LogRhythm SIEM vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 21, 2023
 

Categories and Ranking

LogRhythm SIEM
Ranking in Log Management
8th
Ranking in Security Information and Event Management (SIEM)
6th
Average Rating
8.4
Number of Reviews
167
Ranking in other categories
No ranking in other categories
Splunk Enterprise Security
Ranking in Log Management
1st
Ranking in Security Information and Event Management (SIEM)
1st
Average Rating
8.4
Number of Reviews
258
Ranking in other categories
IT Operations Analytics (1st)
 

Mindshare comparison

As of June 2024, in the Security Information and Event Management (SIEM) category, the mindshare of LogRhythm SIEM is 5.0%, down from 6.4% compared to the previous year. The mindshare of Splunk Enterprise Security is 13.7%, down from 14.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
Log Management
5.4%
IT Operations Analytics
28.2%
 

Featured Reviews

GW
Oct 28, 2018
We integrated Azure logs with it, allowing us to compare that with our Windows and host logs
I'm not sure that we're hands-on yet with the full-spectrum analytics capabilities and we don't use any of the built-in playbooks. We have plans to use them in the future. We want to integrate everything into it and make it more automated. We're at about 6,000 logs per second. In terms of a measurable decrease in the meantime to detect and respond to threats, we haven't gotten there yet. We are still implementing, still learning. We have to get to all our logs correlated. So far we're pretty happy with the overall functionality of the system. It's going to meet everything we're looking for.
Sathish Suluguri - PeerSpot reviewer
Mar 11, 2024
User-friendly, feature-rich, and best support
Splunk Enterprise Security helps with real-time detection. When we integrate any data source, if any external IPs or external devices are accessing that data source, we get notified. We get alerts based on the use cases we develop. Splunk Enterprise Security has improved the incident response time a lot. Splunk is doing log ingestion, and it is also used to search the database for issues. It is ingesting and identifying. All that is happening in a single solution. Splunk Enterprise Security is very easy to use. We can monitor anything. We can monitor and integrate any type of applications and servers. It is very easy and effective. I work with different security tools, but none of the security tools has these many features. Splunk's documentation is clear. Irrespective of the environment we are working in, we have clear documentation. One of our clients is using the Threat Intelligence Management feature. The actionable intelligence provided by the Threat Intelligence Management feature is very good. I have been working with different vendors. Splunk Enterprise Security is a very effective and user-friendly tool. Whether it is Sentinel, LogRhythm, or QRadar, each one of them has its own limitations, but Splunk has all the features. Its benefits can be realized very quickly. It does not take lots of days or months. Splunk Enterprise Security has helped to reduce our alert volume. There is a 60% to 70% reduction. Splunk Enterprise Security has helped speed up our security investigations.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
"It allows us to automate a lot of things with a smaller team."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The user interface is pretty good compared to other SIEM tools."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"It supports most standard log sources."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"The ability to rapidly diagnose problems in production and non-production, across hundreds of log files, is the most valuable feature."
"The technical support has been very good. They are very responsive and have been helpful."
"Integration with the cloud is pretty important and good for us. We found the integration with a lot of tools, not all tools yet, valuable. It does make the transfer of data, log files, and other things easier for us."
"The product is adept at log mining."
"It helped us consolidate all our solutions into an easy tool to use for various employees."
"Splunk Enterprise Security helped us with faster detection of threats."
"The fact that Splunk is a platform and not just a SIEM solution is a key benefit."
"Splunk's interface is user-friendly, and it has apps and add-ons for most applications. We can easily normalize the data to make it readable and understand the logs. We easily get all the field extractions and enrichment done by using the apps and add-ons. This helps us understand the application logs because the raw data is useless unless we extract some useful information from it. These add-ons make it so much easier."
 

Cons

"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"The software needs to work on its pricing."
"The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."
"LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"The configuration could be better."
"The GUI can be improved to include some of the capabilities that other BI solutions have."
"The Web Application Firewall will send you too much information because it's more dedicated to security than a normal firewall."
"Some of the queries are difficult to run and have room for improvement."
"A lot of people are averse to using new tools so if they make it even more user-friendly than it already is, I think that could go a long way."
"The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication."
"It takes time to train people."
"Our two main complaints are about the difficulty of the initial setup and the licensing model."
 

Pricing and Cost Advice

"When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing."
"We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that."
"It is a very cost-effective solution."
"Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product."
"In comparison to the competition, they are more affordable. This allows us to do more with less."
"Everything is expensive with LogRhythm, and you don't get anything for free."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"NextGen SIEM's pricing is moderate."
"Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
"We have an unlimited one, and we pay yearly, but I don't know how much it costs. Previously, I worked for a startup, and when they started building it up, it was complicated for them because they didn't have the budget for that many licenses. It was very costly for them. So, startups might find it a little bit problematic because of the licensing, but for bigger companies, there is no issue."
"Regarding the product's pricing, I think it has always been difficult to have a conversation with Splunk."
"Splunk Enterprise Security incurs a significant cost because of the amount of data we send, but we are fine with the value we're getting for that price."
"We have seen ROI and improvements as we have continued to use the product, but they are more reactive."
"As a team, we prefer the old pricing model with a perpetual license. We are still evaluating the whole subscription-based model."
"This product could use better pricing in general."
"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
789,442 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Educational Organization
38%
Computer Software Company
9%
Government
6%
Financial Services Firm
6%
Financial Services Firm
15%
Computer Software Company
14%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What do you like most about LogRhythm NextGen SIEM?
LogRhythm does a very good job of helping SOCs manage their workflows.
What is your experience regarding pricing and costs for LogRhythm NextGen SIEM?
LogRhythm's pricing and licensing are extremely competitive and it's one of the top three reasons we continue to invest in the platform.
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
No data available
 

Learn More

 

Overview

 

Sample Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about LogRhythm SIEM vs. Splunk Enterprise Security and other solutions. Updated: June 2024.
789,442 professionals have used our research since 2012.