Try our new research platform with insights from 80,000+ expert users
reviewer2104419 - PeerSpot reviewer
Manager Solutions Architect at a comms service provider with 10,001+ employees
Real User
Reliable and flexible but can be difficult for inexperienced users
Pros and Cons
  • "Technical support has always been helpful."
  • "It's not easy for someone new to the solution."

What is our primary use case?

It's a next-generation SIEM solution. We use it for our clients. 

What is most valuable?

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

What needs improvement?

It's not easy for someone new to the solution. There are some complexities involved with the initial onboarding. It needs to have more user-friendly dashboards and onboarding processes. 

It is a premium solution which means it is quite expensive. 

For how long have I used the solution?

I've used the solution for the last three years. 

Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is scalable. I'd rate it eight out of ten. There are no bugs or glitches. It's reliable, and the performance is good. 

What do I think about the scalability of the solution?

The solution is very scalable vertically as well as horizontally. It is great for big setups. You can scale as per your requirements. There's no issue with expansion. I'd rate the solution nine out of ten in terms of ease of scaling if a company has multiple locations or has a setup across countries. 

How are customer service and support?

We are a gold partner. We've never faced any support issues. They are very helpful and responsive. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

How was the initial setup?

The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved. 

A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup. 

What's my experience with pricing, setup cost, and licensing?

The solution is moderately priced. Sometimes they give good deals if there is a larger requirement. 

If the solution is on-prem, there is a cost to investment. If it is on cloud, this is not the case. 

What other advice do I have?

We are a gold partner. 

I'd recommend the solution to others. It has a lot of new features and offers AI and ML. There is good support, scalability, and flexibility on offer. 

I'd rate the solution seven out of ten. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Information Technology with 501-1,000 employees
Video Review
Real User
Provides a comprehensive and powerful view of our environment from one dashboard
Pros and Cons
  • "This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
  • "Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."

What is our primary use case?

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

How has it helped my organization?

This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network.

LogRhythm really helps with our cybersecurity exposure because it gives us insights to make us more proactive versus reactive regarding events happening in our environment. LogRhythm gave us so much insight into blind spots that we didn't even know we had.

LogRhythm also really helped our environment in terms of security posture because it gives us so much more information that we can use in a timely manner. Some of our other providers don't give us reports until as late as the next day. With LogRhythm, we can have alarms triggered within seconds that let us know that there are particular things that need to be addressed. This is much quicker than if we just trusted that particular vendor to let us know.

What is most valuable?

My favorite feature is the Drill Down which allows us to look at several different logs originating off of one particular alarm. If there is suspicious activity, we can use that feature to access one dashboard with different anomalies that might stand out or different places where alarms would've been triggered for particular events. 

We use the Event Log Filtering feature quite often. It makes it much easier to find useful information in our SIEM tool in a quick and efficient manner. There have been several times when we have imported 20,000 plus logs within a matter of minutes and it makes it much easier to find what we're looking for, especially when time matters.

The Event Log Filtering utility also allowed us to find information much quicker in our environment because it simplified the process of finding information. 

What needs improvement?

Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm. We would like to plug in an API key for another system and have that vendor's information readily available. 

For how long have I used the solution?

We've been using LogRhythm as our SIEM provider for about five or six years now. I have personally only been using it for the last six months, learning the ins and outs of how it can support our organization. 

What do I think about the stability of the solution?

LogRhythm is very stable and reliable.

What do I think about the scalability of the solution?

LogRhythm has amazing scalability potential for whatever your particular needs are.

How are customer service and support?

We've had really good experiences with LogRhythm's technical support for things that are already in the environment. When it comes to trying to innovate with some of the newer things, this has been a little bit more difficult. I feel like they could be a little bit more intuitive going forward. I would rate their technical support an eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

I would rate LogRhythm an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
reviewer1992084 - PeerSpot reviewer
Senior Security Analyst at a transportation company with 501-1,000 employees
Video Review
Real User
Helps with productivity, reduces administrative overhead, and offers useful dashboards
Pros and Cons
  • "The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
  • "We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM."

What is our primary use case?

It's our primary threat-hunting tool. We use it to look for anomalies. We use it for investigations. We use it for just about everything security related. If we find it in another tool, we use the SIEM to cross reference what activity we would see either from that user or from that machine that we saw in the other tool.

How has it helped my organization?

It's improved our organization in a number of ways. 

Before we got the current SIEM, for example, the previous SIEM was not our primary threat-hunting tool. It was a data point we would go to occasionally.  Today, LogRhythm SIEM is our primary threat-hunting tool thanks to the user-friendly interface, which is much better compared to what we've had previously.

The ability to return relevant information from a search to provide either corroborating evidence for an investigation we were already undergoing or just being in a better place to go hunt for threats has made me feel that the environment is safer than what we had previously. 

Previously, with McAfee SIEM, we had no confidence that it would help us in an investigation, so we frequently did not lean on it. It let us down so many times. LogRhythm SIEM gives us a sense of confidence that, during an investigation, it's a solid source of information that we can use to complement the investigation or perhaps complete the entire investigation within the SIEM.

What is most valuable?

Our previous SIEM did not have dashboards, so there wasn't a starting point. With our previous SIEM, we had to have a specific thing we were looking for, and only then we could find it. 

The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation. The dashboards, therefore, are our favorite feature of the SIEM.

The solution helped with productivity and the ability to process logs. We do Event Log Filtering for certain log types, which we don't want in our SIEM as they're just too noisy. Having too much noise in the SIEM makes it harder to find relevant things. Therefore, we use Log Filtering to limit the noise. It's also given us the ability to bring more logs in, so we bring them all from all of our workstations and servers. Doing the log filtering this way allowed us to bring in other log sources and keep the noise manageable.

It's helped reduce our administrative overhead. Before we started doing the log filtering, we exceeded our license capacity for what we were licensed in terms of logs in our SIEM. The filtering allowed us to bring the noise down and helped us with the removal of junk logs that are not useful. We have a lot of firewalls, and anytime you're traversing internally inside of the firewall, it generates a lot of traffic. That kind of traffic is the type of traffic we took out, allowing us to bring our workstation traffic logs in to give us a better view of our environment.

It's very big for us that the solution is out-of-the-box. To have the solution be turnkey was significant as it enabled us to ramp up and get the logs onboarded immediately. There wasn't a lot of configuration to get to a point where we could bring logs in. It was essentially turnkey.

What needs improvement?

We use Windows Event Forwarding to collect the logs from our Windows clients, and the logs get aggregated as one data source on that collector. Therefore, finding logs specific to one particular Windows system requires some creativity in how we search the SIEM. 

I've heard that in a future release, it may come to a point where the Windows systems would be dedicated log sources, so you can choose just that log source. That would greatly improve our ability to threat hunt with our SIEM.

For how long have I used the solution?

We've been using this LogRhythm SIEM for about three and a half years.

What do I think about the stability of the solution?

The solution's been very stable for us. We bought a high-availability solution, so we have two systems in a high-availability pair. That redundancy gives us resilience. It comforts us to know that if we lose one data center, we've still got logs going into our SIEM in the second data center.

What do I think about the scalability of the solution?

The hardware we bought has the ability to process logs at twice the limit that we are licensed for, and we've not had to increase that. We've had it for three and a half years, and it's robust and keeps up with our needs.

How are customer service and support?

I've had to engage LogRhythm technical support on many occasions. They've always been quick to respond and are very knowledgeable, professional, and helpful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The previous SIEM we have was McAfee Nitro. There were a couple of reasons why we switched. We switched due to the fact that it wasn't easy to just stumble into finding things. You had to know what you're looking for and we didn't like that aspect of it. Also, we had a really bad support case that was the catalyst for making the move to a different SIEM.

How was the initial setup?

We have a different setup, and we keep the SIEM in our PCI environment to limit our PCI scope. We had to think through the architecture so that we had the logs in the places we needed them without having our firewalls wide open. It was very quick to deploy since we used Windows Event Log Forwarding. We were able to use a GPO to have logs sent to a centralized server and, from there, ingested directly into the SIEM, so we were onboarded in less than a week's time. We were able to onboard the majority of our log sources quickly.

What about the implementation team?

When we bought the SIEM, we bought a block of professional service hours that we utilized to help implement the SIEM. They were a tremendous help with adding dashboards and getting our fingers in it enough to where we learned our way around it before we actually even got training. It was LogRhythm professional services, and I highly recommend them. They were excellent.

What was our ROI?

We've absolutely seen an ROI. We felt it immediately since the out-of-the-box dashboards gave us visibility into our environment that we had not seen before, as we didn't have a SIEM that presented the data in a usable manner.

What's my experience with pricing, setup cost, and licensing?

The license model is similar to other SIEM solutions that we looked at, which is a log volume pricing model. That pricing model works well, especially being able to filter the logs and get less important logs in so we have the ability and the headroom to put in other log sources.

Which other solutions did I evaluate?

We evaluated a few other options. Since we're a government entity, procurement rules limited us to just a handful of options, and of the options that we had, LogRhythm was clearly the better choice for us. 

We had the option to renew and get a refreshed McAfee SIEM, which we didn't feel good about. The other two options that we were able to use were IBM and Rapid7. IBM was just another vendor I've not had good luck with in the past. Rapid7 was a smaller player. We didn't feel they had the ecosystem, the robust ecosystem, to support what we were looking to implement.

What other advice do I have?

I'm a senior security analyst. I work at a government organization that employs between 500 and 1000 people.

We are on-prem with high availability, so we have two self-contained systems, sequel logs, and everything, and they can run either box.

In terms of helping us manage workflows and cybersecurity exposure, we haven't leveraged smart responses in the SIEM. It looks like a powerful asset. We have some automated responses with a different tool for ransomware detection and prevention. However, the workflow ability in the SIEM is actually quite powerful. We just haven't leveraged it since we haven't felt that the right use case presented itself to us yet.

When it comes to affecting our rate of efficiency, we don't measure those metrics, so it's kind of hard to say there's a measurable amount or how much it's improved. It has given us a threat-hunting tool previously unavailable to us. We are very happy to have the SIEM be our primary threat-hunting tool.

Those who say SIEM is an outdated security solution should note that SIEM technology has been around for a very long time. It's still relevant thanks to the continual development that companies have done to bring more usability to extracting threats from logs. That's timeless. That's not something that's going to go away over time. The LogRhythm SIEM continues to add features, and improvements and makes finding and presenting data from raw logs easier. Digging through logs before we had a SIEM was tedious and very time-consuming. It's made it a big-time saver. To have the way it presents the logs in a usable manner has been a tremendous help for us.

I'd rate it a solid nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Security Analyst at a hospitality company with 10,001+ employees
Video Review
Real User
The product is improving our organization, giving us a lot more visibility. It also gives a lot of our smaller different IT organizations a better understanding of their environment

What is our primary use case?

The primary use case for our LogRhythm product is to maintain PCI compliance across all of our environment. We also use it to monitor authentication and monitor our perimeter for security threats.

How has it helped my organization?

The product is improving our organization, giving us a lot more visibility. It also gives a lot of our smaller different IT organizations that we partner with better understanding of their environment and also a way to kind of structure the access to that data.

We are using a lot of the analytical capabilities. One of my favorite features is the AI engine that allows us to take multiple data events, tie them together in different patterns and different baselines in order to identify more complex threats in our environment.

Our security program is still pretty immature. It's a pretty immature company, we've existed for less than a year. We're growing very rapidly, we're trying to start with the foundational policy and compliance requirements that we have and trying to tie those and map those into LogRhythm. So that's gonna be our main tool to tie all that requirements into.

What is most valuable?

The most valuable feature I get out of the LogRhythm platform is being able to take machine data and present it in a format that's easy to understand, easy to analyze, easy to pivot through to get answers to the questions that I had that I'm investigating, whether they're security related or operationally related.

At this time, we're not using any of the playbooks in LogRhythm because it's currently not available in our version. However we are very excited about that feature coming out in the near future and we're definitely looking at using playbooks to do phishing, unauthorized access and our other use cases we're gonna identify in the future to make sure that our analysts are responding to the threats in similar ways and that the correct actions are being taken.

We have around 75 different types of log sources coming into the environment right now. The log source support is good, there's always room for improvement. One of the areas that LogRhythm's kind of pushing really hard right now is to integrate more cloud solutions, so your Office 365, your Azure, your AWS, making sure that those SaaS and other cloud platforms are getting the data you need into that platform. It's getting better but there's definitely still work to be done.

We currently have 3000 messages per second in our environment but we still have a number of different resorts to onboard in our tenant. So we're definitely looking to push above, probably the 7, 8000 range.

What needs improvement?

The biggest one in my mind that I want to implement is some of the AD controls. Reacting to a threat where an account password needs to be changed, or an account should be disabled, to react to that threat. Moving into first a phase where an analyst is gonna see that, review that action and then once we get comfortable, make that an automated action.

The big two big areas for improvement is TTL. Making sure that the data that we're collecting is available for a longer amount of time. So I know with some of the new releases coming in LogRhythm, that's gonna be improved which I'm really excited about. The other one that's kind of getting back to the fundamentals of why LogRhythm was chosen as a solution, being able to take your machine data, understand it, index it, classify it and give you that visibility.

I'd like to see them focus on that because there's so many different security tools being spun up these days that being able to keep up with that and having more partnerships with security vendors to make sure that security tools have new releases in their environment, they're able to keep up with those logging changes.

What do I think about the stability of the solution?

Stability in the LogRhythm product has been very solid for me. I'm a very experienced user, I've used the product for about five to six years now. I have a lot of administration and analyst experience with the tool. The other great feature is that LogRhythm support is really excellent, they're easy to get a hold of, they're very talented and if they aren't able to answer your question right away, they have a very good internal escalation process to get an answer to resolve your issue.

What do I think about the scalability of the solution?

Scalability is pretty solid with LogRhythm, I know that's one of their biggest issues, is if you have a huge enterprise environment, there might be scalability issues, but for a small, medium, pretty large sized businesses, I think LogRhythm's gonna be a great tool to match that environment.

Which solution did I use previously and why did I switch?

I wasn't part of the evaluation at this location, I actually took the job because I knew they had selected LogRhythm and I had the experience there. I know they did some SIEM tools comparisons with Rapid7, Splunk and QRadar which was the incumbent when evaluating LogRhythm as a replacement SIEM solution.

How was the initial setup?

I was involved in the setup at our organization replacing QRadar, our previous SIEM. It was a very straightforward implementation, the TMF team at LogRhythm helped make sure we got everything deployed, gave us some examples of how to onboard the log sources and then kind of gave us a playbook to move forward and gather the rest of the data from our environment.


What other advice do I have?

I'd give LogRhythm a nine out of ten because of the ease of use, especially as an analyst, being able to twist and turn all that data, drill down on it, really get an easy understand of what's going on in the environment.

From the administration side as well, it's a lot easier to use than other products that I've had and it has all the built in knowledge, whereas with some tools you dump all your data into it and it's up to you to do that classification and indexing and understanding of that data, where the value that LogRhythm's gonna provide for you is that prebuilt classification for all the data sources in your environment.

If I had a friend that was looking to implement a new SIEM solution, I would have them understand what log sources they're trying to bring into their SIEM solution and make sure that the one they chose supported those log sources. On top of that, understand your use cases that you're gonna use this SIEM for, have those ready in hand and be ready to start billing those out as you get that data in the environment.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Engineer at U.S. Acute Care Solutions
Real User
We can now pick up what is anomalous in our network
Pros and Cons
  • "Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
  • "I would like to see APIs well-documented and public facing, so we can get to them all."

What is our primary use case?

Primary use case for the SIEM would be for log collection and threat identification.

We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist. 

How has it helped my organization?

Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job.

What is most valuable?

The analytics that it does.

Full-spectrum analytics capabilities, which we use for:

  • User behavior.
  • Watching and monitoring for login events or any anomalies. 
  • Going through and watching trends. 
  • Knowing what activities endpoints are doing, where they're going, what websites they visit, then making sure that they're in the normal or making sure they pick up on any outliers.

What needs improvement?

I would like to see APIs well-documented and public facing, so we can get to them all.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

When it comes to a single version, it is rock solid. We haven't had any major bugs or flaws that haven't been involved with upgrading or going to another version. As long as you're on the same version, it is rock solid.

What do I think about the scalability of the solution?

It works. The biggest thing with scalability is looking at how much data you have to ingest, so if you have to build the DX to be a specific size then you have to plan out how big its going to be. Therefore, it doesn't necessarily scale easily, but you can add additional data indexers at any point.

How is customer service and technical support?

The technical support is very good. They are in the top two to three companies that we work with.

How was the initial setup?

Its very complex. As with anything, it takes time to get it working and know all the different nomenclature with it.

I do the deployment and maintenance of the solution myself.

What was our ROI?

I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now.

The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent. 

Which other solutions did I evaluate?

Our top choices were LogRhythm and Splunk

Splunk is a data lake that doesn't necessarily do any analytics. Whereas, with this solution, we're looking at all the analytics. We can quantify data, we can drop data, and we can do what we need to, plus the pricing model is better.

What other advice do I have?

Know what you want it to do. If you buy a SIEM because its called a SIEM or someone says it's a SIEM, you're gonna end up with what someone else believes they need. Figure out what you need beforehand and make sure that those bullet points are covered because there are a lot of options.

We're currently using the built-in manual playbooks. So far, the features are very good. They are growing. I am looking forward to seeing how they expand upon it.

The automation is coming. The API access and everything else we're looking for to be able to deeply automate a lot of common tasks is still being built-in. Right now, we can do automation on simple tasks. E.g., if it sees something bad, it can take it off the network and put it in our remediation subnet. However, it does not have the capability for complex investigative actions yet.

Right now, we have about 3000 log sources and 3000 messages per second.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Computer0e92 - PeerSpot reviewer
Administrator Executive at a individual & family service with 10,001+ employees
Real User
I have done a lot of good work with the account reps and engineers. It feels like we are on the same team.
Pros and Cons
  • "It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast."
  • "I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."

How has it helped my organization?

We are primarily Windows-based. We have Linux. We have some Solaris. We are an isolated network. We have no connectivity to the internet, so we are more focused on insider threat and advanced persistent threat. One of the things that has really been a concern is we have a lot of software developers and engineers. These guys are gonna be able to create their own threat, so the behavioral analysis function of LogRhythm is really important, because there may not be a threat signature that we can find somewhere. We are going to need to see, "Oh hey, this guy, he is doing that at some weird hour. Okay, trigger an alert." That's probably the biggest difference. We are not going to have to worry about phishing attacks. We have really locked down. Our endpoints are going to a lot of thin clients just to eliminate a lot of potential access to systems.

LogRhythm has caught a few odds and ends, where things were done for sheer convenience. It caught this weird behavior, and alerted us, and we're like, "Why do we have a DNS server with a software install point on it?", which is completely strange because we have an official software repository where everything is supposed to be. LogRhythm caught that for us, and it was really a case of a privileged user account, which was no longer active, and someone just tried to login with it. We were like, "Who is this? It's not even the same format for the username." So, it caught something like that, and it turned out to be harmless.

Maybe years ago, they had brought someone in, not an IT guy, they were pushing out a lot of common software, and they didn't have an SCCM or a WSUS solution, so they had people going to machines, and downloading it from various locations. It is something we cleaned up, and got out of the way. We haven't had anything nefarious show up, yet.

It has also been helpful for tracking a lot of stuff, like user account activity. We have our own folks, we have vendors and contractors that come in. It's great to be able to see when their accounts are being created, and when they're being locked down, because our security people can say, "Okay, this person is a new hire. We know they are supposed to be here. This person is leaving the company. Good to see their account has been locked down." There is a lot of confirmation on account activity, which is great.

We need to catch everything before it does anything bad. Our biggest challenge is we have reporting requirements with our customer. They want to see specific types of activity, and while we want to be able to provide that, we also want to be able to catch things that might be on the edge or just outside of those boundaries. So that is our biggest challenge because I can watch the industry news and see, "Oh well, we have a threat that is coming in this way now that could possibly get on our system. How do I catch that?" Well, my customer's requirements might be too vague or too specific. I have to convince them that this is also important, include it, and here is why. So keeping my customer educated as to the threats is really critical.

What is most valuable?

It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast. Our operation is small. I am a one-man shop right now, so it gives me a chance to aggregate all my events and logging, alerting, in one spot. I come in and can see exactly what is happening.

What needs improvement?

The biggest thing is when you are looking at the client console:A lot of the data, the reports that you can generate, then you are given just a pie chart, a list of data, or both. I would really love to be able to take some of that and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph. I know some of that's being handed off to the web console, but that would be the one thing that would be really helpful.

It is a little hard to get integrated.

The one thing that would help me the most, because I am sort of isolated from things, and the guides that LogRhythm puts out are really good. However, a lot of times, it is, "Do this, do this, and this works because of this, this works because you do this." I would love to see something where they show or explain why doing something would break something or wouldn't work for you. That is the one thing, because I have done some things, like created a GLPR, just done them a couple of times, and I had two of work really well, and one that seems like it should be perfect, it is just a simple exclusion, but it does not work at all.

What do I think about the stability of the solution?

Stability has been great.

How is customer service and technical support?

Customer Service:

I have done a lot of good work with the account reps and engineers. It really feels like we are on the same team.

Technical Support:

Technical support has been pretty good. It has been a challenge, because we are not connected to the Internet, and when they want to get our logs, we are like, "Well, it is going to be a few days before any of it gets to you." That's our biggest challenge, but they have tried to work with us.

Overall, they have been good. They have been pretty helpful

How was the initial setup?

I was not involved in the initial setup.

What's my experience with pricing, setup cost, and licensing?

I would recommend talking to the rep. That's the biggest thing because they will know what questions to ask.

What other advice do I have?

It does what we want, but there is so much you can do with it. It is like buying the biggest tool set you can find, then you are trying to find out, "Okay, what am I going to do with all of these tools?" Trying to tune your system with the tools that you have available is a little daunting. It was for me because I did not have the security background. If you are new, it will be a little bit daunting. The training is a big help, though.

Understand what your scope is. What are you really trying to do with this tool? If all you want to do is collect logs and pile them up somewhere on a server, this is not going to help you, and it will defeat your security goals, probably. If you are looking for something, talk to the LogRhythm rep to find out, "Okay, we are really operationally-focused. Or, we are really security-focused."

Most important criteria when selecting a vendor:

  • Vendor access, which is what LogRhythm is very good at. We have got the engineers coming to us saying, "Hey, we are coming to town, is there something we can talk to you about? Do you want us to visit?"
  • Very flexible.
  • Really good communication is important because if something is happening, I need to be able to get it taken care of quickly, and that is what's going on.
  • Scalability: It looks like it is wonderfully scalable.
  • Integration: I have been interested with what I have seen with the carbon block and the endpoint stuff.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Security Consultant at ITSEC Asia
Reseller
Top 5
Provides EDR, MDR, and XDR with the AI engine assist but has retrieving issues

What is our primary use case?

Mostly in Indonesia, LogRhythm SIEM is used by government agencies that must use the on-prem solution because of the significant requirements for SIEM solutions. It sells products as a one-time solution rather than a subscription model. Many customers sometimes forget to renew their subscription. If someone doesn’t renew the subscription, the only options that could still operate are LockSystem and Elastic. If you don’t renew the subscription, it becomes basic and loses most functions, but you can still operate the system with limited functionality. It allows full access until the last bill is paid.

Secondly, LogRhythm offers more than SIEM; it has an EDR, MDR, and XDR. Compared to its competitors, it is the most complete solution. The downside of LogRhythm is that it is slow.

What needs improvement?

LogRhythm SIEM works well, but the biggest pain point is retrieving logs using multiple filters. Even though they use Logstash from the ELK stack, it becomes very slow. LogRhythm's system uses Logstash, and while it's very fast in Elastic, it's not as quick in LogRhythm.

For how long have I used the solution?

I have been using LogRhythm SIEM since 2022, and I worked with this solution from 2012 to 2014.

What do I think about the stability of the solution?

LogRhythm is very stable. The big four for SIEM—LogRhythm, Splunk, and Elastic—are all very stable. They don't have many critical incidents while performing their tasks, and almost no test incidents exist. LogRhythm’s query processing is slow.

They will provide the results, but sometimes the data takes 15 to 20 minutes, or even an hour, to display. 

What do I think about the scalability of the solution?

Scalability depends on the two types of products. One uses virtual software, and the other is an appliance system. The virtual server is very easy to scale. We can add processing power, memory, and storage, allowing it to scale up easily since it is virtual. It’s not as scalable for the appliance because they sell appliances designed for a certain number of users and capacity. LogRhythm uses EPS, which limits the scalability of the appliance systems.

LogRhythm measures throughput in Messages Per Second, not gigabytes per second. Scaling is determined by the number of messages processed per second. While storage capacity can be increased, the appliance's performance is optimized for a specific MPS range, making it challenging to scale beyond its designed capacity. 

It is for mid-sized organizations because they don't need to scale significantly. For example, if they only need 10,000 MPS or 5,000 MPS, the appliance is sufficient for their requirements without further scaling.

I rate the solution an eight out of ten.

How are customer service and support?

LogRhythm had a strong presence in Indonesia between 2012 and 2014, with excellent support. From 2022 until now, their regional office has been in Singapore. If support is needed, it typically goes through a distributor. For more complex issues, we must contact Singapore for assistance. Getting LogRhythm personnel to come to Indonesia can be challenging, and arranging an on-site visit usually requires significant effort.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is easy because LogRhythm has the most out-of-the-box integrations with Penitin. If I have a firewall, they have an out-of-the-box connection with it. If I have a switch, router, or another system, they also have out-of-the-box connections with those. It's very easy to use LogRhythm's system.

What's my experience with pricing, setup cost, and licensing?

IBM QRadar is the most expensive SIEM solution, followed by LogRhythm and Splunk, which are also on the higher end in pricing. LogRhythm and Elastic are more affordable options. Elastic is open-source, making it a cost-effective choice.

LogRhythm stands out because it offers a perpetual license, meaning renewing it annually is unnecessary. Over a long period, such as five years, this makes it a cheaper option since the license does not need renewal.

What other advice do I have?

LogRhythm's AI engine assist is good enough. Everyone talking about threat hunting mostly mentions continuous virtual assessment or vulnerability management. The guard will allow some people in and stop others based on their knowledge. If the SIEM determines that a person is eligible to enter, they will allow it; if not, they will stop them. 

Overall, I rate the solution a seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Subhash Sreenivasan - PeerSpot reviewer
Head of Professional Services at NiyoSecure
Real User
Top 5
Its most valuable features include robust dashboards and effective alerts
Pros and Cons
  • "I find LogRhythm's log management capabilities to be beneficial."
  • "Appliance-based setups can sometimes pose scalability issues"

What is our primary use case?

LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.

What is most valuable?

Its most valuable features include robust dashboards and effective alerts. I find LogRhythm's log management capabilities to be beneficial.    

We integrate multiple credentials and feeds from various sources to enrich customer data. However, we haven't extensively explored its capabilities for compliance reporting as it hasn't been a priority for our clients.

Regarding identifying potential security incidents, LogRhythm's preconfigured alerts are quite effective in detecting vulnerabilities. As for the impact of LogRhythm's log management capacity on security posture, it largely depends on the deployment type. The analytics and intelligence features, particularly the correlation functionalities, have proven valuable in catching complex cyber security threats.

What needs improvement?


For how long have I used the solution?

I have been using LogRhythm SIEM for 1.5 years.

What do I think about the stability of the solution?

We haven't encountered any significant problems, so it effectively keeps our processes running smoothly. I'd rate it an eight. It's generally stable, though we haven't faced any major stability issues.

What do I think about the scalability of the solution?

I'd give it a 6 because appliance-based setups can sometimes pose scalability issues, but otherwise, it's fine. 

How are customer service and support?

We have specialists, and whenever we need technical support, we can easily get it.

How would you rate customer service and support?

Positive

What was our ROI?

LogRhythm SIEM is a factor in our capabilities, particularly for incident response and insurance management.

The incident response times have improved since implementing LogRhythm SIEM.

What's my experience with pricing, setup cost, and licensing?

On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either.

Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution.

What other advice do I have?

My advice for someone considering implementing LogRhythm SIEM would be to start with proper controls and understand the value it provides.

Before installing the solution, users should consider factors like EPS calculations and endpoint support to ensure proper sizing, especially if not going for an appliance.

Overall, I'd rate this product an 8 and would recommend it to others due to its cost-effectiveness, value for money, and user-friendly nature.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.