We changed our name from IT Central Station: Here's why

LogRhythm NetMon OverviewUNIXBusinessApplication

LogRhythm NetMon is #41 ranked solution in best Network Monitoring Tools. PeerSpot users give LogRhythm NetMon an average rating of 8 out of 10. LogRhythm NetMon is most commonly compared to SolarWinds NPM: LogRhythm NetMon vs SolarWinds NPM. The top industry researching this solution are professionals from a computer software company, accounting for 37% of all views.
What is LogRhythm NetMon?

Identify Emerging Threats on Your Network in Real Time

Transform your physical or virtual system into a network forensics sensor in a matter of minutes for free with LogRhythm's NetMon Freemium. Your investigations will come together effortlessly with extensive corresponding metadata, full packet capture, and customizable advanced correlation.. Detect network-based threats with real-time network monitoring and big data analytics

Get the visibility you need with NetMon.

LogRhythm NetMon was previously known as LogRhythm Network Monitor .

Buyer's Guide

Download the Network Monitoring Software Buyer's Guide including reviews and more. Updated: January 2022

LogRhythm NetMon Customers

Sera-Brynn

LogRhythm NetMon Video

Archived LogRhythm NetMon Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Data Security Architect at a comms service provider with 1,001-5,000 employees
Real User
Good analytics features but it should have better integration with multiple products
Pros and Cons
  • "The analytics feature is the most valuable feature."
  • "I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products."

What is most valuable?

The analytics feature is the most valuable feature. 

What needs improvement?

I would like to see better integration with multiple products. Integration is not something that is readily available for most of the products. 

I would also like to see some more customization with the analytics that LogRhythm offers because there are competitive solutions on the market that get much more analytics, unlike LogRhythm. We have second-hand features when we look at the analytics portion of it. Otherwise, the solution is good but I'm expecting a little more in analytics.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

The stability is good. I would rate it a three out of five. 

What do I think about the scalability of the solution?

Scalability depends on the sizing. If you have lower sizing then you will not be able to scale the system. 

The security team of around five people are the main users. They do analytics for an organization of 3,000 plus employees.

How are customer service and technical support?

Their technical support isn't so great. 

Which solution did I use previously and why did I switch?

We were previously using ArcSight. We switched because ArcSight didn't have a roadmap for their company. We didn't get a clear roadmap for their technology innovation guidelines.

How was the initial setup?

The initial setup was a little complex. We have to manage a lot of devices, the dashboard needs to be set up. 

The entire deployment took a little over a month. We required five to six staff members for the deployment. The staff compromises of security and forensic analysts.

What about the implementation team?

We implemented in-house. 

What's my experience with pricing, setup cost, and licensing?

Pricing is okay. There were some competitors that were extremely expensive and there were some which were really inexpensive but LogRhythm stayed in the middle of them.

What other advice do I have?

I would advise someone considering this solution to do the assessments properly before you deploy the solution because it also depends on what kind of products you have to integrate with LogRhythm. Most products do have an integration out-of-the-box. You need to study the product first before you make the decision to go ahead with LogRhythm.

I would rate it a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user756438
Senior Info Security Specialist at a hospitality company
Vendor
Ease of use leads to meaningful information from the start, but learning advanced features is difficult

What is most valuable?

It's the ease of use, right off the bat. You can type in certain applications to bring up, it brings up graphs and it's meaningful information off the bat with a very low level of entry. Then, as you get more comfortable, you can get more advanced, more granular. But it's probably the ease of entry into it that is one of the key features so far.

How has it helped my organization?

With other solutions it's a lot of care and feeding to keep it going, making sure that your alarms and use cases are built out. With the Network Monitor it's pulling packets right off the network and doing that deep packet analytics. You're able to look right off the wire and get a true picture of what's going on. "Did this person send out an email? Did this person go to this website? Is this application running on our network in these certain areas?" You can get a very granular look.

It provides data in a user-friendly interface that I can pull off and get to management.

It does packet captures as well, so if I really wanted to dig into it I could pull those down. I could run those through other tools as well.

You can really really dig into it with some other packet-analysis tools we have. But just having it there, it's incredibly smart, incredibly easy to use, and the breadth of information we get off it is really good for investigations for us.

What needs improvement?

It's just finding the knowledge and figuring out how to apply it. The platform itself is good, but the breadth of capabilities that it has is difficult, and not always super-well communicated between LogRhythm and us.

We were using it for certain things and, as time went on, we brought in different tools to meet certain capabilities. Then after researching, "Oh, LogRhythm does this too."

It's that communication between LogRhythm and us, just letting us know - maybe it's a little bit on us as well - what the capabilities are and how we can leverage it and make the most of our investment.

Things like this LogRhythm User Conference are really great, to know where they're going, and what we actually have.

For how long have I used the solution?

I've only been in the department about two years. I think we have had it for about four or five years at this point.

What do I think about the stability of the solution?

No issues since we upgraded. Previously, it was typically every Monday that I was coming in - it would die over the weekend - and I would spend a day cleaning up databases. That was LogRhythm 6.3.

Now we're on v7.25. Since that upgrade, searches are a lot quicker. The stability, the way they split it up now with the data processors and the data indexers with the new platform, it's been fantastic.

The Network Monitor itself, I haven't had any problems with it. We're capturing rolling PCAPs, and we have about a month and a half of PCAPs from our different environments right now. Stability is quite good.

What do I think about the scalability of the solution?

Regarding scalability, I think it's more just getting time to spend in LogRhythm. We're not a huge security shop, so it's getting the time to dig into it and really figure out how we're going to build it out and learning the functionalities that exist, that we can leverage.

A lot of the time you end up getting a product, standing it up for one use case, and that's what it gets pidgeon-holed as, when really there are 100 other capabilities you can use there.

How is customer service and technical support?

We've never had any problems. We have a few different platforms we run, for vulnerability management and the like. LogRhythm's support is always, compared to the other vendors that we use, it's always same-day, next-day. Whereas other vendors, after a week, two weeks, you have to follow up.

LogRhythm support has really been "Johnny on the spot." I write to the other guys who manage the other systems and I'll say, "I put the ticket in today and it was solved the next day," and he's been waiting two weeks and following up with them and really hounding them. I've never had to do that.

Very good support.

Which other solutions did I evaluate?

We're upgrading from the old version to the new version. Then I did some research on the Network Monitor box and saw some potential there for use cases. I sold it to my management and showed them what we could do with the Freemium version first.

From there, once I showed the use case and the value there, we were able to move forward and purchase the nice nice big appliance.

Because we're government, if it's existing we can do the upgrade process, but if we wanted to switch vendors it's more of a RFP process, very arduous and long. We knew we wanted to stick with LogRhythm, but there was an opportunity for us to look at new use cases and new capabilities that we spin up.

What other advice do I have?

We're Palo Alto for a lot of our Edge stuff. We run Cisco. Palo Alto on endpoints for their traps, McAfee on some others. It's fairly distributed as well. We run all the casinos in British Columbia, they distribute all around the province, and we run all of those and they're all reporting back to us. We also run the lottery point-of-sales systems as well. You go into gas station, there's a lottery terminal there you can buy your ticket off of. We manage all those as well. Those are all wireless. A ton of stuff. Very, very large.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about LogRhythm, SolarWinds, Cisco and others in Network Monitoring Software. Updated: January 2022.
564,997 professionals have used our research since 2012.
it_user756351
Director Of Infrastructure at a government with 10,001+ employees
Vendor
Log aggregation gives us all our logs in one place, we can get the analytics from a single dashboard

What is most valuable?

Definitely the log aggregation. We enjoy having all of our logs in one place, where we can get the analytics from a single dashboard. Really, that is the goal. That's why we purchased, really just to aggregate.

How has it helped my organization?

We're running a single XM appliance, LogRhythm side. We're just under 2000 events a second. Our entire stack is VMware ESXi. We're completely virtual. We have two datacenters, about 300 VMs. We're also aggregating logs from all of our network equipment. We have 200 remote sites that all push their logs back to our data center.

We're very young in our deployment, out six months. We have yet to really derive substantial benefit from it. What we've seen so far has been, when we see events we can go back and drill into it, and see the path, see the kill chain. But we haven't made it to the point where we have tuned our alarms, yet. I expect it to do all of these things, we just haven't made it there yet.

The goal is to protect our users, certainly. Our environment is set up much like a retail environment. We have the vast majority of my users directly interfaced with the public. Their computers or their devices exist in the wild, not behind my corporate firewall. The overriding goal is to protect that equipment, protect those users, and then of course protect myself from anything that would happen if one of those devices or users is compromised. The challenges are really the same. All of these devices exist in the wild. They're not behind my firewall, they are out on the open internet daily, on a regular basis. That is the biggest challenge, making sure that those devices are visible to us, and that we can collect data, collect logs from those devices.

Again, we're so young in our deployment, that the perception is that there is a lot of potential there. We know that we have a long way to go to tune it, to onboard all of the log sources. The impression so far is very, very good. We were sold on the product based on the fairly narrow use cases that the sales reps gave us. What we're seeing during our usage is that we can get there. Again, we're so young in the deployment that we haven't made it to that point yet. But we definitely see the potential, we're very excited about the potential.

What needs improvement?

This is one where we're so young that it's almost impossible for me to answer the question, because I haven't explored everything that's available today.

One thing that surprised me was the current version of LogRhythm does not natively support Windows 2016. We're diving in feet-first. We are deploying only Windows 2016 now. During the deployment, there was a lag time between the time that Windows 2016 became generally available, and when LogRhythm was going to support it. During this period we had to trick LogRhythm into believing that these 2016 machines were 2012 machines. That was a bit surprising because of all of the automatic updates that we get, the threat feeds, everything that LogRhythm puts into the system automatically. To not have support for a very, very big new release was a bit surprising.

For how long have I used the solution?

Six months.

What do I think about the scalability of the solution?

So far - and I hate to keep going back to the fact that we've only been doing it for a few months - but so far we've been very impressed with scalability. We have a single appliance, and we have several collectors that run against that appliance. We really love how easy it is to just add another collector. I have data sources, I have log sources that exist in my DR facility. I can stand up a collector in that facility, and then push it back across the wire, and it's very easy. It's a couple of clicks, done. We're very excited about, again, the potential for scalability without having to re-architect the entire solution.

How are customer service and technical support?

We haven't used them. We went with the partner that sold it to us.

Which solution did I use previously and why did I switch?

We did not have a SIEM solution previously.

Our CEO was phished several times. After the third time in a month that we had to go change his password, and counsel him again on not connecting to open WiFi, we realized that...

We have on-premise Active Directory that's federated against Office 365. We have three very different log sources. We have our local AD, we have our federation service that authenticates, and then we have Office that contains all of the logs. It was very, very difficult for us to follow that chain. Time stamps are slightly different. One's in this timezone, one's in that timezone. Really, it was born out of this frustration of: I need to figure out what happened. "What did he click on? Where was he? Where did he log in from?" to establish the chain of events. I just couldn't, because I didn't have one single repository to go to.

How was the initial setup?

Complex in the sense that I don't have much experience with SIEMs. We came from nothing. As an organization, we don't even have any experience behind the scenes. It felt very overwhelming, but the partner was able to lead us through it. From that perspective, having that person there leading us through it was relatively simple.

Which other solutions did I evaluate?

IBM's QRadar was there, and Splunk was the other.

What really sold us beyond everything that we've talked about, was the single pane of glass that LogRhythm gave us. Candidly, it was the Web UI Dashboard. The executive dashboard that I could put in front of my VP, I could put in front of my C-level to say, "Here. You can log into this, you can look at it. It gives you all of the high level rolled up information." That was incredibly difficult to come by with some of the other products.

What other advice do I have?

When selecting a vendor, for us the most important thing is the trust of their user base, really. We did a lot of due diligence when we were looking. Everything that we heard from LogRhythm's user base was that they love the product. They were very fanatical about it, that it could do so many things that really were time and effort on our part to implement. That was basically it. Everything was built-in. Really, it was more the user base. It was everything, all SIEMs do all things, and so it was more the support of the product. We knew the product would do what we wanted it to do, we were concerned about support, we were concerned about the way that the community reacted to it.

In terms of a solution being unified end-to-end platform, it's not critical, but definitely important. We are a very small shop. We support a lot of people, but our IT staff is incredibly small. I think there are five of us and two in the security aspect. An end-to-end platform was important to us, simply because it was a single vendor at that point. I could go to a single source, "one throat to choke," as it were. Wasn't critical, but definitely it was high up on the list.

Honestly, that rating of eight out of 10 is because we haven't used it very long.

I would advise anyone looking at this or similar solutions to define your use cases very well. That is what is going to separate a LogRhythm from a QRadar, from a Splunk. Everything can collect data, but pulling the data back out of the system, analyzing that data is the critical component. Definitely define those use cases and present those to the sales reps, and see how they respond.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Network Monitoring Software
Buyer's Guide
Download our free Network Monitoring Software Report and find out what your peers are saying about LogRhythm, SolarWinds, Cisco, and more!