IT Central Station is now PeerSpot: Here's why

LogRhythm NextGen SIEM OverviewUNIXBusinessApplication

LogRhythm NextGen SIEM is #6 ranked solution in top Security Information and Event Management (SIEM) tools and #8 ranked solution in Log Management Software. PeerSpot users give LogRhythm NextGen SIEM an average rating of 8.0 out of 10. LogRhythm NextGen SIEM is most commonly compared to Splunk: LogRhythm NextGen SIEM vs Splunk. LogRhythm NextGen SIEM is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
LogRhythm NextGen SIEM Buyer's Guide

Download the LogRhythm NextGen SIEM Buyer's Guide including reviews and more. Updated: July 2022

What is LogRhythm NextGen SIEM?

LogRhythm’s NextGen SIEM Platform is an award-winning platform in security analytics. With more than 4,000 customers globally, NextGen is an integrated platform that helps security operations teams protect critical infrastructure and information from emerging cyber threats. Ultimately, the platform is an integrated set of modules that contribute to the security team’s fundamental mission: rapid threat monitoring, threat detection, threat investigation, and threat neutralization. This platform is for organizations that require an on-premises solution and offers:

● Streamlined workflow

● Secure data access

● Real-time visibility

● A unified user experience

● Management customization

Security information and event management (SIEM) solutions have been evolving for over a decade; their core functionality still acts as the most effective foundation for any organization’s technology stack. A SIEM solution enables an organization to centrally collect data across its entire network environment to gain real-time visibility into activity that may pose a risk to the organization. SIEM technology is there to address threats before they become significant financial risks while simultaneously helping better manage the organization’s assets.

LogRhythm NextGen SIEM has many key features and capabilities, including:

High-Performance Log Management: NextGen SIEM offers structured and unstructured search capabilities which allows users to swiftly search across an organization’s vast data to easily find answers, identify IT and security issues, and troubleshoot issues. Users can efficiently process and index terabytes of log data daily.

Network and Endpoint Monitoring: Forensic sensors allow users to gain deep visibility into endpoint and network activity. Users can see behavioral anomalies and better respond to incidents.

● SmartResponse Automation Framework: NextGen SIEM allows users to centrally execute pre-staged actions that automate incident investigatory tasks and responses.

Automated Machine Analytics: NextGen SIEM’s AI Engine continuously analyzes all collected security incidents and forensic data. Security teams are delivered precise, real-time intelligence about risk-prioritized threats.

Case and Security Incident Management: NextGen SIEM offers an integrated workflow so that threats don’t slip through the cracks. Collaboration tools help centrally manage and track investigations.

Benefits to Using LogRhythm NextGen SIEM

The platform is of great value for security and IT operations. Users have the ability to map their security and IT operations to existing frameworks such as NIST and MITRE ATT&CK.

● The platform offers broad integration across security and IT vendors: Users benefit from support for integration with hundreds of security and IT solutions. In turn, this further extends SIEM capabilities and data collection.

● The platform provides compliance adherence, enforcement, and reporting: The prebuilt compliance modules automatically detect violations as they occur and remove the burden of manually reviewing audit logs.

Reviews from Real Users

LogRhythm NextGen SIEM stands out among its competitors for a number of reasons. Two major ones are its ability to be customized and its quick performance of queries.

Jason G., a senior cyber security engineer, writes, "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."

Andy W., principal consultant at ITSEC Asia, notes, “LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.”

LogRhythm NextGen SIEM was previously known as LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM.

LogRhythm NextGen SIEM Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill

LogRhythm NextGen SIEM Video

LogRhythm NextGen SIEM Pricing Advice

What users are saying about LogRhythm NextGen SIEM pricing:
  • "We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
  • "I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
  • "The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required."
  • "I didn't see the RFP, but I heard that it is more expensive than QRadar. I remember one customer implemented only one QRadar in two sites. It cost them $2 million, I think. Maybe LogRhythm is much higher."
  • LogRhythm NextGen SIEM Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Information Security Officer, Network Analyst at a university with 1,001-5,000 employees
    Real User
    Top 20
    It puts things together and provides the evidence and has good automation and integration capabilities
    Pros and Cons
    • "Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
    • "Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications. The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products."

    What is our primary use case?

    We use it for log ingestion and monitoring activity in our environment.

    How has it helped my organization?

    It is a simpler system than what we had before. We had IBM QRadar, which used to give us everything, and we had to dig through, figure out, and piece it all together. LogRhythm lights up when an event occurs. As opposed to just giving us everything, it will piece things together for you and let you know that you probably should look at this. It also provides the evidence. 

    It is easy to find what you're looking for. It is not like a needle in the haystack like QRadar was. It is not a mystery why something popped or why you're being alerted. It provides you the details or the evidence as to why it alerted or alarmed on something, making qualifying or investigations a little bit quicker and also allowing us to close down on remediation times.

    What is most valuable?

    Automations are very valuable. It provides the ability to automate some of our small use cases. 

    The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools.

    What needs improvement?

    Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. 

    They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications.

    The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products.

    Buyer's Guide
    LogRhythm NextGen SIEM
    July 2022
    Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    621,327 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using this solution for three years.

    What do I think about the stability of the solution?

    Bugs are there. We've encountered quite a few, but support is pretty quick at picking up and working with us through those and then escalating through their different peers until we get a solution. Now, the bugs are becoming less and less. Initially, they were rolling out features pretty quickly, and maybe some use cases weren't considered. We ran into those bugs because it was a unique use case.

    What do I think about the scalability of the solution?

    It is easy to scale. We run different appliances. So, for us scaling is not an issue. Each appliance does a different piece of the function, so scalability is not a problem. We started off doing say 10,000 logs per second or MPS event, and then we quickly upgraded. Now, we're sitting at a cool 15,000. There is no need to upgrade hardware or anything. You just update the license. That is it.

    We have multiple users in there. We have a security team, operations teams, server team, and network team for operations. We also have our research team, HBC team, and support desk staff. We have security teams from other universities in the States. We're sitting at a cool 50 users.

    How are customer service and support?

    Their technical support is good. They are pretty quick at working with us. I would give them an eight out of ten. I don't know what they see on their end when a customer calls in and whether they are able to see previous tickets. It always feels like you're starting fresh every time. They could maybe improve on that end.

    Which solution did I use previously and why did I switch?

    We had IBM QRadar for what seemed to be almost a decade. So, we just needed something different. There was a loss of knowledge transfer, as you can imagine, over a decade with different people coming in and out of security teams, and the transfer of knowledge was very limited. At the time I got on board, I had to figure out how to use it and how to maintain it and keep it going. We had some difficulties or challenges with IBM in getting a grasp on how we can keep getting support. It was a challenge just figuring out who our account rep was. After I figured that out, it was somewhat smooth sailing, and then we just decided it was time for something different, just a break-off because products change in ten years. You can either stay with it and deal with issues, or you do a break-off and get what's best for the organization.

    How was the initial setup?

    It was complex simply because we had different products. 

    What about the implementation team?

    We did have professional services to help us, which made the installation a little bit smoother. Onboarding of logs and having somebody with whom you can bounce ideas and who can go find an answer for you if they didn't have one readily available made the transition from one product to the other pretty straightforward.

    What's my experience with pricing, setup cost, and licensing?

    We did a five-year agreement. We pay close to a quarter of a million dollars for our solution.

    What other advice do I have?

    I would definitely advise giving it a look. If you're able to deal with it in your environment and just give it a chance, it'll grow on you. It is not Splunk, but it's getting there. They're gaining visibility with other vendors. The integration with third parties is starting to light up a little bit for them, unlike IBM QRadar that has already created that bond with third parties to bring in their services into the product. LogRhythm is definitely getting there, and it is a quick way to leverage in-house talent. So, if you want to do automation and you have someone who is good at Python scripting or PowerShell, you can easily build something in-house to automate some of those use cases that you may want to do. 

    I would rate LogRhythm NextGen SIEM an eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Cybersecurity Solutions Architect at a tech vendor with 10,001+ employees
    Real User
    Top 20
    Integrated with SOAR, which is useful for threat management
    Pros and Cons
    • "SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
    • "I don't think the cloud model in LogRhythm is developed enough."

    What is our primary use case?

    I am a security architect, so I don't develop the use cases with the customers if they deliver a team who is in charge of these activities. Depending on the case of the customer, we define something with the customers, according to the technical sessions that we have with them. I prepare all the documentation for the delivery team and present the project.

    LogRhythm is deployed on-prem. There are about 60 people using this solution in my organization.

    What is most valuable?

    SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem.

    What needs improvement?

    I don't think the cloud model in LogRhythm is developed enough. This is one of the reasons they changed the position in a negative way in the Magic Quadrant Gartner for SIEM in the recent report. The cost of UBA is also high when you compare it with Securonix.

    I would like to have a different cost model for cloud. If that happens, I think LogRhythm could be competitive in other cases with the customers.

    The virtual machines require a high computer power, and sometimes customers say it's expensive. There are specific requirements from this solution. LogRhythm has a specific requirement when implementing in virtual machines, which is a very complicated issue. The best solution is in the cloud, most of the time.

    For how long have I used the solution?

    I've been using this solution for more than five years.

    What do I think about the stability of the solution?

    It's stable.

    What do I think about the scalability of the solution?

    When we are using LogRhythm in the cloud, it is scalable, but it's more expensive than other solutions. When we are on-prem, it's a little complicated and has a lot of challenges that the customer doesn't want.

    It is scalable in the cloud, but not on-prem. It is not easy. It takes more time and money. I would rate it 3 out of 5.

    How are customer service and support?

    I would rate the presale support 3 out of 5. They could be in contact more and give more information. It's average. I have heard that post-sale support is good.

    How was the initial setup?

    It's simple because you only need to consider one component and that's it. But if you have a customer with different companies and each company has different subsidiaries and all of them want one only service, all of them will be sending the logs into one single SIEM, so you need a distributed architecture. You need to think about how to include new components and how that will be impacting the architecture in the near future, because we don't know the cost. In some cases, it's complicated if we don't know the new versions or the changes that the vendor will be publishing.

    Deployment commonly takes three months but can take up to six months.

    We use about six people for maintenance.

    What about the implementation team?

    We deploy the solutions on our own.

    What's my experience with pricing, setup cost, and licensing?

    I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees.

    The customers commonly want to know what is the price for the service in different bands. So we work on a banded price model, and it is something that is complicated. We include the UEBA, which is sized and quoted in terms of the number of users and entities. So we need to make a price banded model for the SIEM and a price banded model for the UEBA. We need two of them and they are related. 

    If you increase the number of users, you are increasing the cost of the service of the SIEM. Sometimes we don't know the exact relationship between these two components. In the case of other solutions in the cloud, like Securonix, you just need to say to the customer, "This is the price of the different bands."

    Which other solutions did I evaluate?

    I've evaluated solutions that can be deployed in the cloud and have other features or components, like the UEBA. In the case of Securonix, it is included. We need to decide if we are going to propose something that is on-prem or in the cloud, depending on the requirements of the customer. The architecture is more complicated when you deploy something on-prem, so you want to increase the number of EPS, the events per second. You need to consider the architecture.

    With Securonix or Splunk, we just need to go to the partner and say, we need an increase in the number of EPS. We also don't have to provide maintenance to the solution because it is in the cloud. Our specialist is more focused on the security aspects instead of providing maintenance to the components.

    What other advice do I have?

    I would rate this solution 8 out of 10.

    My advice is that if the requirement is to have someone on-prem, for example, someone that is working in a financial entity, it is a requirement to have all the information in their own data centers and using specific connections. If you have that case, you can use it. It is convenient. And you can use it if you have a case where the evolution of the environment is not going to change for the next three years. Otherwise, if you have a lot of changes during the time that you are going to be using this solution, you need to include different components that will probably be complicated to architect.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    LogRhythm NextGen SIEM
    July 2022
    Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    621,327 professionals have used our research since 2012.
    Sadat Mohammad  Rifat - PeerSpot reviewer
    Senior System Engineer at a tech services company with 11-50 employees
    Reseller
    Top 20
    Stable with one central dashboard and good scalability
    Pros and Cons
    • "The product is great for medium to large-scale organizations."
    • "The solution is likely not the best option for a smaller organization."

    What is our primary use case?

    We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

    What is most valuable?

    I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.

    The initial setup is simple. 

    The solution is stable.

    The product is great for medium to large-scale organizations.

    The product can scale. 

    Technical support is reportedly quite good.

    What needs improvement?

    What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.

    The solution is likely not the best option for a smaller organization.

    One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.

    For how long have I used the solution?

    We've been working with the product since 2018. It's been almost three years at this point.

    What do I think about the stability of the solution?

    The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

    What do I think about the scalability of the solution?

    In terms of scaling, the solution is best for medium to large companies. Smaller companies likely do not want to invest in IT security products, however, for medium to large organizations, especially banks, LogRhythm works well.

    It's easy to scale. What we do for scalability is we always put the hardware capability higher than the license. For example, if a customer wants a 3,000 MPS license, we always provide 6,000 MPS hardware. If they want to scale the license to 4,000 or 5,000, we just put the license in, and then it works as the size capacity is there. It's easy. It's not that difficult.

    How are customer service and support?

    We are not an end-user and therefore do not directly deal with technical support. In terms of the support, the end-user would get a response from the technical team, and, so far, from the feedback I've gotten, they are good. Clients seem satisfied with the level of service they receive.

    Which solution did I use previously and why did I switch?

    I also work with Oracle. 

    How was the initial setup?

    The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However,  the deployment of LogRhythm is very easy.

    It takes 12 to 15 days for a full deployment.

    We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.

    It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.

    In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.

    What about the implementation team?

    As an implementor, we can handle the setup for our clients. 

    What's my experience with pricing, setup cost, and licensing?

    LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm.

    The price is in USD. For that reason, when we convert from USD to our currency, the pricing seems quite high.  

    Everything is included. We get the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as well. We get everything in one package.

    What other advice do I have?

    We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer.

    We are working with the latest version of the solution. I can't speak to the exact version number, however.

    I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
    PeerSpot user
    PeerSpot user
    Head Of Technical Services at a tech services company with 51-200 employees
    Real User
    Top 20
    Stable for long periods, and comes with built-in UEBA
    Pros and Cons
    • "I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
    • "I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."

    What is our primary use case?

    I am a distributor and not an end-user of the product, so I cannot comment on use cases.

    What is most valuable?

    I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

    What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

    What needs improvement?

    I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

    With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

    For how long have I used the solution?

    I have been working with LogRhythm NextGen SIEM from a company perspective for three years. 

    What do I think about the stability of the solution?

    All of the deployments that I have been involved in have been very stable, over long periods of time. There's very little in the way of breaking and fixing at all. Most complaints are typically just that the customer comes across extra requirements that need to added on to the base product.

    What do I think about the scalability of the solution?

    There are some issues with scaling that I'm aware of. Most of the time, the scalability becomes increasingly more complex when increasing the indexing or when processing the loss security complex. It's not easy when we go to a high-volume customer environment where many laptops are involved, for example. In that case, it's perhaps not that easy to scale.

    How are customer service and support?

    The technical support is good, and they are available at any time. They allocate customer assistants and account managers for taking care of all the application support. Any time that I need a technical fix and the customer is not certified, they will escalate the issue to the customer success manager who will then help solve it.

    Which solution did I use previously and why did I switch?

    Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

    Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

    The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

    How was the initial setup?

    The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.

    What's my experience with pricing, setup cost, and licensing?

    The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required. 

    What other advice do I have?

    My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term.

    I would rate LogRhythm NextGen SIEM a nine out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Senior Cyber Security Engineer at a logistics company with 10,001+ employees
    Real User
    Top 10
    Allows you to collect Windows events and enable monitoring be default, but sometimes the Platform Manager crashes
    Pros and Cons
    • "Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default."
    • "Sometimes the Platform Manager crashes because it's built around Windows."

    What is our primary use case?

    I'm a user, administrator, and analyst. We are using version 7.4.

    The solution is deployed on-premise. Three people are working with this product in our company.

    What is most valuable?

    Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default.

    What needs improvement?

    Sometimes the Platform Manager crashes because it's built around Windows.

    Every component is on a separate device. Right now we are just integrating log sources. We didn't do any threat intel or use cases until now. I did this with another customer, but with QRadar.

    They have to think like IBM. IBM did X-Force public cloud, which is a beautiful tool that gives us threat intel feeds. LogRhythm doesn't have this solution, but maybe they want to integrate this. The Client Console is very bad.

    The console is for administrators to add log sources or do some basic investigation. It is a very bad GUI. I think it's very old and built upon an old OS. They have to get rid of it or use a web-based application or develop it in the Client Console application.

    For how long have I used the solution?

    I have been using LogRhythm for one year.

    What do I think about the scalability of the solution?

    It's very scalable. We can scale up or have vertical or horizontal. If you want to add more indexers or connectors, it's easy to implement.

    How are customer service and support?

    We haven't opened any cases until now. I used to work with QRadar, and sometimes it takes very long to receive a reply from IBM. We didn't experience any use cases until now, but with LogRhythm, we have some delays from the implementation view.

    LogRhythm is expanding in my country, Egypt. Multiple customers have moved to LogRhythm. So, they don't have many people for support. We have to schedule a session, and then in implementation engage with engineers.

    How was the initial setup?

    Initial setup was complex.

    We have multiple data indexers, and each component is on a separate device. I think QRadar has many tools from the point of view of applications integrated within the SIEM solution, like threat intel or use case manager. In LogRhythm, I don't see this.

    Maybe we haven't gotten so far in the implementation, but in QRadar I can feel it's easier from the initial setup. We have only these components placed on one site. We don't have another recovery site.

    What's my experience with pricing, setup cost, and licensing?

    I didn't see the RFP, but I heard that it is more expensive than QRadar. I remember one customer implemented only one QRadar in two sites. It cost them $2 million, I think. Maybe LogRhythm is much higher.

    Which other solutions did I evaluate?

    QRadar is built around Red Hat, so it's more stable. I think LogRhythm is more complicated than QRadar.

    What other advice do I have?

    I would rate this solution 7 out of 10.

    When you integrate a log source by default, you have to know what the customer needs or the process that is wanted, because we did the reconfiguration multiple times for log sources.

    So, they have to also follow the MITRE ATT&CK Framework, because by default LogRhythm collects the common logs, so you have to enable this.

    To estimate it in the licensing sizing exercise, it must be done correctly. Sometimes I see customers sizing away from the current situation. Customers sometimes buy a license that is not enough for their implementation, because they didn't expect what they would be adding in the future during the implementation.

    Sometimes the implementation takes one year, and the customer adds more devices, so it exceeds their license. I think it's the presales' job to do the sizing correctly. And the customer must be aware of how or what to implement during, so that implementation doesn't take long.

    It took some customers two years to implement a SIEM solution. I don't remember the solution, but it was a waste of two years' time.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Technology Solutions Head at MANTRA TECHNOLOGIES LTD
    Real User
    Top 20
    Mature product for logging, correlating and reporting.
    Pros and Cons
    • "The user interface is good."
    • "The initial setup is not so easy because it is quite a process."

    What is our primary use case?

    Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

    What is most valuable?

    The user interface is good.

    What needs improvement?

    We are still implementing and have not yet completed the LogRhythm implementation for one particular customer. We haven't faced any issues right now. Once we've completed and we are doing the log analysis and the correlation and audits, at that point in time, if we find challenges, I can update you. Right now, it's okay.

    Let us see once we finish the website we are working on. Then we'll understand better more of what we need. We'll probably need an improved user experience in terms of reporting and analytics. If the reports are very easy to configure and generate what we require, that will be the best thing. At the end of the day, it is just logging, correlating and reporting.

    For how long have I used the solution?

    I have been using LogRhythm NextGen SIEM for the last four years. We are using the latest version.

    What do I think about the stability of the solution?

    The stability is there, it is good.

    As of November we have four customers in the field of info, security, officers, managers, and risk and compliance. Generally, these are all risk and compliance teams at the financial institutions or in the government. The implementation is done by the IT security team but the reports and everything are part of the risk and compliance team.

    What do I think about the scalability of the solution?

    It is scalable.

    One person is more than enough to operate it. We have a specialist, one engineer who does it.

    How are customer service and support?

    The support is quite good. We haven't had any challenges. Initially, there was something that they requested, so we logged a call and they were able to respond immediately. We had no challenges. They are quite responsive.

    How was the initial setup?

    The initial setup is not so easy because it is quite a process. Nevertheless, from my experience in implementing SIEM, Splunk is the easiest, and LogRhythm comes next.

    LogRhythm is okay, we never had any challenges.

    The installation is per site. Because these are all government customers, public sector government customers, we generally take anywhere between four to six weeks for installation. We have five people doing it.

    What's my experience with pricing, setup cost, and licensing?

    When they buy the license, whether on-prem or cloud licenses, I don't think that's all they pay. We do charge them for implementation and installation, but that's about it. Subscription is year on year.

    Which other solutions did I evaluate?

    We have tried many other products. But if you want to look for a mature product in the SIEM market - Gartner Quadrant, LogRhythm and Splunk are all leaders and are well placed products. The rest are yet to come up.

    When I say LogRhythm is a mature product, I mean it covers all 360 degrees for SIEM requirements which is not there in the other products. Only a few products have this kind of totality of integration, especially in the reporting. It has very good machine learning and AI techniques. It is very good.

    What other advice do I have?

    I of course would recommend LogRhythm NextGen SIEM to others.

    On a scale of one to ten, I would give LogRhythm NextGen SIEM definitely a nine.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Kashif Ali - PeerSpot reviewer
    Unit Head Titanium (Security Solution) at RapidCompute
    Real User
    Great features with good cloud functionality and excellent technical support
    Pros and Cons
    • "Technical support is very helpful and responsive."
    • "Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."

    What is most valuable?

    We really appreciate the new cloud functionality. The cloud is really showing its dominance. 

    Technical support is very helpful and responsive.

    The product has a lot of useful features.

    What needs improvement?

    There aren't really any missing features. It's quite a complete solution.

    Most of the clients using the on-prem are using customized applications. In the customized applications, we are facing parsing issues and a minimum of two days is required by the LogRhythm team for parsing logs. 

    Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end. This is a huge cost impact -at least on the Pakistani market. It needs to be addressed.

    The solution should be less expensive.

    It would be very helpful if there was Kashif a package to help users migrate from QRadar to LogRhythm.

    In Pakistan, the government is in the process of developing its final recommendation of cybersecurity and data protection process. We hope this solution will prove to be compliant and will meet the requirements in the future.

    For how long have I used the solution?

    I've been using the solution for approximately one and a half years at this point. It hasn't been too long just yet.

    What do I think about the scalability of the solution?

    We have four or five people using the solution in our organization. They are managing the LogRhythm infrastructure.

    How are customer service and technical support?

    We are in touch with their support. It's government support, and they're quite supportive, and they are quite responsive. They have a divisional team is quite responsive. 

    How was the initial setup?

    The initial setup is complex with LogRhythm. In that Pakistan market, with LogRhythm, the climate is very limited at this point. For the on-prem, there may be only two customers, for example. One is a bank and one is serving as an MSSP.

    We've added four customers to a pay-as-you-go model. You apply Windows 2000 MPS or a cloud environment. The initial setup is quite difficult, however, after making certifications we are able to provide the initial setup and got it working with the LogRhythm support team.

    For maintenance, I have five engineers that are part of my security team, including me and my sales and operations. Approximately we have 14 to 15 people that can handle maintenance.

    What about the implementation team?

    We had some assistance from the LogRhythm support team. We did not entirely do it ourselves.

    What's my experience with pricing, setup cost, and licensing?

    The cost of the solution should be reduced. In the Pakistan market, they have competition from IBM QRadar. They have quite a significant core difference. While the quality of this product is better, IBM has a stronger penetration in the market base don price. 90% of financial institutions are doing the QRadar in Pakistan. The Central Bank is using QRadar and simply due to the cost differences.

    Which other solutions did I evaluate?

    Initially, we tested out the QRadar, however, due to some delay and due to some market awareness tests, we did not continue.

    What other advice do I have?

    We are using the solution for our own infrastructure and we are also offering it as a service. We are the largest service provider, cloud service provider, in Pakistan. However, we use a variety of deployment models - including cloud and hybrid.

    We have an ISO position for government-certified infrastructure. We have a PCI-certified infrastructure as well as a GDPI compliant infrastructure.

    We work closely with this product in particular. We have a lot of hands-on experience.

    I'd rate the solution eight out of ten. If it weren't for some parsing limitations in the product, I would rate it even higher.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Senior System Administrator at DP Infotech Pvt Ltd
    Real User
    Reliable with good dashboards but needs better alerts
    Pros and Cons
    • "It's reliable and the performance is good."
    • "We've had issues with scaling and local support."

    What is our primary use case?

    This solution's use case is abnormal administrative lockouts, most of the time.

    What is most valuable?

    I'm happy with their AI in general. 

    We're able to make useful dashboards. 

    The initial setup is now complex if you have a bit of knowledge going in. 

    The solution is stable. 

    What needs improvement?

    We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

    We've had issues with scaling and local support.

    For how long have I used the solution?

    We've been using the solution for two years. 

    What do I think about the stability of the solution?

    It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

    What do I think about the scalability of the solution?

    We have seven people, admins, who are working directly with the solution. 

    It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

    How are customer service and support?

    We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

    The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

    How would you rate customer service and support?

    Neutral

    Which solution did I use previously and why did I switch?

    We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

    How was the initial setup?

    The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

    The deployment itself took about 90 days. 

    I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

    There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

    What's my experience with pricing, setup cost, and licensing?

    I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

    What other advice do I have?

    We are an integrator and service provider. 

    We are not currently using the latest update.

    I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

    I'd rate the solution five out of ten.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.
    Updated: July 2022
    Buyer's Guide
    Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.