier for me to learn that way. It was complex but at the same time it was educational. It had benefits.

What other advice do I have?

Being at this conference I learned a lot. For example, I haven't been using the Web Console to the extent that I should be using it, and I think going back I'll be using that a lot more.

It's extremely important for a solution to be a unified, end-to-end platform. In terms of criteria when selecting a vendor, we look at it as a relationship between our organization and LogRhythm. We want them to work with us and we're willing to work with them to fit what's best for our environment.

I gave it seven out of 10 because we've only used the product for about a year and a half and it's still a building process, and I think it will always be a building process. You're always tweaking things. I can't imagine the company being the best at one specific thing, and then if you're the best at it, then there's no room for improvement. But I know as an organization, we are extremely happy, with LogRhythm.

I would definitely tell colleagues to at least PoC LogRhythm, and see for themselves what their getting in their environment and what other vendors might be missing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.