Check Point Security Management vs LogRhythm SIEM comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,305 views|5,499 comparisons
LogRhythm Logo
18,314 views|12,279 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Check Point Security Management and LogRhythm SIEM based on real PeerSpot user reviews.

Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Check Point Security Management vs. LogRhythm SIEM Report (Updated: October 2022).
655,994 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored.""The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."

More Devo Pros →

"The fact that everything starts from the same unified management console makes it very easy to integrate new equipment or functionalities once the operator has become familiar with it, as everything will follow similar management or operation mechanisms.""The rulebase management and the shared layers concept is implemented well.""We can track logs of each firewall which is very helpful.""The Check Point Management server is isolated from security gateways, which means that in case there is an issue, we have our configuration ready and we can directly replace the device and push the configuration.""The solution is ideal for use and deployment in a large infrastructure environment.""The unique management using Smart Console for all firewalls is very useful.""With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future.""HA Structure provides good coverage and works fine."

More Check Point Security Management Pros →

"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.""NextGen SIEM's most valuable feature is its user-friendliness.""The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network.""The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.""Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools.""One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us.""It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable.""LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."

More LogRhythm SIEM Pros →

Cons
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that.""The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets.""Technical support could be better.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness.""One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate.""I would like to have the ability to create more complex dashboards.""Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."

More Devo Cons →

"In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.""I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.""It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time.""The graphical interface is nice but it is a bit heavy.""Policy installation time can be reduced.""The tracking of new threats could be improved.""We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time.""Installing a policy takes a very long time to complete."

More Check Point Security Management Cons →

"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.""When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away.""Sometimes the Platform Manager crashes because it's built around Windows.""We've had issues with scaling and local support.""The log storage capacity should be increased.""LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay.""One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI.""The solution is likely not the best option for a smaller organization."

More LogRhythm SIEM Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "This product can be used for 25 security gateways on a basic license."
  • "Check Point is much cheaper than the competition ($4/server as compared to $17/server)."
  • More Check Point Security Management Pricing and Cost Advice →

  • "We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
  • "It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that."
  • "The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required."
  • "We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget."
  • "The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
  • "I didn't see the RFP, but I heard that it is more expensive than QRadar. I remember one customer implemented only one QRadar in two sites. It cost them $2 million, I think. Maybe LogRhythm is much higher."
  • "I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
  • "It is a very cost-effective solution."
  • More LogRhythm SIEM Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Log Management solutions are best for your needs.
    655,994 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:It is good when it comes to access control, which is the basic feature that we use in a firewall appliance or solution… more »
    Top Answer:Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa… more »
    Top Answer:Rony, Daniel's answer is right on the money.  There are many solutions for each in the market, a lot depends upon your… more »
    Top Answer:One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources… more »
    Top Answer:LogRhythm does a very good job of helping SOCs manage their workflows.
    Comparisons
    Also Known As
    R80.10, R80, R77.30, R77, Check Point R80.10 Security Management, R80 Security Management
    LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Check Point Security Management is an advanced security management platform for enterprises. The platform integrates all aspects of security. A single platform manages the entire infrastructure, from data centers to private/public cloud deployments.

    Check Point Security Management is a reliable and easy-to-use security platform. It integrates all aspects of your security environment to strengthen the security posture without impairing productivity. The system has a layered policy model. This means the security policy can be separated into layers for network segmentation. Different administrators can manage different policies. The policy layer automates the tasks.

    The platform is extensible, scalable, and integrates easily with orchestration systems and change management.

    Basic Components of the Infrastructure

    1. Smart Console: The Check Point Graphical User Interface for connecting and managing Security Management Servers. The smart console provides an integrated solution via the following features:


    • Security policy management
    • System health monitoring
    • Multi-domain management


    The smart console offers several advantages. Changes in security policies and logs can be done with a click. You can navigate from an item within a log to the policy. There are also built-in multi-language support and accessibility features.

    1. Security Management Server: The server manages security gateways with set security policies and monitors security events on the network.

      The automation server is an integrated part of the management server. The API server is active by default on servers with 4 GB of RAM or more and on standalone servers with 8 or more GB of RAM.

      The automation server communicates with the management server the same way as the Smart Console. This architecture allows the same validation errors and warnings to be presented when using an automation session.

      The same audit logs generated using the Smart Console are also generated using an automation session. If you have a multi-domain environment, there is only one automation server that monitors all the IP addresses of the multi-domain management server.

      2. Security Gateway is placed at the edge of the network. It monitors and filters traffic and enforces security policies.

        Logging, Event management, and Monitoring

        With Check Point Security Management, logging, reporting, event management, and monitoring are integrated. The platform features widgets and chart templates that optimize visibility. One of the best features is the one-click exploration. This simplifies going from a general overview to specific event details.

        Benefits of Check Point Security Management

        • The platform keeps pace with dynamic network changes
        • Helps align security with business goals
        • Helps with threat prevention.
        • Reduces operational costs

        The unified console also means a single policy for users, data, applications, and networks. The granularity control helps accelerate administration processes. This feature, together with automation, is key to achieving reduced operational overhead. Security teams can automate tasks and even create self-service security web portals with the Check Point Security Management platform.

        Threat management is fully integrated, with reporting, logging, and monitoring all in one dashboard. This provides full visibility into the security of the network.

        Security Management Suite

        The Security Management Suite consists of the following modules:

        • Policy Management: Includes central management of different security policies across multiple domains and browser-based security management.
        • Operations Management: Includes compliance, provisioning, workflow automation, and user directory centralization.
        • Threat Management: Includes centralizing security event correlation for enforcement points. Centrally monitors Check Point devices.

        Reviews from Real Users

        A Network Security Engineer/Architect at a tech services company says, "The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other."

        "The management API is the best new feature for me. It allows us to further automate our customers' automated server ordering," says a System Engineer Network & Security at OTTO GmbH & Co KG.

        A Senior Infrastructure Services Specialist at St.George Bank Limited adds that "The solution is ideal for use and deployment in a large infrastructure environment."





        LogRhythm’s NextGen SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, NextGen is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyber threats. Ultimately, the platform is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. This platform is for organizations that require an on-premises solution and offers:

        ● Streamlined workflow

        ● Secure data access

        ● Real-time visibility

        ● A unified user experience

        ● Management customization

        Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology is there to address threats before they become significant financial risks while simultaneously helping better manage the organization’s assets.

        LogRhythm NextGen SIEM has many key features and capabilities, including:

        High-Performance Log Management: NextGen SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

        Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

        ● SmartResponse Automation Framework: NextGen SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

        Automated Machine Analytics: NextGen SIEM’s AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

        Case and Security Incident Management: NextGen SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

        Benefits to Using LogRhythm NextGen SIEM

        The platform is of great value for security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

        ● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

        ● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

        Reviews from Real Users

        LogRhythm NextGen SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

        Jason G., a senior cyber security engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

        Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

        Offer
        See Devo in Action

        See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

        Learn more about Check Point Security Management
        Learn more about LogRhythm SIEM
        Sample Customers
        United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
        Hedgetec, Geiger
        Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
        Top Industries
        REVIEWERS
        Computer Software Company50%
        Comms Service Provider10%
        Retailer10%
        Insurance Company10%
        VISITORS READING REVIEWS
        Computer Software Company21%
        Comms Service Provider12%
        Financial Services Firm9%
        Government9%
        REVIEWERS
        Manufacturing Company22%
        Financial Services Firm15%
        Security Firm13%
        Computer Software Company11%
        VISITORS READING REVIEWS
        Computer Software Company21%
        Comms Service Provider19%
        Security Firm8%
        Financial Services Firm6%
        REVIEWERS
        Financial Services Firm27%
        Healthcare Company12%
        Energy/Utilities Company9%
        Manufacturing Company8%
        VISITORS READING REVIEWS
        Computer Software Company20%
        Comms Service Provider12%
        Government10%
        Financial Services Firm7%
        Company Size
        REVIEWERS
        Small Business21%
        Midsize Enterprise21%
        Large Enterprise58%
        VISITORS READING REVIEWS
        Small Business23%
        Midsize Enterprise16%
        Large Enterprise62%
        REVIEWERS
        Small Business32%
        Midsize Enterprise29%
        Large Enterprise38%
        VISITORS READING REVIEWS
        Small Business30%
        Midsize Enterprise18%
        Large Enterprise52%
        REVIEWERS
        Small Business18%
        Midsize Enterprise24%
        Large Enterprise59%
        VISITORS READING REVIEWS
        Small Business25%
        Midsize Enterprise18%
        Large Enterprise57%
        Buyer's Guide
        Check Point Security Management vs. LogRhythm SIEM
        October 2022
        Find out what your peers are saying about Check Point Security Management vs. LogRhythm SIEM and other solutions. Updated: October 2022.
        655,994 professionals have used our research since 2012.

        Check Point Security Management is ranked 7th in Log Management with 34 reviews while LogRhythm SIEM is ranked 5th in Log Management with 26 reviews. Check Point Security Management is rated 9.0, while LogRhythm SIEM is rated 8.2. The top reviewer of Check Point Security Management writes "Scalable with a good management API and visible audit logs". On the other hand, the top reviewer of LogRhythm SIEM writes "Helps with productivity, reduces administrative overhead, and offers useful dashboards". Check Point Security Management is most compared with Fortinet FortiAnalyzer, Wazuh, IBM QRadar, Elastic Security and ManageEngine Log360, whereas LogRhythm SIEM is most compared with Splunk, IBM QRadar, Microsoft Sentinel, Datadog and AT&T AlienVault USM. See our Check Point Security Management vs. LogRhythm SIEM report.

        See our list of best Log Management vendors.

        We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.