We performed a comparison between Check Point Security Management and LogRhythm SIEM based on real PeerSpot user reviews.Find out in this report how the two Log Management solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."
"The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored."
"The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution."
"Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data."
"In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean."
"The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."
"One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful."
"The fact that everything starts from the same unified management console makes it very easy to integrate new equipment or functionalities once the operator has become familiar with it, as everything will follow similar management or operation mechanisms."
"The rulebase management and the shared layers concept is implemented well."
"We can track logs of each firewall which is very helpful."
"The Check Point Management server is isolated from security gateways, which means that in case there is an issue, we have our configuration ready and we can directly replace the device and push the configuration."
"The solution is ideal for use and deployment in a large infrastructure environment."
"The unique management using Smart Console for all firewalls is very useful."
"With the generation and review of logs, we have verified some vulnerabilities and attempted attacks to generate improvements in our infrastructure and policies to help avoid issues in the future."
"HA Structure provides good coverage and works fine."
"LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
"NextGen SIEM's most valuable feature is its user-friendliness."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
"Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that."
"The biggest area with room for improvement in Devo is the Security Operations module that just isn't there yet. That goes back to building out how they're going to do content and larger correlation and aggregation of data across multiple things, as well as natively ingesting CTI to create rule sets."
"Technical support could be better."
"Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better."
"There are some issues from an availability and functionality standpoint, meaning the tool is somewhat slow. There were some slow response periods over the past six to nine months, though it has yet to impact us terribly as we are a relatively small shop. We've noticed it, however, so Devo could improve the responsiveness."
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate."
"I would like to have the ability to create more complex dashboards."
"Where Devo has room for improvement is the data ingestion and parsing. We tend to have to work with the Devo support team to bring on and ingest new sources of data."
"In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer."
"I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements."
"It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time."
"The graphical interface is nice but it is a bit heavy."
"Policy installation time can be reduced."
"The tracking of new threats could be improved."
"We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time."
"Installing a policy takes a very long time to complete."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"Sometimes the Platform Manager crashes because it's built around Windows."
"We've had issues with scaling and local support."
"The log storage capacity should be increased."
"LogRhythm's SOAR and NDR features don't stack up well against competitors. maybe integrating theme functionality as the other do. But in general, it's okay."
"One of the challenges of the SIEM for the LogRhythm 7 platform is the amount of time it takes to bring new log sources into the MDI."
"The solution is likely not the best option for a smaller organization."
Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.
Check Point Security Management is an advanced security management platform for enterprises. The platform integrates all aspects of security. A single platform manages the entire infrastructure, from data centers to private/public cloud deployments.
Check Point Security Management is a reliable and easy-to-use security platform. It integrates all aspects of your security environment to strengthen the security posture without impairing productivity. The system has a layered policy model. This means the security policy can be separated into layers for network segmentation. Different administrators can manage different policies. The policy layer automates the tasks.
The platform is extensible, scalable, and integrates easily with orchestration systems and change management.
Basic Components of the Infrastructure
The smart console offers several advantages. Changes in security policies and logs can be done with a click. You can navigate from an item within a log to the policy. There are also built-in multi-language support and accessibility features.
1. Security Management Server: The server manages security gateways with set security policies and monitors security events on the network.
The automation server is an integrated part of the management server. The API server is active by default on servers with 4 GB of RAM or more and on standalone servers with 8 or more GB of RAM.
The automation server communicates with the management server the same way as the Smart Console. This architecture allows the same validation errors and warnings to be presented when using an automation session.
The same audit logs generated using the Smart Console are also generated using an automation session. If you have a multi-domain environment, there is only one automation server that monitors all the IP addresses of the multi-domain management server.
2. Security Gateway is placed at the edge of the network. It monitors and filters traffic and enforces security policies.
Logging, Event management, and Monitoring
With Check Point Security Management, logging, reporting, event management, and monitoring are integrated. The platform features widgets and chart templates that optimize visibility. One of the best features is the one-click exploration. This simplifies going from a general overview to specific event details.
Benefits of Check Point Security Management
The unified console also means a single policy for users, data, applications, and networks. The granularity control helps accelerate administration processes. This feature, together with automation, is key to achieving reduced operational overhead. Security teams can automate tasks and even create self-service security web portals with the Check Point Security Management platform.
Threat management is fully integrated, with reporting, logging, and monitoring all in one dashboard. This provides full visibility into the security of the network.
Security Management Suite
The Security Management Suite consists of the following modules:
Reviews from Real Users
A Network Security Engineer/Architect at a tech services company says, "The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other."
"The management API is the best new feature for me. It allows us to further automate our customers' automated server ordering," says a System Engineer Network & Security at OTTO GmbH & Co KG.
A Senior Infrastructure Services Specialist at St.George Bank Limited adds that "The solution is ideal for use and deployment in a large infrastructure environment."
LogRhythm’s NextGen SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, NextGen is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyber threats. Ultimately, the platform is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. This platform is for organizations that require an on-premises solution and offers:
● Streamlined workflow
● Secure data access
● Real-time visibility
● A unified user experience
● Management customization
Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology is there to address threats before they become significant financial risks while simultaneously helping better manage the organization’s assets.
LogRhythm NextGen SIEM has many key features and capabilities, including:
● High-Performance Log Management: NextGen SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.
● Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.
● SmartResponse Automation Framework: NextGen SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.
● Automated Machine Analytics: NextGen SIEM’s AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.
● Case and Security Incident Management: NextGen SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.
Benefits to Using LogRhythm NextGen SIEM
● The platform is of great value for security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.
● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.
● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.
Reviews from Real Users
LogRhythm NextGen SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.
Jason G., a senior cyber security engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”
See how Devo allows you to free yourself from data management, and make machine data and insights accessible.
Check Point Security Management is ranked 7th in Log Management with 34 reviews while LogRhythm SIEM is ranked 5th in Log Management with 26 reviews. Check Point Security Management is rated 9.0, while LogRhythm SIEM is rated 8.2. The top reviewer of Check Point Security Management writes "Scalable with a good management API and visible audit logs". On the other hand, the top reviewer of LogRhythm SIEM writes "Helps with productivity, reduces administrative overhead, and offers useful dashboards". Check Point Security Management is most compared with Fortinet FortiAnalyzer, Wazuh, IBM QRadar, Elastic Security and ManageEngine Log360, whereas LogRhythm SIEM is most compared with Splunk, IBM QRadar, Microsoft Sentinel, Datadog and AT&T AlienVault USM. See our Check Point Security Management vs. LogRhythm SIEM report.
See our list of best Log Management vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.