Information Security Analyst at Detecon Al Saudia Company Limited
Real User
Top 20
2024-05-28T07:24:00Z
May 28, 2024
The main concern is that LogRhythm has not improved NetMon but instead introduced a separate product, which many customers, including us, would prefer to be integrated into a single platform for easier management. I'd also like to see LogRhythm NetMon improve in terms of cost efficiency, especially regarding adding new products that may overlap in functionality. Specifically, I would appreciate enhanced detection and response capabilities directly integrated into NetMon to avoid needing additional rules or tools from LogRhythm. Regarding integration capabilities, I think NetMon's current agent-based approach is limiting. Integrating with protocols like Gflow and Netflow would be better, allowing seamless integration with our existing network equipment. This would solve the problem of agent-based restrictions and improve overall integration.
I have not worked much on LogRhythm NetMon to be able to comment on what needs improvement in the product since there is another team in our company that is working on the solution presently. LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently. With players like IBM QRadar that propose QNI or Darktrace in the market, LogRhythm NetMon needs to consider a reduction in its pricing model.
There is an issue with tunneling in relation to how the connectivity is established between the end devices and where NetMon is installed. On the console, I often observe that there's a difference of a few seconds or maybe a minute, and this lag time should not be there. The console can be improved in terms of access. It takes time to load the whole tool, though it might not all be related to NetMon. It could be related to the server. If there are a lot of VPN hops in between, then there will be the possibility of lag time.
The training for this product is not very good and needs to be improved. For example, the instructor came with a specific outline and does not like to go outside of the box. There should be documentation the describes more use cases and how to implement them.
Product Technical Manager at a tech company with 1-10 employees
Real User
2020-03-18T06:06:04Z
Mar 18, 2020
Our customers would always like to see additional features. Ideally, they want one solution to do everything, particularly with networking products. Often customer request features that are related to their day-to-day operation such as traffic congestion and network usage at a specific endpoint. Adding operational flavor into the existing network threat detection product would allow more customers to use a single platform to satisfy all their networking visibility needs. I'd like to see more of these types of visualization or dashboard geared toward this kind of usage is built out of the box and ready to use. Also, having network topology visuals from a specific endpoint can be a great feature that would help correlate and investigate faster.
Data Security Architect at a comms service provider with 1,001-5,000 employees
Real User
2019-02-24T10:18:00Z
Feb 24, 2019
I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products. I would also like to see some more customization with the analytics that LogRhythm offers because there are competitive solutions on the market that get much more analytics, unlike LogRhythm. We have second-hand features when we look at the analytics portion of it. Otherwise, the solution is good but I'm expecting a little more in analytics.
Identify Emerging Threats on Your Network in Real Time
Transform your physical or virtual system into a network forensics sensor in a matter of minutes for free with LogRhythm's NetMon Freemium. Your investigations will come together effortlessly with extensive corresponding metadata, full packet capture, and customizable advanced correlation.. Detect network-based threats with real-time network monitoring and big data analytics
Get the visibility you need with NetMon.
The main concern is that LogRhythm has not improved NetMon but instead introduced a separate product, which many customers, including us, would prefer to be integrated into a single platform for easier management. I'd also like to see LogRhythm NetMon improve in terms of cost efficiency, especially regarding adding new products that may overlap in functionality. Specifically, I would appreciate enhanced detection and response capabilities directly integrated into NetMon to avoid needing additional rules or tools from LogRhythm. Regarding integration capabilities, I think NetMon's current agent-based approach is limiting. Integrating with protocols like Gflow and Netflow would be better, allowing seamless integration with our existing network equipment. This would solve the problem of agent-based restrictions and improve overall integration.
The platform's integration features often need to be improved.
There are issues with integrated third-party tools.
I have not worked much on LogRhythm NetMon to be able to comment on what needs improvement in the product since there is another team in our company that is working on the solution presently. LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently. With players like IBM QRadar that propose QNI or Darktrace in the market, LogRhythm NetMon needs to consider a reduction in its pricing model.
There is an issue with tunneling in relation to how the connectivity is established between the end devices and where NetMon is installed. On the console, I often observe that there's a difference of a few seconds or maybe a minute, and this lag time should not be there. The console can be improved in terms of access. It takes time to load the whole tool, though it might not all be related to NetMon. It could be related to the server. If there are a lot of VPN hops in between, then there will be the possibility of lag time.
Sometimes it's hard to find the network devices' self-audit logs.
The training for this product is not very good and needs to be improved. For example, the instructor came with a specific outline and does not like to go outside of the box. There should be documentation the describes more use cases and how to implement them.
Our customers would always like to see additional features. Ideally, they want one solution to do everything, particularly with networking products. Often customer request features that are related to their day-to-day operation such as traffic congestion and network usage at a specific endpoint. Adding operational flavor into the existing network threat detection product would allow more customers to use a single platform to satisfy all their networking visibility needs. I'd like to see more of these types of visualization or dashboard geared toward this kind of usage is built out of the box and ready to use. Also, having network topology visuals from a specific endpoint can be a great feature that would help correlate and investigate faster.
I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products. I would also like to see some more customization with the analytics that LogRhythm offers because there are competitive solutions on the market that get much more analytics, unlike LogRhythm. We have second-hand features when we look at the analytics portion of it. Otherwise, the solution is good but I'm expecting a little more in analytics.