Most of the SIEM OEMs are now coming up with XDR solutions. It is an Extended Detection and Response that includes NetMon capabilities. Unlike the traditional standalone SIEM solution, it primarily focuses on integrated SIEM capabilities. LogRhythm's SOAR capabilities are far behind those of QRadar. It has its limitations. Some of the automated tasks we can perform on QRadar cannot be performed on LogRhythm because the solution has limitations. It's not the case where the client has procured some licenses, and the license has limitations. He can always upgrade to the next level of capability, but the solution has certain limitations.
The correlation engine is much stronger. The log processing is much better when it comes to LogRhythm.
It has a very strong artificial intelligence engine.
There are issues with integrated third-party tools.
I have been using LogRhythm NetMon for 1 year.
The product’s stability is fine. We see any performance degrade, or any outages with respect to the collectors. In the last one year, we haven't faced the console not being accessible.
The solution is scalable.
600-700 users are using this solution and can be scalable to 1500-2000 users immediately.
Customer support is quick enough. They were very static, but the response was good. The nature of the problem itself when we reach out to LogRhythm support. It had nothing to do with LogRhythm but more to do with the other integrated tools.
The selling point for LogRhythm is the SIEM solution, SOAR, and competitive pricing against QRadar, Sentinal, Splunk, or any other tool in the market.
We started using LogRhythm started back in 2013. When I joined, we only had six or seven clients, but then, in a span of two and a half years, we increased our client base from seven to 33. We're always happy with the services and the product.
There were no issues. We've integrated LogRhythm with EDR, email security solutions, and DLP. We've not found any specific issues with that.
Overall, I rate the solution an 8 out of 10.