Information Security Analyst at Detecon Al Saudia Company Limited
Real User
Top 20
2024-05-28T07:24:00Z
May 28, 2024
We use this solution for fax-based purposes. We have twelve actual users actively using NetMon in our organization. Additionally, we serve at least seventy-five clients with NetMon analysis. NetMon is deployed primarily in a private cloud across one data centre as we are a cloud service provider.
Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.
LogRhythm NetMon can be useful if someone wants to look into something apart from network behavior analysis, like DPA or any network forensic services. For DPA or any network forensic services, users can rely on LogRhythm NetMon, where they have to deploy the agent in their environment, or if sensors need to be deployed in TAP and SPAN port, with the help of which you can see the traffic movement. LogRhythm NDR is something based on artificial intelligence, machine learning, and real-time analytics since a user needs to see real-time lateral movement in their environment or network on a real-time basis.
Our client has given us IP addresses that must be assigned to a few devices at their end, such as networks, network devices, and firewalls, that we monitor using NetMon. We see whether those packets have been captured properly and what kind of traffic has been enabled like HTTPS, HTTP, and DNS servers. We also monitor how the traffic is flowing and how much data has been downloaded through one IP.
Product Technical Manager at a tech company with 1-10 employees
Real User
2020-03-18T06:06:04Z
Mar 18, 2020
Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view
Identify Emerging Threats on Your Network in Real Time
Transform your physical or virtual system into a network forensics sensor in a matter of minutes for free with LogRhythm's NetMon Freemium. Your investigations will come together effortlessly with extensive corresponding metadata, full packet capture, and customizable advanced correlation.. Detect network-based threats with real-time network monitoring and big data analytics
Get the visibility you need with NetMon.
We use this solution for fax-based purposes. We have twelve actual users actively using NetMon in our organization. Additionally, we serve at least seventy-five clients with NetMon analysis. NetMon is deployed primarily in a private cloud across one data centre as we are a cloud service provider.
We use the product to monitor and report network utilizations.
Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.
LogRhythm NetMon can be useful if someone wants to look into something apart from network behavior analysis, like DPA or any network forensic services. For DPA or any network forensic services, users can rely on LogRhythm NetMon, where they have to deploy the agent in their environment, or if sensors need to be deployed in TAP and SPAN port, with the help of which you can see the traffic movement. LogRhythm NDR is something based on artificial intelligence, machine learning, and real-time analytics since a user needs to see real-time lateral movement in their environment or network on a real-time basis.
Our client has given us IP addresses that must be assigned to a few devices at their end, such as networks, network devices, and firewalls, that we monitor using NetMon. We see whether those packets have been captured properly and what kind of traffic has been enabled like HTTPS, HTTP, and DNS servers. We also monitor how the traffic is flowing and how much data has been downloaded through one IP.
I mainly use NetMon for traffic analysis and flow and to determine if anyone is using a previous password.
We use this product for network monitoring, to assist with our network security and performance.
Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view