Try our new research platform with insights from 80,000+ expert users
it_user756393 - PeerSpot reviewer
Junior Information Security Analyst at a financial services firm with 51-200 employees
Vendor
All logs in one place; we can quickly determine if there is a threat actor, from internal to external​

What is most valuable?

The fact that I can quickly determine if there is a threat actor from internal to external. That's our primary goal. We have a lot of traders and a lot of developers, internal, so that's generally where our presence is. We don't have a whole lot of online presence. We're not so much worried about external actors.

Being able to determine what a user is doing is really helpful for us.

How has it helped my organization?

We've got two facilities. We pretty much have one setup, the DX. We don't have any failover, just because it doesn't work for us.

Our key challenge is weeding out who is actually trying to be a threat. Now, LogRhythm certainly helps us, but it's still very difficult because we've got not a super high turnover, but high enough that you're constantly going through them looking at stuff.

Being able to actually track somebody down and figure out what they're doing. Before, we didn't really have these insights, we were going by the the seat of our pants and trying to pull whatever logs we could, whatever Unix logs we could find, and it wasn't really helpful that way. Now it pulls it all into one spot and we're actually able to correlate data and say, "Hey look, this person's really actually being shady," and go from there.

We've been able to identify certain individuals and not have issues past that.

What needs improvement?

There is a Group-By field that they're breaking out, which stopped me from being able to have certain events. They're breaking it out in 7.3, so they've already got it. That was the one thing that bothered me, so I'm happy about that.

What do I think about the stability of the solution?

Stability is not great but I think that's our issue. Qualys seems to blow it up all the time, but that's more on us to stop Qualys from scanning LogRhythm.

Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the scalability of the solution?

Scalability is pretty good. We rolled it out at our primary company and then rolled it out past, to our sister company, which went really, really well.

How are customer service and support?

It's awesome.

What other advice do I have?

It's fairly important that a solution be end-to-end unified. The fact that LogRhythm is, is working out very well for us.

I gave it eight out of 10 because of some of the issues we've had with the system actually going down but, again, that might be entirely on us. We're still in the defining phase of that.

One thing that surprised me over the course of our deployment is the amount of logs that I didn't realize we had, different log sources that we're seeing pop up, pending, being brought into the system and we haven't even seen them before. People are standing them up left and right and I'm thinking, "Guys, stop it."

Make sure that your operations guys, your network guys can actively search through it well. Get them training. Don't do half a job with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756363 - PeerSpot reviewer
IT Analyst at a energy/utilities company with 501-1,000 employees
Vendor
Visibility into all log sources in one place, and alerting are key advantages; helped us find misconfigurations

What is most valuable?

Visibility, obviously. Seeing all the logs from all the various log sources, be it perimeter, internal, overall security controls; getting it in one pane of glass. And alerting, obviously.

How has it helped my organization?

I started here two years ago, no SIEM. Now we have visibility into any type of external attacks, perimiter attacks. We've found operational problems, misconfigurations, things like that.

What needs improvement?

Logging improvements. I think that the template to reporting is just difficult, it's hard to go back. You can't modify the templates. So more customization. That would be key.

We could also use more information on how to integrate with specific vendors.

Threat intelligence is a big thing. LogRhythm actually has a pretty good threat intelligence deal, but we happen to use a vendor that is not built-in. It'd be great if LogRhythm could expand more on the user forum on how to integrate more with the more non-mainstream vendors.

What do I think about the scalability of the solution?

It's good. We have all-in-one, an XM unit, because we're a smaller shop. It's been a great, a single unit. As we've needed to expand, I've put out more collector systems feeding back into the XM unit, so it's good.

How are customer service and technical support?

We've used them many times. I'd say overall good. I was actually an ArcSight user at a previous company, I'd rank LogRhythm higher than those guys.

Which solution did I use previously and why did I switch?

As I said, it was ArcSight at my previous company. I was lucky enough to try to build the security practice where I'm at now. LogRhythm was one of three that we evaluated.

How was the initial setup?

I'd say straightforward. We did have PS as well, so it was very helpful.

Which other solutions did I evaluate?

QRadar and Splunk. And, for whatever reason - it is not really a truly a SIEM player - Tripwire. Management wanted us to evaluate Tripwire.

What other advice do I have?

We're about 1200 seats, 10 locations roughly, totally a Cisco shop, from perimeter ASAs to IDS, Sourcefire, to web filtering, it's a big Cisco shop that I stepped into.

Our key security goals revolve around maturation and pulling more information into the SIEM. We started off with the low hanging fruit, the Active Directory, the SOCKS servers, things like that. But now we need to get more - all our security controls as well - security systems. We need more from executive PCs, from application servers, we need more visibility I think.

In terms of meeting these goals, this solution, on a scale of one to 10, is an eight, at least in terms of how we've been able to adopt it.

The most important criterion when selecting a vendor interoperability, the ability to pull logs, and the ease of customizing parsing logs. By far.

In terms of advice to a colleague, if they're looking at this and similar solutions: I've dealt with ArcSight before, they're a magnitude higher in terms of operationally managing the software. I haven't used QRadar, but from the surface, looking at it form 10,000 feet, I would say and Logarithm and it are probably much easier to mange, much easier to use.

LogRhythm has been really a good partner, they've reached out, they're always wanting information, "How we can improve? How can we do this or that?" Our SE and sales guy are really great. Keep in touch, so I feel like there's someone I can always reach out to if there's a problem.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
it_user756339 - PeerSpot reviewer
Information Security Analyst at a legal firm
Vendor
Produces visibility into all of our data at once, allows me to see everything in one place

What is most valuable?

The visibility that it gives us into all of our data at once.

How has it helped my organization?

It would take me a thousand hours a day to go through all that data, so, like I said, it lets me see everything in one place, and I'm able to see where the problems are.

What needs improvement?

A cleaner interface. I keep getting confused and forgetting where everything is. A more intuitive interface would be helpful.

It does seem to be good at gathering data. Like I said, it's hard for me to get that data. I would just like it to be more intuitive. When I go to look for stuff I frequently can't find it. Either it's not there or I just don't know the program.

What do I think about the scalability of the solution?

It scales enough for us. We haven't had any issues, no complaints about it.

How is customer service and technical support?

I've used their training. I have not used their tech support. Again, we have an administrator, he's been there. He probably knows more about this than I do.

What other advice do I have?

In terms of a solution being a unified, end-to-end platform, that would be nice. It's not something that I think about. I just use what's there.

I would tell a colleague at another company who is researching this or a similar solution to try it out. That's the only way you're going to know whether you like it. Don't trust the marketing materials. Ever.

I like the direction they're going with the AICloud stuff. They're talking about the playbooks. LogRhythm seems to be on top of things and always looking to improve, I like that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user290340 - PeerSpot reviewer
Vice President at a financial services firm with 1,001-5,000 employees
Vendor
We're able to create customized monitoring reports that extract info from event logs.

Valuable Features:

  • Reporting - we need to do a lot of security monitoring
  • It doesn't have a lot of forensics, but we appreciate fact that it has the capability
  • The ability to collect a lot of information, as we have 200 users and a lot of log sources

Improvements to My Organization:

The fact we're able to create customized monitoring reports that extract info from event logs, helps us a lot. We used to have ad hoc reports created by IT department, which meant they could manipualte content. if they ever wanted to tamper with output. Now, there's no risk for us to worry about.

Room for Improvement:

Lots of concern these days regarding vulnerability, and being able to interface with other tuypes of applications when creating event log. We have lots of other applications to monitor. Logrhythm can extract that info, but some require converting before LogRythem. Windows logs don't need converting, but SQL, & XML do require conversion and monitoring.

Other Advice:

You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1306557 - PeerSpot reviewer
Systems Administrators at a tech services company with 201-500 employees
Real User
Very helpful for monitoring and alarming, very stable and scalable, and excellent technical support
Pros and Cons
  • "File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
  • "It should have some more message monitoring features. It can also have some free message monitoring tools."

What is our primary use case?

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

How has it helped my organization?

I don't have metrics, but it has really improved the monitoring and alarming for us. 

What is most valuable?

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

What needs improvement?

It should have some more message monitoring features. It can also have some free message monitoring tools.

For how long have I used the solution?

I have been using this solution for about two years.

What do I think about the stability of the solution?

It has been very stable. There are no major issues. It has been exactly doing what I expected it to do.

What do I think about the scalability of the solution?

It has been very scalable in terms of adding new systems and stuff like that. It has been quite good.

We have plans to increase the usage of LogRhythm. We have some new solutions and new networks coming up. We might be looking to expand within the next two years to onboard new systems.

How are customer service and technical support?

Technical support has been excellent so far. I never had any issues with technical support. Their support has been excellent.

Which solution did I use previously and why did I switch?

I didn't use any other solution previously.

How was the initial setup?

It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.

We have two administrators and two analysts. Four of us are managing the system.

What's my experience with pricing, setup cost, and licensing?

It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that. 

Which other solutions did I evaluate?

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.

What other advice do I have?

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm.

I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user769656 - PeerSpot reviewer
Information Security Architect at a healthcare company with 1,001-5,000 employees
Video Review
Vendor
We can constantly add logs into our system without any issues; find and fix problems fast

What is most valuable?

I believe the most valuable feature for us has been that we have all the logs together. We can query them, we can find all kinds of different situations that are going on in our network that we wouldn't have knowledge of without searching many different servers and logs.

How has it helped my organization?

Quicker ability to troubleshoot the problem, find the problem, get it fixed, and get the customers back up and using our system. 

What needs improvement?

I'm sure there are always areas, in stability and scaling, that need improvement. I don't have anything right off that I can say I know needs improvement right at this point.

What do I think about the stability of the solution?

We installed in 2009, and the stability has improved over the years. I consider it to be quite a stable product now. It seems to work day after day, week after week.

What do I think about the scalability of the solution?

With version 7, we feel the scaling improved a lot. We are a large health system and we are quite often adding new businesses, new healthcare offices, new hospitals to our system. We we are able to add those extra logs into our system without causing any issues.

How is customer service and technical support?

Tech support has always been good from the very first. In most cases the first response is a good one. It does the job, and if not, then you get back to them and they stay with you until they get it fixed.

How was the initial setup?

We thought the setup was very quick and easy, of course we didn't try to boil the ocean all at once. We've been, over the years, adding more and more phases to our system, completed it in phases.

What other advice do I have?

Really figure out what you want it to do for you, because it is very flexible and can be used for many different purposes. Determine what you want to use it for, and then get the assistance from LogRhythm to help implement it in that way. Then you can always expand it and take in other areas. But your primary goals need to be met right up front.

We are very happy with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756348 - PeerSpot reviewer
IT Security Analyst at a financial services firm with 201-500 employees
Real User
It has helped tremendously when following up on investigations and logs

How has it helped my organization?

It has helped tremendously when following up on investigations and logs. We often get bogged down with many tasks during the day. We can actually come back to a particular scenario that we are looking into, so it has been very beneficial for that.

Key challenges are our users and network. In our network, we get logs from a particular product called a NetScaler, which hides our source IPs, so that makes it a little challenging. Our goals are to tune LogRhythm further and utilize all the different modules that they do offer us. It is a challenge to get it all done.

What is most valuable?

  • The web console
  • The case management

What needs improvement?

I did hear about the new playbook edition coming up and I am excited about it.

What do I think about the scalability of the solution?

It is excellent.

How is customer service and technical support?

I have used the tech support and think they are great. I have many vendors that I deal with for other tools and hands down LogRhythm has been the best SIEM solution.

What other advice do I have?

It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion. I definitely think it is worthwhile.

It is very important for me that the solution be a unified end-to-end platform.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756303 - PeerSpot reviewer
SYM Engineer Specialist at FIS
Real User
Provides huge visibility into your network, you see everything and you see it easily

What is most valuable?

Visibility. Being able to see the system, see what's coming in, and being able to report on the logs coming in. Seeing what other people are doing and being able to track down quickly what is going on in your network.

How has it helped my organization?

We're a worldwide company with 50,000 employees, in probably 15 locations, three SOCs and four or five data centers.

It's made it quicker for us to see threats. It's an easier platform to work with. Its more user friendly, GUI based.

What needs improvement?

Easier creation of rules and parsing, and more user-friendly. A more user-friendly basis of using the tool to create rules and alarms to be able to report off of, and quickly stop any attacks and the like.

Also, more in-depth training on how the security platform works with other pieces of software like Sequel, firewalls, or PowerShell.

What do I think about the scalability of the solution?

A ten again. It's very easy to scale.

How are customer service and technical support?

Great. They respond quickly and are very knowledgeable and they also allow us to be hands-on. Instead of them doing it for us, they actually teach us how to do it. So better knowledge transfer.

Which solution did I use previously and why did I switch?

We were using RSA Security Analytics and, before that, we were using RSA enVision. The challenges behind them were that they were very clunky, not very user-friendly, and you had to know coding, and you had to know command-line interfaces to even use them. Even on their GUI side. With LogRhythm we don't have to.

How was the initial setup?

It was straightforward and, like I said, a lot of good knowledge transfer on what to do and how to proceed.

Which other solutions did I evaluate?

IBM QRadar and RSA Security Analytics, but LogRhythm stood out because of their scalability and their interface and their user friendliness. Being able to easily navigate through the system.

What other advice do I have?

It is very important that our solution to be a unified end-to-end platform. Very important. We wanted a one-stop shop with LogRhythm. We didn't want to use anything else to record our logs and stop threats.

I would give LogRythm a 10 out of 10 just purely on the fact they are very helpful, very knowledgeable. The software is very easy to use. Easy to learn. I came into security with no knowledge of security or how to do anything, and within a year I'm an administer of the software. So it's pretty good.

I would say go with it. Hands down, one of the best security platforms I've seen. Easy to use, ease to scale, huge visibility into your network. You just see everything and you see it easily. You don't have to go search for things.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.