- AI Engine
- Alarm rules correlation
- Web interface
- The amount of information it has throughout the web interface
- The drill-down
Senior Security Engineer at a healthcare company with 10,001+ employees
AI Engine, alarm rules correlation, and drill-down are key; we're able to find more with less effort
What is most valuable?
How has it helped my organization?
We've been able to go ahead and find more with less effort, just on the web interface itself.
What needs improvement?
Functionality, ease of use.
There are a few "gotchas" in the applications. One of the issues that we're having right now is on the AI Engine, when you do the drill-down. There are no events that are being populated for the drill-down. The recent upgrade and release fixed some of that.
And some of the other parsing rules. Parsing isn't done correctly.
For how long have I used the solution?
We've only been a customer for maybe about five months.
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the scalability of the solution?
It seems to be fairly scalable.
How are customer service and support?
We have used LogRhythm technical support. The response is really good.
Which solution did I use previously and why did I switch?
We were using McAfee Nitro. The administration of the application was very cumbersome, and trying to get reports, customizing the analytics on there, is a bit difficult. We looked at LogRhythm, and LogRhythm seemed to have a lot of the stuff built in, canned already.
How was the initial setup?
It was pretty straightforward. There were some things that were a little bit complex after the setup, and trying to troubleshoot some things. For example, log indexer was indexing most things, but not everything. It got backed up, so we had to go in and troubleshoot some of the processes.
What other advice do I have?
It was pretty significant for our solution to be a unified end-to-end platform because we did have a wide range of systems out there; trying to make sure that it was able to bring in the sources and correlate the events.
The only thing that surprised me was the logs filling up for some of the indexing jobs. Other than that, there was nothing that support wasn't able to go ahead and help us with and get resolved.
My advice to a colleague at another company who is researching a similar solution would be: Make sure you do your research. Understand what it is you're looking for in a SIEM. Have a plan of attack on what it is that you're looking for, and what do you want to get out of the tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cybersecurity Analyst with 201-500 employees
Video Review
Can search through metadata in different ways and helps reduce administrative overhead costs
Pros and Cons
- "The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
- "The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
What is our primary use case?
We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.
How has it helped my organization?
We partner with another company to help co-manage LogRhythm SIEM, and it definitely brings everything down to a single pane of glass, especially for people who are coming into the cybersecurity industry and don't have as much experience. It helps to correlate things to where they're more human-readable.
It has also increased our overall rate of efficiency by about 10 to 15%.
What is most valuable?
The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.
The Event Log Filtering feature filters out certain logs that we don't need, and it has definitely helped decrease costs and increase efficiency for all of the products. With its hardware being on-premises, it reduces resources all around and makes it more efficient.
The Event Log Filtering feature has also helped us reduce our administrative overhead by approximately 10 to 15%.
In terms of managing workflows and cybersecurity exposure, LogRhythm SIEM is very efficient and is a good tool to use for locating and auditing any sort of activity that goes on in the network. It's very helpful for tracking and finding, even down to a granular level or up to events.
It's definitely been helpful with blind spots, especially in terms of vulnerabilities that aren't picked up by the scanners that we have. There were multiple instances where we've had brute force and various types of attacks that were quickly escalated to us via alarms and that were easily read and acted on.
What needs improvement?
The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be.
For how long have I used the solution?
I've been using LogRhythm SIEM since 2016.
What do I think about the stability of the solution?
The stability is great. We had an agent go down on a DC once or twice, and it just involved a restart. That is about it. The stability of the hardware and the software itself is awesome.
What do I think about the scalability of the solution?
We're going to be scaling soon, and there hasn't been any reason to switch away from LogRhythm. So far, scalability-wise, it's been able to fit our environment well.
What other advice do I have?
You would be wrong to think that LogRhythm SIEM is an outdated solution. I use it every day, and it has helped me fix or see vulnerabilities or compromises in our network that I wouldn't have seen before. It's still definitely around.
On a scale from one to ten, I'd rate LogRhythm SIEM an eight.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
LogRhythm SIEM
December 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Senior IT Security Analyst at a retailer with 1,001-5,000 employees
AI Engine rule set significantly changes how we notify users about our network
How has it helped my organization?
More of the AIE drill-down notifications. I don't have to customize a lot of stuff. I'm more of an advocate for LogRhythm dashboards for my company, to make sure that other teams utilize what I'm bringing into LogRhythm. Use it for their operations, use it for their alarms and so on.
What is most valuable?
For my situation, besides the investigation that LogRhythm offers, it's the AI Engine rule set that it offers. It has brought us more significant changes in how we alarm and notify our users about what's going on in our network. It's not just one specific log, it's the correlation of multiple logs on different log sources.
What needs improvement?
More features that I would like to see more development in are the automation and the smart response. A lot of the attendees here at the LogRhythm User conference are working towards that, and most of us are not even developers. But we're trying to figure what are the skill sets and how do we make sure that LogRhythm gets more intuitive in automating and responding to alarms and notifications that we get.
What do I think about the stability of the solution?
The stability is pretty much straightforward. I know the product has grown very big and it has tried to cover a lot more features, it has brought more features, and I was surprised that I've seen a lot more features coming out in version 7.3.
What do I think about the scalability of the solution?
I'm at that point where we're investigating getting a new box, looking at other options. I'm at that point that my box has reached its maturity and I need to replace it, probably next year. We're in the process of working that out with our sales engineer.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sr. Systems Support Analyst at a manufacturing company with 10,001+ employees
Ease of use has helped us uncover a lot of information and protect our data
What is most valuable?
Ease of use.
How has it helped my organization?
We're pretty new to it, but so far it's uncovered quite a bit of information. Just having everything in a single space has been very helpful.
As a security organization, our challenges are discovering where our data is at, most times, and protecting it. As I said, we're fairly young in LogRhythm, but so far it's done a very good job.
What needs improvement?
CloudAI is amazing from what I've heard about it so far, and I'm looking forward to it.
There is always room for improvement. Everybody continues to integrate. They've been a great company to work with so far. I'm one of those who is optimistic, there's always room for improvements.
What do I think about the stability of the solution?
Rock solid so far.
What do I think about the scalability of the solution?
Scalability is incredible. There are no two ways about that, we're not even scratching the surface, and we're a pretty large company.
How are customer service and technical support?
We've used tech support a couple of times, and they've been very responsive and very knowledgeable.
Which solution did I use previously and why did I switch?
This is our first SIEM. My biggest driving factor was something that we could run with a small team. Like most, we have a very limited set of people to do this.
How was the initial setup?
It was fairly complex, but that's just because we did the little things that aren't normal in our environment, but other than that fairly straightforward.
We did it in a little bit of a different fashion than most would. We deployed it in Azure, in a cloud environment. That was a little different, but still pretty straightforward.
What other advice do I have?
The unified, end-to-end solution is very key here. We have a lot of various tools, and trying to get them all into one is very key.
Be sure to size it properly. Don't try to boil the ocean. Get your key log sources and let it start paying for itself immediately; it will.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VP, Information Systems Security Officer at a financial services firm with 501-1,000 employees
The AI engine correlates the events that it is receiving, taking a lot of guesswork away from the analyst. I’d prefer that it didn’t use the Microsoft Windows platform.
What is most valuable?
The AI engine is what I like the most. It’s all in how LogRhythm correlates the events that it is receiving. It takes a lot of guesswork away from the analyst. We don’t have to reinvent the wheel. Out of the box, it's very easy and intuitive to get started. It’s easy to see the impact of the event in which you are receiving.
What needs improvement?
For me right now, I have not used it long enough to give an evaluation of what the product is lacking. As far as room for improvement, I would like to see the solution be a more hardened operating system other than Windows. I’d prefer that they didn’t use the Microsoft Windows platform. I think that they lose a lot of efficiency and performance that way.
What do I think about the stability of the solution?
When I first deployed the product, I did find some issues with log consumption. The appliance we had was rated at 25,000 messages per second and we run an average of 1,204 messages per second. We are seeing performance issues with the appliance. It appears that there are some inconsistencies that are running with the hardware of the solution.
How are customer service and technical support?
It seems pretty good, but they do seem to be plagued with what a lot of new companies are plagued with -- their internal staff are still learning the product as well. Some of the sessions I’ve had were with technical support, not professional services. We have discovered some answers together instead of the technical support person knowing it off-hand. Some things we stumbled on by accident, some things I had to point out to the agent. Seeing as I have only used the product for two months, that person should know more than I do.
Which solution did I use previously and why did I switch?
I previously used McAfee ESM, QRadar, and ArcSight. McAfee is by far my favorite SIEM to utilize. It is very robust, very quick. The ability to query is much faster than all other popular SIEM tools. Now that it requires a lot more hardware investment, it almost requires a developer mentality to massage the tool to make it do exactly what you want. This is where LogRhythm really outshines McAfee.
What about the implementation team?
It was done in-house. A person from a different state logged on and helped me via web conference and helped me through the initial configuration.
What was our ROI?
I foresee a ROI. You need to understand what an ROI is. We are trying to buy peace of mind. It’s almost an insurance policy. It’s really measured in soft dollars.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Technology Solutions Head at MANTRA TECHNOLOGIES LTD
Mature product for logging, correlating and reporting.
Pros and Cons
- "The user interface is good."
- "The initial setup is not so easy because it is quite a process."
What is our primary use case?
Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.
What is most valuable?
The user interface is good.
What needs improvement?
We are still implementing and have not yet completed the LogRhythm implementation for one particular customer. We haven't faced any issues right now. Once we've completed and we are doing the log analysis and the correlation and audits, at that point in time, if we find challenges, I can update you. Right now, it's okay.
Let us see once we finish the website we are working on. Then we'll understand better more of what we need. We'll probably need an improved user experience in terms of reporting and analytics. If the reports are very easy to configure and generate what we require, that will be the best thing. At the end of the day, it is just logging, correlating and reporting.
For how long have I used the solution?
I have been using LogRhythm NextGen SIEM for the last four years. We are using the latest version.
What do I think about the stability of the solution?
The stability is there, it is good.
As of November we have four customers in the field of info, security, officers, managers, and risk and compliance. Generally, these are all risk and compliance teams at the financial institutions or in the government. The implementation is done by the IT security team but the reports and everything are part of the risk and compliance team.
What do I think about the scalability of the solution?
It is scalable.
One person is more than enough to operate it. We have a specialist, one engineer who does it.
How are customer service and support?
The support is quite good. We haven't had any challenges. Initially, there was something that they requested, so we logged a call and they were able to respond immediately. We had no challenges. They are quite responsive.
How was the initial setup?
The initial setup is not so easy because it is quite a process. Nevertheless, from my experience in implementing SIEM, Splunk is the easiest, and LogRhythm comes next.
LogRhythm is okay, we never had any challenges.
The installation is per site. Because these are all government customers, public sector government customers, we generally take anywhere between four to six weeks for installation. We have five people doing it.
What's my experience with pricing, setup cost, and licensing?
When they buy the license, whether on-prem or cloud licenses, I don't think that's all they pay. We do charge them for implementation and installation, but that's about it. Subscription is year on year.
Which other solutions did I evaluate?
We have tried many other products. But if you want to look for a mature product in the SIEM market - Gartner Quadrant, LogRhythm and Splunk are all leaders and are well placed products. The rest are yet to come up.
When I say LogRhythm is a mature product, I mean it covers all 360 degrees for SIEM requirements which is not there in the other products. Only a few products have this kind of totality of integration, especially in the reporting. It has very good machine learning and AI techniques. It is very good.
What other advice do I have?
I of course would recommend LogRhythm NextGen SIEM to others.
On a scale of one to ten, I would give LogRhythm NextGen SIEM definitely a nine.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager of Information Security at a real estate/law firm with 51-200 employees
It has given us visibility into log information that we did not have before
Pros and Cons
- "The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
- "We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
What is our primary use case?
The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.
How has it helped my organization?
It has definitely improved our security program's maturity, because we have visibility that we didn't have before. We came from another SIEM platform that we had used for over ten years and we completely outgrew that platform. LogRhythm has given us more visibility. It has created more actionable items for us on a day-to-day basis, which gives us more work. At the same time, it has given us more tools than we had before, so that is definitely nice.
What is most valuable?
I wish I could just name one feature! There are so many:
- The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market.
- LogRhythm differentiates itself through its usability.
- Its simplicity. It can do more than just basic simplicity.
For how long have I used the solution?
Three to five years.
What do I think about the stability of the solution?
We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services. The version that we are currently on is a lot more stable than what we have experienced in the past. So, it is progressively getting better day-by-day. However, we have had some instability in the past.
What do I think about the scalability of the solution?
There are a lot of things that are on our wishlist which I found out about on day one.
As far as scalability is concerned, it is good.
How is customer service and technical support?
I would rate the technical support as a nine out of ten. We have had some issues. Though overall, support has been great. The portal and their interaction with us along with their full support has been fantastic.
How was the initial setup?
The initial setup is complex, because it's a huge product. LogRhythm is a beast. It can do so much more than just the analytic software, so it is not your typical installation. It's more of a three to four month installation process because you are gradually bringing in logs and fine tuning them. It is not a difficult process, just a lengthy one.
What was our ROI?
We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that.
What other advice do I have?
I just found out about the playbooks at the conference. I plan on using them as soon as I get back.
We have about 2500 messages per second coming in.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
We integrated Azure logs with it, allowing us to compare that with our Windows and host logs
Pros and Cons
- "We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
- "We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
What is our primary use case?
We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm.
It's a general SIEM system for us, gathering the logs into one area.
How has it helped my organization?
We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them.
It just makes it simpler for analysts to find everything in one place. We don't have to give everyone access to ten different things, it's just one area where we can see everything.
What is most valuable?
We like the alerting features. They seem a little more hands-on and easier to set up.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
It seems like a stable product. We haven't had any downtime yet. All the network monitoring seems to be going smoothly.
What do I think about the scalability of the solution?
We have about 20,000 logs per second as our ceiling and we're at about 6,000 to 8,000 now, so we're okay. It looks like it's going to meet our needs for many years.
How are customer service and technical support?
They're hard to get a hold of. We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back.
Which solution did I use previously and why did I switch?
We moved away from Splunk because we were not happy with it. Workstation monitoring seemed a little more complex than it is with LogRhythm. It's much simpler to search for issues and get alerts through it.
What's my experience with pricing, setup cost, and licensing?
The setup was pretty straightforward. They sent us the appliance, we tailored it to our needs, made sure our network met everything it was looking for. We worked with their support a little bit on what they recommend for setting everything up.
We had a kick-off meeting before they sent the appliance to us and they handed all the documentation to us. That aspect's good. But working with the engineering support has lacked.
Which other solutions did I evaluate?
We looked at AlienVault, that was one we demo'ed. LogRhythm does seem better.
What other advice do I have?
I'm not sure that we're hands-on yet with the full-spectrum analytics capabilities and we don't use any of the built-in playbooks. We have plans to use them in the future. We want to integrate everything into it and make it more automated.
We're at about 6,000 logs per second. In terms of a measurable decrease in the meantime to detect and respond to threats, we haven't gotten there yet. We are still implementing, still learning. We have to get to all our logs correlated.
So far we're pretty happy with the overall functionality of the system. It's going to meet everything we're looking for.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
Securonix Next-Gen SIEM
Exabeam
USM Anywhere
ManageEngine Log360
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- Does LogRhythm NextGen SIEM offer good security?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?