Coming October 25: PeerSpot Awards will be announced! Learn more

LogRhythm NetMon OverviewUNIXBusinessApplication

LogRhythm NetMon is #58 ranked solution in best Network Monitoring Tools. PeerSpot users give LogRhythm NetMon an average rating of 8.0 out of 10. LogRhythm NetMon is most commonly compared to Zabbix: LogRhythm NetMon vs Zabbix. LogRhythm NetMon is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 28% of all views.
Buyer's Guide

Download the Network Monitoring Software Buyer's Guide including reviews and more. Updated: September 2022

What is LogRhythm NetMon?

Identify Emerging Threats on Your Network in Real Time

Transform your physical or virtual system into a network forensics sensor in a matter of minutes for free with LogRhythm's NetMon Freemium. Your investigations will come together effortlessly with extensive corresponding metadata, full packet capture, and customizable advanced correlation.. Detect network-based threats with real-time network monitoring and big data analytics

Get the visibility you need with NetMon.

LogRhythm NetMon was previously known as LogRhythm Network Monitor .

LogRhythm NetMon Customers

Sera-Brynn

LogRhythm NetMon Video

Archived LogRhythm NetMon Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Monsur Ahmed - PeerSpot reviewer
Software Management at Midland Bank
Real User
Good reporting and logging capability, but the training should be improved and the price lowered
Pros and Cons
  • "The most valuable feature is the log, which can be analyzed by our SIEM solution."
  • "The training for this product is not very good and needs to be improved."

What is our primary use case?

We use this product for network monitoring, to assist with our network security and performance.

What is most valuable?

The most valuable feature is the log, which can be analyzed by our SIEM solution.

The reporting capability is good.

What needs improvement?

The training for this product is not very good and needs to be improved. For example, the instructor came with a specific outline and does not like to go outside of the box.

There should be documentation the describes more use cases and how to implement them.

For how long have I used the solution?

We began working with LogRhythm NetMon less than a year ago. Our second phase of implementation was completed about three months ago.

Buyer's Guide
Network Monitoring Software
September 2022
Find out what your peers are saying about LogRhythm, SolarWinds, Cisco and others in Network Monitoring Software. Updated: September 2022.
632,779 professionals have used our research since 2012.

What do I think about the scalability of the solution?

This is a scalable solution. 

How are customer service and support?

We have consulted with the technical support team on a couple of things. I would say that they are ok.

How was the initial setup?

The initial setup for us was complex because we did not have much knowledge about this type of product.  

What's my experience with pricing, setup cost, and licensing?

The price of this solution is too high, so it should be made more practical and more valuable for the customer.

What other advice do I have?

In general, this is a good product. It is easy to configure and use.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Product Technical Manager at a tech company with 1-10 employees
Real User
Top 20
Provides very good lateral visibility for easy detection of irregular traffic and attacks
Pros and Cons
  • "Visibility is a valuable feature, the ability to see even if the traffic is not going into the firewall"
  • "Could use a topology diagram which would help get an exact visual."

What is our primary use case?


Our primary use case is trying to monitor irregular network traffic - identifying the type of traffic within our network, its origin, and destination IP. It could be HTTP, HTTPS, FTP, or OBDC. Once we recognize the traffic, we then correlate it, determining whether it's normal or abnormal. The data is also send via Syslog to LogRhythm SIEM to further correlate with logs from other devices to look at threats from a holistic view


How has it helped my organization?

We simply enabled the out of the box DPA rules within network monitor to look for Ransomware via SMB traffic and other types of attacks such as DNS hijacking where external DNS is being used instead of internal, and it was happening in our network environment



What is most valuable?


I think visibility is the most valuable feature - the ability to see what's going on with the network traffic even if it is not passing the firewall. It provides the lateral traffic visibility, which most can't see it in firewall and networking switch/routers with limited logs. In an internal environment, we have a customer with several database servers, and they want to know who is connecting to these critical servers, this solution enables that. In terms of attacks or any abnormal traffic, we can quickly detect it. Visibility to network lateral movement is significant.



What needs improvement?


Our customers would always like to see additional features. Ideally, they want one solution to do everything, particularly with networking products. Often customer request features that are related to their day-to-day operation such as traffic congestion and network usage at a specific endpoint. Adding operational flavor into the existing network threat detection product would allow more customers to use a single platform to satisfy all their networking visibility needs. I'd like to see more of these types of visualization or dashboard geared toward this kind of usage is built out of the box and ready to use.


Also, having network topology visuals from a specific endpoint can be a great feature that would help correlate and investigate faster.

For how long have I used the solution?

I've been using this product for four years. 

What do I think about the stability of the solution?

It's an excellent & stable solution, it's based on ELK and is a proprietary solution. It provides you with an ISO file that you can install in minutes.

How are customer service and technical support?


The technical support is excellent. You can find many pre-built rules, visualization dashboards, or the Kibana dashboard within the community portal. 90% of users can just use it right out of the box and use the many built-in deep packet analytics rules and dashboard or download from the community. If you like to build your own rules, it will require some learning on the rule syntax. Any more advanced integration with an external system can request to Logrhythm support. They will be willing to answer any questions you have.



How was the initial setup?

The initial setup is very straightforward and simple. It takes about half a day to get it all done. 

What's my experience with pricing, setup cost, and licensing?


Compared to many other products in the market, I think LogRhythm has the highest cost to performance ratio in terms of its value. Many customers compared us to a lot of other network tools that focused more on traffic flow and data flow, which often lack threat detections, visibility, and Deep packet analytics. However, LogRhythm NetworkNDR provides excellent visibility and threat detections because it identifies 3000 plus applications, built-in Deep packet rules, and provide SOAR capability at the same time.



What other advice do I have?

LogRhythm provides a freemium version of Netmon, so I would first advise anyone to download it and play with it first.  All features are the same as a full version, and it is the best way for anyone to understand the product capability and how it works. If it works well then consider buying the product

I would rate this product a 9 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner - Taiwan
PeerSpot user
Buyer's Guide
Network Monitoring Software
September 2022
Find out what your peers are saying about LogRhythm, SolarWinds, Cisco and others in Network Monitoring Software. Updated: September 2022.
632,779 professionals have used our research since 2012.
Data Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Good analytics features but it should have better integration with multiple products
Pros and Cons
  • "The analytics feature is the most valuable feature."
  • "I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products."

What is most valuable?

The analytics feature is the most valuable feature. 

What needs improvement?

I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products. 

I would also like to see some more customization with the analytics that LogRhythm offers because there are competitive solutions on the market that get much more analytics, unlike LogRhythm. We have second-hand features when we look at the analytics portion of it. Otherwise, the solution is good but I'm expecting a little more in analytics.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The stability is good. I would rate it a three out of five. 

What do I think about the scalability of the solution?

Scalability depends on the sizing. If you have lower sizing then you will not be able to scale the system. 

The security team of around five people are the main users. They do analytics for an organization of 3,000 plus employees.

How are customer service and technical support?

Their technical support isn't so great. 

Which solution did I use previously and why did I switch?

We were previously using ArcSight. We switched because ArcSight didn't have a roadmap for their company. We didn't get a clear roadmap for their technology innovation guidelines.

How was the initial setup?

The initial setup was a little complex. We have to manage a lot of devices, the dashboard needs to be set up. 

The entire deployment took a little over a month. We required five to six staff members for the deployment. The staff compromises of security and forensic analysts.

What about the implementation team?

We implemented in-house. 

What's my experience with pricing, setup cost, and licensing?

Pricing is okay. There were some competitors that were extremely expensive and there were some which were really inexpensive but LogRhythm stayed in the middle of them.

What other advice do I have?

I would advise someone considering this solution to do the assessments properly before you deploy the solution because it also depends on what kind of products you have to integrate with LogRhythm. Most products do have an integration out-of-the-box. You need to study the product first before you make the decision to go ahead with LogRhythm.

I would rate it a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756438 - PeerSpot reviewer
Senior Info Security Specialist at a hospitality company
Vendor
Ease of use leads to meaningful information from the start, but learning advanced features is difficult

What is most valuable?

It's the ease of use, right off the bat. You can type in certain applications to bring up, it brings up graphs and it's meaningful information off the bat with a very low level of entry. Then, as you get more comfortable, you can get more advanced, more granular. But it's probably the ease of entry into it that is one of the key features so far.

How has it helped my organization?

With other solutions it's a lot of care and feeding to keep it going, making sure that your alarms and use cases are built out. With the Network Monitor it's pulling packets right off the network and doing that deep packet analytics. You're able to look right off the wire and get a true picture of what's going on. "Did this person send out an email? Did this person go to this website? Is this application running on our network in these certain areas?" You can get a very granular look.

It provides data in a user-friendly interface that I can pull off and get to management.

It does packet captures as well, so if I really wanted to dig into it I could pull those down. I could run those through other tools as well.

You can really really dig into it with some other packet-analysis tools we have. But just having it there, it's incredibly smart, incredibly easy to use, and the breadth of information we get off it is really good for investigations for us.

What needs improvement?

It's just finding the knowledge and figuring out how to apply it. The platform itself is good, but the breadth of capabilities that it has is difficult, and not always super-well communicated between LogRhythm and us.

We were using it for certain things and, as time went on, we brought in different tools to meet certain capabilities. Then after researching, "Oh, LogRhythm does this too."

It's that communication between LogRhythm and us, just letting us know - maybe it's a little bit on us as well - what the capabilities are and how we can leverage it and make the most of our investment.

Things like this LogRhythm User Conference are really great, to know where they're going, and what we actually have.

For how long have I used the solution?

I've only been in the department about two years. I think we have had it for about four or five years at this point.

What do I think about the stability of the solution?

No issues since we upgraded. Previously, it was typically every Monday that I was coming in - it would die over the weekend - and I would spend a day cleaning up databases. That was LogRhythm 6.3.

Now we're on v7.25. Since that upgrade, searches are a lot quicker. The stability, the way they split it up now with the data processors and the data indexers with the new platform, it's been fantastic.

The Network Monitor itself, I haven't had any problems with it. We're capturing rolling PCAPs, and we have about a month and a half of PCAPs from our different environments right now. Stability is quite good.

What do I think about the scalability of the solution?

Regarding scalability, I think it's more just getting time to spend in LogRhythm. We're not a huge security shop, so it's getting the time to dig into it and really figure out how we're going to build it out and learning the functionalities that exist, that we can leverage.

A lot of the time you end up getting a product, standing it up for one use case, and that's what it gets pidgeon-holed as, when really there are 100 other capabilities you can use there.

How is customer service and technical support?

We've never had any problems. We have a few different platforms we run, for vulnerability management and the like. LogRhythm's support is always, compared to the other vendors that we use, it's always same-day, next-day. Whereas other vendors, after a week, two weeks, you have to follow up.

LogRhythm support has really been "Johnny on the spot." I write to the other guys who manage the other systems and I'll say, "I put the ticket in today and it was solved the next day," and he's been waiting two weeks and following up with them and really hounding them. I've never had to do that.

Very good support.

Which other solutions did I evaluate?

We're upgrading from the old version to the new version. Then I did some research on the Network Monitor box and saw some potential there for use cases. I sold it to my management and showed them what we could do with the Freemium version first.

From there, once I showed the use case and the value there, we were able to move forward and purchase the nice nice big appliance.

Because we're government, if it's existing we can do the upgrade process, but if we wanted to switch vendors it's more of a RFP process, very arduous and long. We knew we wanted to stick with LogRhythm, but there was an opportunity for us to look at new use cases and new capabilities that we spin up.

What other advice do I have?

We're Palo Alto for a lot of our Edge stuff. We run Cisco. Palo Alto on endpoints for their traps, McAfee on some others. It's fairly distributed as well. We run all the casinos in British Columbia, they distribute all around the province, and we run all of those and they're all reporting back to us. We also run the lottery point-of-sales systems as well. You go into gas station, there's a lottery terminal there you can buy your ticket off of. We manage all those as well. Those are all wireless. A ton of stuff. Very, very large.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user756351 - PeerSpot reviewer
Director Of Infrastructure at a government with 10,001+ employees
Real User
Log aggregation gives us all our logs in one place, we can get the analytics from a single dashboard

What is most valuable?

Definitely the log aggregation. We enjoy having all of our logs in one place, where we can get the analytics from a single dashboard. Really, that is the goal. That's why we purchased, really just to aggregate.

How has it helped my organization?

We're running a single XM appliance, LogRhythm side. We're just under 2000 events a second. Our entire stack is VMware ESXi. We're completely virtual. We have two datacenters, about 300 VMs. We're also aggregating logs from all of our network equipment. We have 200 remote sites that all push their logs back to our data center.

We're very young in our deployment, out six months. We have yet to really derive substantial benefit from it. What we've seen so far has been, when we see events we can go back and drill into it, and see the path, see the kill chain. But we haven't made it to the point where we have tuned our alarms, yet. I expect it to do all of these things, we just haven't made it there yet.

The goal is to protect our users, certainly. Our environment is set up much like a retail environment. We have the vast majority of my users directly interfaced with the public. Their computers or their devices exist in the wild, not behind my corporate firewall. The overriding goal is to protect that equipment, protect those users, and then of course protect myself from anything that would happen if one of those devices or users is compromised. The challenges are really the same. All of these devices exist in the wild. They're not behind my firewall, they are out on the open internet daily, on a regular basis. That is the biggest challenge, making sure that those devices are visible to us, and that we can collect data, collect logs from those devices.

Again, we're so young in our deployment, that the perception is that there is a lot of potential there. We know that we have a long way to go to tune it, to onboard all of the log sources. The impression so far is very, very good. We were sold on the product based on the fairly narrow use cases that the sales reps gave us. What we're seeing during our usage is that we can get there. Again, we're so young in the deployment that we haven't made it to that point yet. But we definitely see the potential, we're very excited about the potential.

What needs improvement?

This is one where we're so young that it's almost impossible for me to answer the question, because I haven't explored everything that's available today.

One thing that surprised me was the current version of LogRhythm does not natively support Windows 2016. We're diving in feet-first. We are deploying only Windows 2016 now. During the deployment, there was a lag time between the time that Windows 2016 became generally available, and when LogRhythm was going to support it. During this period we had to trick LogRhythm into believing that these 2016 machines were 2012 machines. That was a bit surprising because of all of the automatic updates that we get, the threat feeds, everything that LogRhythm puts into the system automatically. To not have support for a very, very big new release was a bit surprising.

For how long have I used the solution?

Six months.

What do I think about the scalability of the solution?

So far - and I hate to keep going back to the fact that we've only been doing it for a few months - but so far we've been very impressed with scalability. We have a single appliance, and we have several collectors that run against that appliance. We really love how easy it is to just add another collector. I have data sources, I have log sources that exist in my DR facility. I can stand up a collector in that facility, and then push it back across the wire, and it's very easy. It's a couple of clicks, done. We're very excited about, again, the potential for scalability without having to re-architect the entire solution.

How are customer service and technical support?

We haven't used them. We went with the partner that sold it to us.

Which solution did I use previously and why did I switch?

We did not have a SIEM solution previously.

Our CEO was phished several times. After the third time in a month that we had to go change his password, and counsel him again on not connecting to open WiFi, we realized that...

We have on-premise Active Directory that's federated against Office 365. We have three very different log sources. We have our local AD, we have our federation service that authenticates, and then we have Office that contains all of the logs. It was very, very difficult for us to follow that chain. Time stamps are slightly different. One's in this timezone, one's in that timezone. Really, it was born out of this frustration of: I need to figure out what happened. "What did he click on? Where was he? Where did he log in from?" to establish the chain of events. I just couldn't, because I didn't have one single repository to go to.

How was the initial setup?

Complex in the sense that I don't have much experience with SIEMs. We came from nothing. As an organization, we don't even have any experience behind the scenes. It felt very overwhelming, but the partner was able to lead us through it. From that perspective, having that person there leading us through it was relatively simple.

Which other solutions did I evaluate?

IBM's QRadar was there, and Splunk was the other.

What really sold us beyond everything that we've talked about, was the single pane of glass that LogRhythm gave us. Candidly, it was the Web UI Dashboard. The executive dashboard that I could put in front of my VP, I could put in front of my C-level to say, "Here. You can log into this, you can look at it. It gives you all of the high level rolled up information." That was incredibly difficult to come by with some of the other products.

What other advice do I have?

When selecting a vendor, for us the most important thing is the trust of their user base, really. We did a lot of due diligence when we were looking. Everything that we heard from LogRhythm's user base was that they love the product. They were very fanatical about it, that it could do so many things that really were time and effort on our part to implement. That was basically it. Everything was built-in. Really, it was more the user base. It was everything, all SIEMs do all things, and so it was more the support of the product. We knew the product would do what we wanted it to do, we were concerned about support, we were concerned about the way that the community reacted to it.

In terms of a solution being unified end-to-end platform, it's not critical, but definitely important. We are a very small shop. We support a lot of people, but our IT staff is incredibly small. I think there are five of us and two in the security aspect. An end-to-end platform was important to us, simply because it was a single vendor at that point. I could go to a single source, "one throat to choke," as it were. Wasn't critical, but definitely it was high up on the list.

Honestly, that rating of eight out of 10 is because we haven't used it very long.

I would advise anyone looking at this or similar solutions to define your use cases very well. That is what is going to separate a LogRhythm from a QRadar, from a Splunk. Everything can collect data, but pulling the data back out of the system, analyzing that data is the critical component. Definitely define those use cases and present those to the sales reps, and see how they respond.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Network Monitoring Software Report and find out what your peers are saying about LogRhythm, SolarWinds, Cisco, and more!
Updated: September 2022
Product Categories
Network Monitoring Software
Buyer's Guide
Download our free Network Monitoring Software Report and find out what your peers are saying about LogRhythm, SolarWinds, Cisco, and more!