Coming October 25: PeerSpot Awards will be announced! Learn more
FSE at a computer software company with 1,001-5,000 employees
Reseller
Top 10
Cost-effective, good support, and can be effectively tuned to get meaningful information
Pros and Cons
  • "As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
  • "It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."

What is our primary use case?

Its primary use cases are log aggregation, security information, and event management correlation.

All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

What is most valuable?

As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed. It has the capability to do that, but it probably takes a little more time to do that. 

What needs improvement?

It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup.

For how long have I used the solution?

I have probably been using it since it has been around.

Buyer's Guide
LogRhythm NextGen SIEM
September 2022
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,590 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

They provide very good support.

How was the initial setup?

It takes a little more time to get operationalized, but I haven't personally set it up. I'm only taking feedback from my customers when they say they've gone through the steps and the process of setting it up.

What's my experience with pricing, setup cost, and licensing?

It is a very cost-effective solution.

What other advice do I have?

Don't do it without managed services, but I would say that for any SIEM. In SIEM technology, the setup and maintenance side is different from the monitoring and alerting side. I recommend all of our customers to always go with a managed service provider to take care of the monitoring and alerting side, or at the very least, to fill in for off hours because you only have so many people on your staff. Small and medium-sized customers are our bread and butter, and most of our customers don't have the staffing for this. 

If you don't have the expertise to set it up, manage it, or the time to learn it, a managed service can help you get it set up. For most SIEMs, LogRhythm included, for the first six months, you probably need one to one half of an FTE for doing the setup, getting it operationalized, and doing all the tuning. You're going to need one-quarter of an FTE for ongoing operations, maintenance, and support. That doesn't include monitoring of alerts and the response to the alerts. If you've got it well tuned, you don't need a lot of staff to do the monitoring and the alerting during the regular daytime hours. That's where having a managed service provider during off hours and weekends is handy. It is beneficial to have a managed service to do the operational work for maintenance.

It is good, but there is room for improvement. There are plenty of solutions on the market that do a lot of what it does. It is not a huge product differentiator or market differentiator.

I would rate it an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Systems Administrators at a tech services company with 201-500 employees
Real User
Top 5
Very helpful for monitoring and alarming, very stable and scalable, and excellent technical support
Pros and Cons
  • "File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
  • "It should have some more message monitoring features. It can also have some free message monitoring tools."

What is our primary use case?

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

How has it helped my organization?

I don't have metrics, but it has really improved the monitoring and alarming for us. 

What is most valuable?

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

What needs improvement?

It should have some more message monitoring features. It can also have some free message monitoring tools.

For how long have I used the solution?

I have been using this solution for about two years.

What do I think about the stability of the solution?

It has been very stable. There are no major issues. It has been exactly doing what I expected it to do.

What do I think about the scalability of the solution?

It has been very scalable in terms of adding new systems and stuff like that. It has been quite good.

We have plans to increase the usage of LogRhythm. We have some new solutions and new networks coming up. We might be looking to expand within the next two years to onboard new systems.

How are customer service and technical support?

Technical support has been excellent so far. I never had any issues with technical support. Their support has been excellent.

Which solution did I use previously and why did I switch?

I didn't use any other solution previously.

How was the initial setup?

It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.

We have two administrators and two analysts. Four of us are managing the system.

What's my experience with pricing, setup cost, and licensing?

It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that. 

Which other solutions did I evaluate?

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.

What other advice do I have?

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm.

I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
LogRhythm NextGen SIEM
September 2022
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,590 professionals have used our research since 2012.
Shreenkhala Bhattarai - PeerSpot reviewer
Cyber Security Researcher at a tech services company with 1-10 employees
Real User
Top 5
Stable with an easy initial setup and good security
Pros and Cons
  • "The initial setup is pretty easy."
  • "For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."

What is our primary use case?

We typically consult with our clients and help them with necessary services.

What is most valuable?

The UEBA flow is the most useful aspect of the solution.

The initial setup is pretty easy.

While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind.

What needs improvement?

I'm not a fan of the system's user interface.

For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country.

We'd like it if the solution could be more customizable in future releases.

For how long have I used the solution?

We've been dealing with the solution for about a year.

What do I think about the stability of the solution?

The solution is quite stable. There aren't issues related to bugs or glitches. It doesn't crash. It's reliable.

What do I think about the scalability of the solution?

The solution can scale if a client needs it to.

We have clients that have 10-15 users on the solution. They are mostly security analysts. In terms of those that can actually view and escalate cases, there may only be five with such access.

At this point, there aren't any plans to increase usage.

How are customer service and technical support?

We typically are the ones that handle technical support for our clients if they run into issues.

How was the initial setup?

The initial setup is not complicated. It's quite easy and very straightforward if you follow the guides provided. I followed the guides and found it to be rather simple. It's not difficult to get everything up and running.  

The deployment doesn't take too long. You can have it ready to go in one working day. That includes installation and configuration.

We have a minimum of five people who handle maintenance and deployments.

What about the implementation team?

Our company handles the installation for our clients. We can handle the implementation ourselves. We don't need a separate consultant or integrator.

What's my experience with pricing, setup cost, and licensing?

In our market, for the price it costs, our clients aren't using this solution so much. It seems to be quite expensive in Nepal. That said, even with the fees and a rather high cost, it is the best product among other competitors. 

What other advice do I have?

We're partners with LogRhythm.

We don't technically use the solution typically. We consult with clients and advise on products. We also provide services on the solutions we offer. In this case, we do use the product as we log issues.

We use the latest version of the solution.

For our customers, the pricing will scare off many. However, if users are concerned more with the security of their account, they'll find this is a good option.

I would recommend the product. On a scale from one to ten, I'd rate it at an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Moshiur Rahman Khan - PeerSpot reviewer
CEO at a consultancy with 10,001+ employees
Reseller
Top 10
User-friendly with an excellent security operation center
Pros and Cons
  • "The security operation center is excellent."
  • "The customer support system is time-consuming."

What is our primary use case?

LogRhythm NextGen SIEM is great. We use it for log management for security purposes.

How has it helped my organization?

The security operation center is excellent, and we can pick logs from any system, not only the IPS or firewall. In addition, it has the capacity to accept logs and provide smart dashboards and analysis.

What is most valuable?

The most valuable feature is the SOC Security Operations Center feature. This solution has two types of systems, virtualization and the appliance. The appliance is ready and configured, so we use the IP addresses and trigger the endpoint. It's very user-friendly, and whenever anyone deploys a virtualization system, they can experience it.

What needs improvement?

The customer support system is time-consuming and needs to be improved because it is not very good. For other solutions, you can deliver whenever you have a customer problem. All you need to do is open a ticket, log into the system, and the issue is resolved. However, for LogRhytm, we have to flag the problem and then send the log, and we never know if we will receive a response in one hour or one week.

In addition, LogRhythm NextGen SIEM has one of the best analysis features, but it can still be improved. However, I believe they plan to make improvements since they're only selling the product for two systems currently.

For how long have I used the solution?

We have been using this solution for three years.

What do I think about the stability of the solution?

It is a very stable solution.

What do I think about the scalability of the solution?

It is a scalable solution.

How are customer service and support?

I rate the customer support a four out of ten.

How would you rate customer service and support?

Neutral

How was the initial setup?

The setup was very easy. I rate the setup a ten out of ten.

What's my experience with pricing, setup cost, and licensing?

The price is very good, and it is very cheap compared to other solutions. If we compare it to SolarWind, SolarWind is not as advanced as LogRhythm NextGen SIEM.

I rate the price a nine out of ten. We always consider the features and quality before the price, but the cost is still very good. We get about 98% of the features we want.

What other advice do I have?

I rate LogRhythm NextGen SIEM a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Chamini Ellawala - PeerSpot reviewer
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.
Reseller
Top 20
Enables us to alternate incident automations but reporting needs improvement
Pros and Cons
  • "The most valuable feature is that we can alternate incident automations."
  • "We need to get better training for things like creating code and playlists. The way it's done now takes a long time."

What is our primary use case?

Our primary use case is for financial companies and telcos.

What is most valuable?

The most valuable feature is that we can alternate incident automations.

What needs improvement?

We need to get better training for things like creating code and playlists. The way it's done now takes a long time. 

For how long have I used the solution?

I have been using LogRhythm NextGen SIEM for two years. 

What do I think about the stability of the solution?

The stability depends on the client we installing or integrating for based on the server's requirements. We can create them according to that defined time period. It's not that difficult but depending on the customer or the other server requirements.

We can have a dashboard in a single platform, we can get notifications via email or SMS, and we have Smart Response actions. So that kind of possibility is there.

What do I think about the scalability of the solution?

Our clients are mostly on a larger scale. 

How are customer service and technical support?

You can request support and they respond immediately. They're really good. 

How was the initial setup?

The initial setup is easy. It can take two hours. The first day of deployment is easy. Then depending on the devices and log servers, it can take time. We can give them predefined or pre-created devices and logs. The deployment depends on the devices and systems we are integrating. But the initial stage is easy.

What's my experience with pricing, setup cost, and licensing?

Because we are a developing country, the costs depend on country development. We implement it for large-scale companies because normal companies, startup companies, can't afford products at that price. We mainly focus on large-scale companies.

What other advice do I have?

I would definitely recommend this solution if you can afford it. 

We get customized reports and we get reports including all the details, but when we start using them we couldn't start with the Outlook editor. We can customize a document and we can write a report. The dashboards are very user-friendly and very attractive. But when it comes to the reporting part, I think that could use improvement in the next release. 

I would rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
PeerSpot user
Jason Gagnon - PeerSpot reviewer
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
Real User
Top 10
Good support, offers customized alarms, and helps us to focus our investigative efforts
Pros and Cons
  • "I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
  • "There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."

What is our primary use case?

We use multiple instances as dark sites. We have roughly 350-400 hosts per site consisting of 4K to 5K log sources.

How has it helped my organization?

It has not only helped us meet requirements on a development program, but it has also allowed us to focus on insider threats as well as provide forensics capabilities to identify potential security risks.

What is most valuable?

I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios.

What needs improvement?

There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back. I was told that this was due to processor overhead but with the amount of CPU and memory suggested, I don't see why this would be an issue.

For how long have I used the solution?

I have been using LogRhythm NextGen SIEM for six years.

What do I think about the stability of the solution?

It is stable when all the resource recommendations are met.

What do I think about the scalability of the solution?

Scalability is endless with this product.

How are customer service and technical support?

Technical support has been great.

Which solution did I use previously and why did I switch?

We did not use another product prior to this one.

How was the initial setup?

The initial setup is pretty straight forward.

What about the implementation team?

Our in-house team handled deployment.

What's my experience with pricing, setup cost, and licensing?

I don't get involved with pricing.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Consultant at ITSEC Asia
Consultant
It improves response times and makes it easier for us to analyze threats
Pros and Cons
  • "LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions."
  • "The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read."

What is our primary use case?

LogRhythm is a cybersecurity solution. It's used for detection, lateral movement or initial access. 

How has it helped my organization?

LogRhythm NextGen SIEM covers all our primary security analysis needs. It makes it easier for us to analyze threats and improves our response times. It's a versatile platform that performs queries fast compared to other SIEM solutions.

What is most valuable?

LogRhythm's dashboard can link to many other kinds of information.

What needs improvement?

The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read. 

For how long have I used the solution?

I used the product for the first time last year, and we deployed it for one of our clients about five months ago.

What do I think about the stability of the solution?

LogRhythm's performance is average. We don't have many issues. There are a few at the moment, but I think it's because the message per second is above the design. If we reduce that, the solution will perform well

How are customer service and support?

We haven't had any issues with support so far. It's okay.

How was the initial setup?

Setting up LogRhythm SIEM is complex. Everything is complicated — the activity, integration, and analysis. 

What other advice do I have?

I rate LogRhythm NextGen SIEM nine out of 10. People should consider LogRhythm. Take a close look and try it. It's one of the best SIEM solutions in the world.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Haitham AL-Sarmi - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Real User
Top 5
Simple to manage, use-friendly, and helpful support
Pros and Cons
  • "LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
  • "LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time."

What is most valuable?

LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it.

What needs improvement?

LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time.

For how long have I used the solution?

I used LogRhythm NextGen SIEM within the last 12 months.

What do I think about the stability of the solution?

The stability of LogRhythm NextGen SIEM is good.

What do I think about the scalability of the solution?

LogRhythm NextGen SIEM is scalable.

How are customer service and support?

The solution has good technical support. 

I would rate the technical support from LogRhythm NextGen SIEM a four out of five.

Which solution did I use previously and why did I switch?

I have used previously ELK Logstash. In my country, LogRhythm NextGen SIEM is used more than ELK Logstash.

How was the initial setup?

The installation is straightforward.

I rate the installation of LogRhythm NextGen SIEM a four out of five.

What's my experience with pricing, setup cost, and licensing?

The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee.

The price of LogRhythm NextGen SIEM engineers is expensive, but when comparing them to ELK, ELK engineers are more expensive.

What other advice do I have?

My advice to others is for the initial deployment it should be done by certified engineers or the authorized vendor.

I rate LogRhythm NextGen SIEM a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: September 2022
Buyer's Guide
Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.