How has it helped my organization?
It serves several different features. We can check the checkbox for HIPAA compliance, SEC-type stuff.
But really, our biggest focus was actually on our clients. Because we're an accounting firm, a lot of our clients actually audit us, or they have large security questionnaires that we have to fill out. So having a SIEM product is one of those check boxes, and being able to say "yes" on security questionnaires; or one that clients come in and say, "We want proof that you're auditing your domain controllers, that you're auditing the security files servers, you know who touched our files, how they read them, deleted them, modified them."
Being able to pull all that information up before the auditors, it's great. Very critical.
What is most valuable?
We're fairly new to LogRhythm. One of the things that we really liked in the deployment PoC phase was the dashboard. How easily it percolated critical information up onto a screen that we could immediately review, and drill-down to look at the raw logs. That was one of the key features that we liked in the PoC. Still today, that is by far one of the best features.
What needs improvement?
Probably the biggest improvement and I've talked to several of the management here at the LogRhythm User conference on it, is their thin piece, which is their file integrity monitor, that we use on some of our security servers. The data sets are extremely large, tons of files are being modified, deleted, created. That product could use some more enhancing.
We've been working with them to enhance that product for future releases. It's been a good experience.
Any issues that we've had, they've actually fixed the majority of the issues that we had with the initial product, by even giving us customized installation packages to adapt to our environment.
What do I think about the stability of the solution?
It's been real good. We've done several upgrades since then. Each time, if there has been an issue, we've just opened up a ticket with support and literally, it's hours to minutes sometimes - depending on time you open up the ticket. There's a response and then engineers calling you, and helping you out through some of those issues. It's been good.
Buyer's Guide
LogRhythm SIEM
March 2025
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,712 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We haven't scaled because, like I said, we're still the first-year phase. Now, when we purchased the product, we did purchase it to scale it out a little bit over time. We overbuilt it just a little bit so that we could keep adding log sources to it. But so far, we've been right on the money, as far as the initial build of it.
Which solution did I use previously and why did I switch?
We had come from two other SIEM products that were going end-of-life. The original one was the Cisco Security Manager, and then the latest one was RSA enVision. Because that was going to end-of-life, we needed to find a replacement product.
The big thing was the PoC was a great tool to get a great overview of what the product was going to be like. We also worked with an SE that helped deploy the product. Then we also were able to talk to support. So we got a good feeling to how the product was going to operate, not only from our operational standpoint, but also from a support standpoint, and also from help from our local support engineer.
We just had a great experience all round, and when comparing feature sets, the web interface to the alarm drill downs, the AI Engine drill downs, to the network monitor product, it was definitely on the top of the list.
The other big thing that we really liked about LogRhythm - we had a unique requirement - was that we had to have appliances, we didn't want virtual devices. Just from the security side of things, we wanted to be able to manage those devices ourselves, rather than having our infrastructure group manage those. LogRhythm also provided us the appliance base versus Splunk which is all virtual base.
How was the initial setup?
We actually used LogRhythm's Professional Services group to help us get the product up and running. It went real smooth. Matter of fact, the amount of time that we allocated the Professional Services, we were short of that. It just went real well.
Our group caught on to the product very quickly, which was another great benefit. We were able to do a lot of the work ourselves, versus relying on Professional Services to do it, just because we caught on much quicker than we had thought initially.
Which other solutions did I evaluate?
Our SIEM solutions list included several different vendors from Splunk to LogRhythm to RSA, their new product. We ended up choosing LogRhythm.
What other advice do I have?
Just from the simplicity standpoint, it's met all of our expectations now. Like I said, you always have that little thing here and there that you still have to tweak, but other than that, we've really liked the product.
The biggest thing in this product is not everybody on our security team is well versed in SIEM or analytics, but we found that LogRhythm - the Web Console UI - really simplified, especially with the metadata parsing out. It allowed those people to read those type of events much quicker, because it was right there, and it was pretty easily translated. So "user" is username, "host" is the host, and so it's very easy. You're not having to dig through this big long raw log file to actually figure it out. Then if it needs to go there, it goes to an advanced person.
Disclosure: I am a real user, and this review is based on my own experience and opinions.