Share your experience using LogRhythm NetMon

The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.

Use our online form to submit your review. It's quick and you can post anonymously.

Your review helps others learn about this solution
The PeerSpot community is built upon trust and sharing with peers.
It's good for your career
In today's digital world, your review shows you have valuable expertise.
You can influence the market
Vendors read their reviews and make improvements based on your feedback.
Examples of the 83,000+ reviews on PeerSpot:

KuldeepBurra - PeerSpot reviewer
Co-Founder & Managing Director at Halainfosec
Real User
A SIEM and SOAR solution with XDR capabilities
Pros and Cons
  • "It has a very strong artificial intelligence engine."
  • "Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations."

What is our primary use case?

Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.

How has it helped my organization?


What is most valuable?

The correlation engine is much stronger. The log processing is much better when it comes to LogRhythm. 

It has a very strong artificial intelligence engine.

What needs improvement?

There are issues with integrated third-party tools.

For how long have I used the solution?

I have been using LogRhythm NetMon for 1 year.

What do I think about the stability of the solution?

The product’s stability is fine. We see any performance degrade, or any outages with respect to the collectors. In the last one year, we haven't faced the console not being accessible.

What do I think about the scalability of the solution?

The solution is scalable.

600-700 users are using this solution and can be scalable to 1500-2000 users immediately.

How are customer service and support?

Customer support is quick enough. They were very static, but the response was good. The nature of the problem itself when we reach out to LogRhythm support. It had nothing to do with LogRhythm but more to do with the other integrated tools. 

What other advice do I have?

The selling point for LogRhythm is the SIEM solution, SOAR, and competitive pricing against QRadar, Sentinal, Splunk, or any other tool in the market.

We started using LogRhythm started back in 2013. When I joined, we only had six or seven clients, but then, in a span of two and a half years, we increased our client base from seven to 33. We're always happy with the services and the product.

There were no issues. We've integrated LogRhythm with EDR, email security solutions, and DLP. We've not found any specific issues with that.

Overall, I rate the solution an 8 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
AshishDubey - PeerSpot reviewer
Product manager at Tata Communications Ltd
Real User
Top 5Leaderboard
A stable and scalable tool useful for network behavior analysis, DPA, and network forensic services
Pros and Cons
  • "It is a stable solution...It is a scalable solution."
  • "LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently."

What is our primary use case?

LogRhythm NetMon can be useful if someone wants to look into something apart from network behavior analysis, like DPA or any network forensic services. For DPA or any network forensic services, users can rely on LogRhythm NetMon, where they have to deploy the agent in their environment, or if sensors need to be deployed in TAP and SPAN port, with the help of which you can see the traffic movement. LogRhythm NDR is something based on artificial intelligence, machine learning, and real-time analytics since a user needs to see real-time lateral movement in their environment or network on a real-time basis.

What is most valuable?

The valuable features of LogRhythm NetMon may vary from person to person since it depends and changes on a case-to-case basis and as per customers' requirements. Depending on customers' requirements, my company proposes to our customers either LogRhythm NetMon or LogRhythm NetMon NDR. NDR is a new technology launched by LogRhythm recently.

LogRhythm gives you a holistic view if you have a lot of components of LogRhythm in your organization since it also makes integration functions easy and possible.

What needs improvement?

I have not worked much on LogRhythm NetMon to be able to comment on what needs improvement in the product since there is another team in our company that is working on the solution presently. LogRhythm NetMon's pricing model is an area of concern that should be made a little bit cheaper in comparison to the other players in the market currently. With players like IBM QRadar that propose QNI or Darktrace in the market, LogRhythm NetMon needs to consider a reduction in its pricing model.

For how long have I used the solution?

I have been using LogRhythm NetMon for three years.

What do I think about the stability of the solution?

It is a stable solution. The only challenge that I have faced to date is with the platform provided by LogRhythm NetMon.

What do I think about the scalability of the solution?

It is a scalable solution. My company deals with five to six customers who use LogRhythm NetMon.

How are customer service and support?

Apart from the response delay, the solution's technical support is good.

Which solution did I use previously and why did I switch?

I have experience with QRadar.

How was the initial setup?

You can't describe the initial setup phase of LogRhythm NetMon as a straightforward or complex one. The straightforwardness or complexities involved in the initial setup phase is something that stems from the people who are involved in the setup process. LogRhythm NetMon's initial setup phase lies somewhere between being complex and straightforward, but it is okay.

LogRhythm NetMon's deployment process is simple. To know more about the deployment process of LogRhythm NetMon, I will have to connect with the team concerned with the implementation process in my company.

What's my experience with pricing, setup cost, and licensing?

LogRhythm's licensing part is something that depends on the license you want since they offer it on a perpetual and subscription basis.

Which other solutions did I evaluate?

Dynatrace and Darktrace are some of the competitors of LogRhythm. I don't have any inputs to provide if we speak about the comparison between Dynatrace, Darktrace, and LogRhythm.

What other advice do I have?

My company mostly pushes or proposes LogRhythm NDR to our customers.

I recommend the solution to those who plan to use it. People can buy LogRhythm as a separate component if they have a separate LogRhythm-based setup in their environment.

I rate the overall tool an eight and a half out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate