What advice do you have for others considering LogRhythm SIEM?

LogRhythm SIEM's automated response capabilities help organizations mitigate threats through alerts based on specific use cases and monitoring requirements. The effectiveness depends on the environment and industry - telecom companies, software companies, and product companies each have different requirements and devices. The network monitoring feature (NetMon) was satisfactory when last used, rating approximately three out of five. There is room for improvement in this area. For threat detection capabilities, LogRhythm SIEM has numerous built-in features and has improved with cloud-based environments and AI integration through Exabeam. While they don't yet have MITRE framework mapping by default, they offer good IOC-based detection and threat intel feed integration. The knowledge base updates regularly with features such as Geo info of incoming data. Overall rating: 7/10

I see LogRhythm SIEM as value for money; I would rate it eight out of ten. I have not seen any AI integration related to LogRhythm SIEM; as it stands, there is nothing designed to provide those kinds of recommendations. I believe AI features are required; for example, with Sentinel, it can suggest actions based on detection. It would be helpful if LogRhythm SIEM could provide similar capabilities to assist analysts in responding to cyberattacks effectively, such as giving recommendations for alerts at the touch of a button. Daily maintenance is required for LogRhythm SIEM; we need to monitor memory, storage space, and backups, and keep an eye on running processes. Regular health checks every month or couple of months are necessary to ensure smooth operations. I am overall happy with the integration capabilities of LogRhythm SIEM as it functions similarly to other vendors. Overall, I rate LogRhythm SIEM seven out of ten.

I recommend paying attention to the solution's performance, which includes built-in SIEM capabilities and no additional costs for UEBA, SOAR, and network monitoring. Overall, my rating for LogRhythm SIEM is nine out of ten.

If there is no competitor, LogRhythm would be rated one hundred as there is no choice then. I'd rate the solution eight out of ten.

LogRhythm's AI engine assist is good enough. Everyone talking about threat hunting mostly mentions continuous virtual assessment or vulnerability management. The guard will allow some people in and stop others based on their knowledge. If the SIEM determines that a person is eligible to enter, they will allow it; if not, they will stop them. Overall, I rate the solution a seven out of ten.

I would recommend it to others. Overall, I would rate it an eight out of ten.

Speaking about how LogRhythm SIEM influences operational costs, or if it does have any security efficiency, I would say that I don't work with the tool every day to know what the operational cost benefit is. In any case, with fewer people, the tool has better visibility. There is a need for three or four people in a team for SIEM. The tool ensures better efficiency of the team by improving costs, but I am not very sure how to explain it as the tool has centralized events as it is spread out geographically with a lot of branches. We get a better understanding of the networks in different countries with the centralization part, improving the efficiency of the SIEM team. With LogRhythm SIEM, there is a need to deal with a lot of customized services. The tool spends a lot of time with professional services for customization. The good part is that the support team finishes their job very quickly and offers very good responses when it comes to the area of customization. There was a little disappointment since the tool did not have some of the parsers for some systems in the environments, like IBM, which was a surprise. In any case, support did the job, as there were tons of customizations needed. We were able to deal with the customization area and resolve the issue around it, making it a very customizable tool. It is a very flexible tool. I spend a lot of time with the support team doing the customizations. Customizations take a lot of time, but they are still a plus. I have not noticed any AI elements in LogRhythm SIEM. I recommend the tool to others. It is a perfect search engine, and every report is analyzed really quickly and in a straightforward manner. The tool has an easy GUI, and it is the perfect choice for security analysts. The tool has consoles, including an administrative console and a web console. For some people, that can be a problem. I think it is really good when you have administrative guys who deal only with the solution and analysts who deal only with the analyzed part without some preparation for the core configuration. Everyone can deal with the day job. For me, the tool is advanced, but maybe for others, it can be an issue. In any case, it is really visible to others for documentation. The tool is scalable and really operational. The tool is easy to use and for sizing. In the end, it is a good tool. In the Serbian market, most of the tools demanded are on-premises. When it comes to the on-premises solution, I think LogRhythm is one of the best tools. We are a little different than the other parts of the world. Everyone wants to go to the cloud, but here, everything wants to be kept on an on-premises model. The market in Serbia is very strange because we aren't a part of the European Union, and so, with regard to compliance, we always have some problems. The companies in Serbia like to have on-premises solutions because most financial institutions, banks, or government institutions have data centers, so they won't go to the cloud. In Serbia, we don't like to deal with cloud solutions, especially when the data needs to be consumed somewhere in the cloud because the biggest problem is the cost of cloud solutions for SIEM tools. Most of the applications and everything is also hosted on-premises in Serbia. Normally, the SIEM tools are used in an on-premises model. I rate the tool a nine out of ten.

We’ve integrated LogRhythm SIEM with various systems, such as Cisco switches, databases, PAM solutions, and Trend Micro ADA solutions. AI integration plays a significant role in enhancing security monitoring efforts by automating tasks and detecting zero-day attacks. I would rate LogRhythm SIEM an eight out of ten and recommend it to others.

My advice for someone considering implementing LogRhythm SIEM would be to start with proper controls and understand the value it provides. Before installing the solution, users should consider factors like EPS calculations and endpoint support to ensure proper sizing, especially if not going for an appliance. Overall, I'd rate this product an 8 and would recommend it to others due to its cost-effectiveness, value for money, and user-friendly nature.

LogRhythm SIEM is a good product for a small SOC. Overall, I rate the solution an eight out of ten.

People who want to use the solution must not do any big searches. Overall, I rate the product a six out of ten.

I rate LogRhythm SIEM an eight out of ten. In comparison, IBM has more features that are essential at the moment. However, it costs three times more than LogRhythm SIEM.

To those planning to use the solution, I suggest they get trained before starting the use and deployment of the solution. I rate the overall solution a nine out of ten.

I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting.

I give the solution an eight out of ten. The solution is for medium and large organizations.

I give the solution an eight out of ten. The solution can meet the most mature customer's requirements.

I rate LogRhythm SIEM 7.5 out of 10.

The nice thing about LogRhythm is that they continue to innovate and come up with new capabilities like their NDR solution that we recently invested in. They continue to stay relevant. I would rate LogRhythm a nine out of ten. The on-prem version of the solution is fantastic and is the core of my SOC. It's our daily tool for all of our investigations.

If you are one who thinks that SIEM is an outdated security tool, I would be very curious to know what other solution would be better than a SIEM to accomplish the same goals. A SIEM tool gives you such an open perspective into what is going on in your network and gives you the ability to dig in if you really need to. Whereas if you have a completely managed solution or one that uses AI and does everything for you but doesn't provide you the logs, you might know what's wrong but won't know what else is going on out there. With a SIEM tool, you can dig in as far as you want to, and specifically with LogRhythm, you can be as hands-free as you want to be. It'll tell you what's wrong, and you can address those problems. You have a lot more flexibility with LogRhythm SIEM. Overall, I'd rate LogRhythm SIEM a nine out of ten. I really enjoyed the solution. If you have to program anything yourself, there is a little bit of a learning curve. They've got lots of guides that you can use, and depending on your skill set, you may be able to figure it out sooner rather than later. The resources are all there, and the community is there to help you, which makes the product really great and easy to use.

You would be wrong to think that LogRhythm SIEM is an outdated solution. I use it every day, and it has helped me fix or see vulnerabilities or compromises in our network that I wouldn't have seen before. It's still definitely around. On a scale from one to ten, I'd rate LogRhythm SIEM an eight.

I'm a senior security analyst. I work at a government organization that employs between 500 and 1000 people. We are on-prem with high availability, so we have two self-contained systems, sequel logs, and everything, and they can run either box. In terms of helping us manage workflows and cybersecurity exposure, we haven't leveraged smart responses in the SIEM. It looks like a powerful asset. We have some automated responses with a different tool for ransomware detection and prevention. However, the workflow ability in the SIEM is actually quite powerful. We just haven't leveraged it since we haven't felt that the right use case presented itself to us yet. When it comes to affecting our rate of efficiency, we don't measure those metrics, so it's kind of hard to say there's a measurable amount or how much it's improved. It has given us a threat-hunting tool previously unavailable to us. We are very happy to have the SIEM be our primary threat-hunting tool. Those who say SIEM is an outdated security solution should note that SIEM technology has been around for a very long time. It's still relevant thanks to the continual development that companies have done to bring more usability to extracting threats from logs. That's timeless. That's not something that's going to go away over time. The LogRhythm SIEM continues to add features, and improvements and makes finding and presenting data from raw logs easier. Digging through logs before we had a SIEM was tedious and very time-consuming. It's made it a big-time saver. To have the way it presents the logs in a usable manner has been a tremendous help for us. I'd rate it a solid nine out of ten.

I'd rate the solution ten out of ten. Those that say SIEM is an outdated security system, don't understand cyber security. SIEM is what allows analysts like myself to be successful. Without a SIEM, how can we see everything? We can't.

I would rate LogRhythm an eight out of ten.

I rate LogRythm Siem at 10 out of 10.

When choosing a solution, it is important to determine what you want to achieve instead of how the solution works. Most solutions have a method for collecting logs, relaying information, and identifying issues so selection is more about the speed and accuracy of end results. I rate the solution an eight out of ten.

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version. My organization uses the on-premise version of the tool, and it's been applied to the data center. I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain. The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions. My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

When you implement, you need to know LogRhythm's architecture because it is quite difficult and different from that of other SIEM solutions. So, you need to know the architecture, how the processes work, and how the logs are processed. Overall, I would rate LogRhythm at eight on a scale from one to ten.

I would recommend NextGen SIEM to those considering implementing it and would rate it eight out of ten.

Don't do it without managed services, but I would say that for any SIEM. In SIEM technology, the setup and maintenance side is different from the monitoring and alerting side. I recommend all of our customers to always go with a managed service provider to take care of the monitoring and alerting side, or at the very least, to fill in for off hours because you only have so many people on your staff. Small and medium-sized customers are our bread and butter, and most of our customers don't have the staffing for this. If you don't have the expertise to set it up, manage it, or the time to learn it, a managed service can help you get it set up. For most SIEMs, LogRhythm included, for the first six months, you probably need one to one half of an FTE for doing the setup, getting it operationalized, and doing all the tuning. You're going to need one-quarter of an FTE for ongoing operations, maintenance, and support. That doesn't include monitoring of alerts and the response to the alerts. If you've got it well tuned, you don't need a lot of staff to do the monitoring and the alerting during the regular daytime hours. That's where having a managed service provider during off hours and weekends is handy. It is beneficial to have a managed service to do the operational work for maintenance. It is good, but there is room for improvement. There are plenty of solutions on the market that do a lot of what it does. It is not a huge product differentiator or market differentiator. I would rate it an eight out of ten.

I would recommend NextGen SIEM to other users as it is a leading solution with new features at a better price than competitors like Splunk and QRadar.

I rate LogRhythm NextGen SIEM a nine out of ten.

We are an integrator and service provider. We are not currently using the latest update. I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. I'd rate the solution five out of ten.

I would rate this solution 8 out of 10. My advice is that if the requirement is to have someone on-prem, for example, someone that is working in a financial entity, it is a requirement to have all the information in their own data centers and using specific connections. If you have that case, you can use it. It is convenient. And you can use it if you have a case where the evolution of the environment is not going to change for the next three years. Otherwise, if you have a lot of changes during the time that you are going to be using this solution, you need to include different components that will probably be complicated to architect.

I rate LogRhythm NextGen SIEM nine out of 10. People should consider LogRhythm. Take a close look and try it. It's one of the best SIEM solutions in the world.

I would rate this solution 7 out of 10. When you integrate a log source by default, you have to know what the customer needs or the process that is wanted, because we did the reconfiguration multiple times for log sources. So, they have to also follow the MITRE ATT&CK Framework, because by default LogRhythm collects the common logs, so you have to enable this. To estimate it in the licensing sizing exercise, it must be done correctly. Sometimes I see customers sizing away from the current situation. Customers sometimes buy a license that is not enough for their implementation, because they didn't expect what they would be adding in the future during the implementation. Sometimes the implementation takes one year, and the customer adds more devices, so it exceeds their license. I think it's the presales' job to do the sizing correctly. And the customer must be aware of how or what to implement during, so that implementation doesn't take long. It took some customers two years to implement a SIEM solution. I don't remember the solution, but it was a waste of two years' time.

My advice to others is for the initial deployment it should be done by certified engineers or the authorized vendor. I rate LogRhythm NextGen SIEM a nine out of ten.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context.

I of course would recommend LogRhythm NextGen SIEM to others. On a scale of one to ten, I would give LogRhythm NextGen SIEM definitely a nine.

My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term. I would rate LogRhythm NextGen SIEM a nine out of ten.

We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer. We are working with the latest version of the solution. I can't speak to the exact version number, however. I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.

We are using the solution for our own infrastructure and we are also offering it as a service. We are the largest service provider, cloud service provider, in Pakistan. However, we use a variety of deployment models - including cloud and hybrid. We have an ISO position for government-certified infrastructure. We have a PCI-certified infrastructure as well as a GDPI compliant infrastructure. We work closely with this product in particular. We have a lot of hands-on experience. I'd rate the solution eight out of ten. If it weren't for some parsing limitations in the product, I would rate it even higher.

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm. I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

I would definitely advise giving it a look. If you're able to deal with it in your environment and just give it a chance, it'll grow on you. It is not Splunk, but it's getting there. They're gaining visibility with other vendors. The integration with third parties is starting to light up a little bit for them, unlike IBM QRadar that has already created that bond with third parties to bring in their services into the product. LogRhythm is definitely getting there, and it is a quick way to leverage in-house talent. So, if you want to do automation and you have someone who is good at Python scripting or PowerShell, you can easily build something in-house to automate some of those use cases that you may want to do. I would rate LogRhythm NextGen SIEM an eight out of ten.

Overall, on a scale from one to ten, I would give LogRhythm NextGen SIEM a rating of eight. I would definitely recommend this solution; my only concern is with the price — it should be lower.