IT Central Station is now PeerSpot: Here's why

LogRhythm NextGen SIEM Room for Improvement

Information Security Officer, Network Analyst at a university with 1,001-5,000 employees

Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. 

They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications.

The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products.

View full review »
Cybersecurity Solutions Architect at a tech vendor with 10,001+ employees

I don't think the cloud model in LogRhythm is developed enough. This is one of the reasons they changed the position in a negative way in the Magic Quadrant Gartner for SIEM in the recent report. The cost of UBA is also high when you compare it with Securonix.

I would like to have a different cost model for cloud. If that happens, I think LogRhythm could be competitive in other cases with the customers.

The virtual machines require a high computer power, and sometimes customers say it's expensive. There are specific requirements from this solution. LogRhythm has a specific requirement when implementing in virtual machines, which is a very complicated issue. The best solution is in the cloud, most of the time.

View full review »
Sadat Mohammad  Rifat - PeerSpot reviewer
Senior System Engineer at a tech services company with 11-50 employees

What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.

The solution is likely not the best option for a smaller organization.

One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.

View full review »
Buyer's Guide
LogRhythm NextGen SIEM
August 2022
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,593 professionals have used our research since 2012.
Head Of Technical Services at a tech services company with 51-200 employees

I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

View full review »
Senior Cyber Security Engineer at a logistics company with 10,001+ employees

Sometimes the Platform Manager crashes because it's built around Windows.

Every component is on a separate device. Right now we are just integrating log sources. We didn't do any threat intel or use cases until now. I did this with another customer, but with QRadar.

They have to think like IBM. IBM did X-Force public cloud, which is a beautiful tool that gives us threat intel feeds. LogRhythm doesn't have this solution, but maybe they want to integrate this. The Client Console is very bad.

The console is for administrators to add log sources or do some basic investigation. It is a very bad GUI. I think it's very old and built upon an old OS. They have to get rid of it or use a web-based application or develop it in the Client Console application.

View full review »
Technology Solutions Head at MANTRA TECHNOLOGIES LTD

We are still implementing and have not yet completed the LogRhythm implementation for one particular customer. We haven't faced any issues right now. Once we've completed and we are doing the log analysis and the correlation and audits, at that point in time, if we find challenges, I can update you. Right now, it's okay.

Let us see once we finish the website we are working on. Then we'll understand better more of what we need. We'll probably need an improved user experience in terms of reporting and analytics. If the reports are very easy to configure and generate what we require, that will be the best thing. At the end of the day, it is just logging, correlating and reporting.

View full review »
Kashif Ali - PeerSpot reviewer
Unit Head Titanium (Security Solution) at RapidCompute

There aren't really any missing features. It's quite a complete solution.

Most of the clients using the on-prem are using customized applications. In the customized applications, we are facing parsing issues and a minimum of two days is required by the LogRhythm team for parsing logs. 

Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end. This is a huge cost impact -at least on the Pakistani market. It needs to be addressed.

The solution should be less expensive.

It would be very helpful if there was Kashif a package to help users migrate from QRadar to LogRhythm.

In Pakistan, the government is in the process of developing its final recommendation of cybersecurity and data protection process. We hope this solution will prove to be compliant and will meet the requirements in the future.

View full review »
Senior System Administrator at DP Infotech Pvt Ltd

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

View full review »
FSE at a computer software company with 1,001-5,000 employees

It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup.

View full review »
Systems Administrators at a tech services company with 201-500 employees

It should have some more message monitoring features. It can also have some free message monitoring tools.

View full review »
Shreenkhala Bhattarai - PeerSpot reviewer
Cyber Security Researcher at a tech services company with 1-10 employees

I'm not a fan of the system's user interface.

For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country.

We'd like it if the solution could be more customizable in future releases.

View full review »
Moshiur Rahman Khan - PeerSpot reviewer
CEO at a consultancy with 10,001+ employees

The customer support system is time-consuming and needs to be improved because it is not very good. For other solutions, you can deliver whenever you have a customer problem. All you need to do is open a ticket, log into the system, and the issue is resolved. However, for LogRhytm, we have to flag the problem and then send the log, and we never know if we will receive a response in one hour or one week.

In addition, LogRhythm NextGen SIEM has one of the best analysis features, but it can still be improved. However, I believe they plan to make improvements since they're only selling the product for two systems currently.

View full review »
Chamini Ellawala - PeerSpot reviewer
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.

We need to get better training for things like creating code and playlists. The way it's done now takes a long time. 

View full review »
Jason Gagnon - PeerSpot reviewer
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees

There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back. I was told that this was due to processor overhead but with the amount of CPU and memory suggested, I don't see why this would be an issue.

View full review »
Principal Consultant at ITSEC Asia

The reporting on the dashboard should be improved from a management perspective. It would be helpful if they adjusted the colors and the presentation to make things clearer and easier to read. 

View full review »
Haitham AL-Sarmi - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees

LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time.

View full review »
security solutions integrator at a consultancy with 1-10 employees

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

View full review »
SOC Analyst

NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms. In the next release, I would like to see the network hierarchy diagram that QRadar offers.

View full review »
Buyer's Guide
LogRhythm NextGen SIEM
August 2022
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,593 professionals have used our research since 2012.