We performed a comparison between Elastic Security and LogRhythm UEBA based on real PeerSpot user reviews.
Find out what your peers are saying about CrowdStrike, SentinelOne, Wazuh and others in Extended Detection and Response (XDR)."I like 365 Defender's advanced threat hunting. The dashboard is user-friendly with templates for site policies, etc. The most important use case is evaluating the risk links and applications."
"The unified view of the threat landscape on a central dashboard is the most valuable feature."
"The integration between all the Defender products is the most valuable feature."
"The visibility into threats is also very impressive because Microsoft helps you predict things and provides analytics to help you really improve your security. And all of this technology works across the domain, so it is pretty helpful in terms of threat analytics."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"We are connected to Microsoft and have every laptop enrolled. This acts as an endpoint. The tool helps me check security and compliance. I can also check what a device is doing."
"The most valuable features of Microsoft 365 Defender are the combination of all the capabilities and centralized management."
"Another noteworthy feature that I find appealing in Microsoft Defender is the credit-backed simulation. This feature enables organizations to train their users on effectively responding to phishing emails through a simulated training environment."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"I like the indexing of the logs."
"It's open-source and free to use."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"The cost is reasonable. It's not overly pricey."
"The most valuable features are the speed, detail, and visualization. It has the latest standards."
"Its flexibility is most valuable. We can have a number of scenarios, and we can get logs from anything. If we know how to use Logstash, we can tweak it in many ways. This makes the logging search on Elastic very easy."
"It has a lot of features. It has file integration monitoring."
"The tool's most valuable feature is server threat hunting."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"The most valuable features are file activity monitoring and registry activity monitoring."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"Good capability pinpointing specific cyber incidents."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"Advanced attacks could use an improvement."
"This solution could be improved if it included features such as those offered by Malwarebytes."
"The console is missing some features that would be helpful for a managed services provider, like device and user management."
"The only problem I find is that the use cases are built-in. There is no template available that you can modify according to your organization's standards. What they give is very generic, the market standard, but that might not be applicable to every organization."
"The data recovery and backup could be improved."
"The cost can be high if you want to build custom license packages. Another area for improvement is the policies. In Azure, we need to implement policies in JSON format, but in 365 Defender 365, it would be helpful to use a different format so we can customize the platform."
"In the beginning, it's difficult to navigate the system because it is quite large. Just trying to find your way and understand how the system works can be hard. After spending quite a lot of time searching it's a lot easier, but I wish it were a bit more user-friendly when you're trying to find things."
"This solution is very hard to implement."
"The solution could offer better reporting features."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"The biggest challenge has been related to the implementation."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The cloud version is lacking and not up to par."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"The search feature needs to be improved."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
Elastic Security is ranked 7th in Extended Detection and Response (XDR) with 59 reviews while LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews. Elastic Security is rated 7.6, while LogRhythm UEBA is rated 7.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and Microsoft Defender for Endpoint, whereas LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Trend Micro Deep Discovery and Aruba IntroSpect.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
