LogRhythm SIEM Reviews

The Web UI is perhaps the most valuable feature in the solution.

LogRhythm allows our IT/IS teams to quickly identify issues across the enterprise. Searches can be performed using any known value, IP address, hostname, username, event. The results are then used to "open a case". The case is assigned to an analyst, who can add additional info during the research and remediation efforts.

Report-building is in Crystal Reports and has a limitation. A non-editable template must be created, then the report is created against the template. OFI is this. The template needs a preview option, as well as an edit option.

8 months

None that were not easily overcome.

None

No, we right sized the deployment and also deployed as a high-availability environment.

I have been very pleased with customer service. I have only had to contact my CS a couple of times, and he has done a great job of followup to insure my company's needs were met in a timely fashion.

Great support team. Average call pickup time has been less than 1/2 hour. I have had a couple of "scheduled" appointments get delayed when the agent's previous call ran over.

We previously used Juniper STRM, rebranded QRadar. We faced 1. Log processing could not keep up with collection, so events were being dropped. 2. Support was poor. 3. When a ($45 at Bestbuy) disk drive went out, we were sent an entirely new system. 4. When faced with upgrading to support our log collection demands, the estimated cost was several times greater than the LR deployment.

Depending on the size and complexity of the deployment, i recommend paying for the Professional Services team to assist. All work was done in a remote session.

I also recommend not attending the training sessions until a few weeks of bake-in have occurred. Too many topics were covered to fully absorb all the information that was disseminated.

Our internal security team performed the majority of the installation, again working with the PS group at LogRhythm.

We immediately saw benefit on our first investigation.

Depending on the size, number of logs, I recommend deploying VM (or physical) collectors, and have the logs forwarded to the appliance. We are collecting logs from 2500+ systems, and did not want to impact the appliance with collection, but rather, analyzing logs. This solution has worked very well so far.

We reviewed several solutions including Alien Vault (not large enough for our needs), Splunk (would need a full time programmer to write queries), QRADAR (since we already had a previous version. We did a month long POC on Correlog, attempted to POC EIQ Networks.

We are very pleased with the LR solution and are looking forward to the upcoming update.

The software needs to work on its pricing. 

I have been using the tool for five years. 

The product is very stable. I would rate its stability a nine out of ten. 

I would rate the tool's scalability a ten out of ten. 

The tool's support is good. They support us 24/7. 

Positive

The tool's setup is very straightforward. I would rate the tool's setup a ten out of ten. The tool's deployment depends on the use cases, environment, etc. The tool's deployment takes one month to complete. 

I would rate the tool's pricing around eight out of ten. 

I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting. 

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

We started with LogRhythm about three years ago.

LogRhythm is stable. 

Scalability is a matter of cost. LogRhythm has the technical capacity to scale if you pay for the components and licenses. 

LogRhythm's support is good.

Setting up LogRhythm is straightforward. It is not complicated.

We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context. 

We primarily use the solution to reducing insider threats. We also use the product to deal with some aspects of banking security. For example, with its product, we are able to lower the threat of being attacked by malware.

I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.

The initial setup is simple. 

The solution is stable.

The product is great for medium to large-scale organizations.

The product can scale. 

Technical support is reportedly quite good.

What I would suggest is for the product to make the consoles more user-friendly. The integration module should be simpler. That way, that the end-customer himself can do the integration and they are not always dependent on our site. The integration with other vendors should be easy.

The solution is likely not the best option for a smaller organization.

One of the features I like to recommend is a LogRhythm queuing ticket for a level-one tier system so that clients are not dependent on a third party.

We've been working with the product since 2018. It's been almost three years at this point.

The solution is very stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

In terms of scaling, the solution is best for medium to large companies. Smaller companies likely do not want to invest in IT security products, however, for medium to large organizations, especially banks, LogRhythm works well.

It's easy to scale. What we do for scalability is we always put the hardware capability higher than the license. For example, if a customer wants a 3,000 MPS license, we always provide 6,000 MPS hardware. If they want to scale the license to 4,000 or 5,000, we just put the license in, and then it works as the size capacity is there. It's easy. It's not that difficult.

We are not an end-user and therefore do not directly deal with technical support. In terms of the support, the end-user would get a response from the technical team, and, so far, from the feedback I've gotten, they are good. Clients seem satisfied with the level of service they receive.

I also work with Oracle. 

The initial setup is simple for us, basically. It's not that challenging. The main challenge we face for integration is from the different vendors as we have to do different tasks. However,  the deployment of LogRhythm is very easy.

It takes 12 to 15 days for a full deployment.

We have two phases that are five to seven days each. The second phase involves integration and tuning stuff and that can usually take six or seven days for that part alone.

It's on a Windows server. Windows is very convenient for everyone. Users can just follow the process as per LogRhythm and it's easy to deploy everything.

In our distribution model, we don't provide end-user support directly. We have another partner company that provides maintenance and support for the end-user. For the partner side, many of the engineers are LogRhythm certified and they do the maintenance and other tasks.

As an implementor, we can handle the setup for our clients. 

LogRhythm pricing is based on the MPS. They always quote the pricing per unit of MPS. The number of MPS which the customer needs is what we provide with the unit price and we get a good discount on it, as per LogRhythm.

The price is in USD. For that reason, when we convert from USD to our currency, the pricing seems quite high.  

Everything is included. We get the data processing license as well as the sole license and the filing, ticketing, monitoring licenses, and the collector license as well. We get everything in one package.

We are a distributor and we have around 15 to 20 partners who are working with LogRhythm in this region. We work for the end-user and we implement it and handle presentations for the customer.

We are working with the latest version of the solution. I can't speak to the exact version number, however.

I'd rate the solution at a ten out of ten. It's a very good product overall. Clients have been very happy with it. In terms of the feedback we've received from the end-user and our own experience with the deployment process and manageability, everything is great.

We use it to alarm our help desk. 

We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

It allows us to automate a lot of things with a smaller team.

• AI
• SMART Response
• Looking forward to using the playbooks

• Move it to Linux. I would like to see it get off the SQL Server.
• I would like it to be containerized. 

Our appliance is a little older, so we need to upgrade it. We are going to probably move to the software-only version. However, the issues that we have are our own fault because we didn't buy the right-size appliance.

We are not that big of a company. We are only at about 800 events per second.

We have had a couple of custom logs built, but we don't call in that much.

The initial setup is easy with the physical appliance.

We have two people who are setting it up and doing the admin side.

Make sure you size the appliance correctly.

We use Ansible and Terraform for infrastructure, so the same concept as the playbooks. We are looking to use the playbooks going forward.

We have about 1500 log sources. We do about a 25 million logs a day. Obviously, they're not all events.

• The user interface (UI)
• Ease of use, especially if you are starting off
• The AI

Key challenges and goals: Anytime you are building a program from the ground up, there is a lot of legwork to be done to get things tuned to the point where they are usable.

Effectiveness of solution in meeting security challenges and goals: It is very effective. It is a single pane of glass for all of the logs, that not just myself, but anybody who is looking for information about how the network is behaving can use. So, not just primarily a security tool, it is a tool for everybody if it is set up that way.

We run across the odd vendor which we are using that we think are large players in their environment, but there is not necessarily a native support for their log ingestion per se, where it requires customization in order to be able to parse and accept their logs. I would also like to see them expand on some of the ability to interact with other technologies in real time via the programming platforms.

It pre-existed before I got there. Once it was deployed, I have been responsible for most of the log ingestion and the tuning efforts.

It seems scalable so far. I have not had to add more devices to our deployment yet, but it has yet to be discovered.

We have used LogRhythm tech support and they are excellent. They have been very helpful.

This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.

It pre-existed before I got there.

I am very happy with the solution right now. I would absolutely recommend it and have.

Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them.

The most important criteria when selecting a vendor: It is very important for it to be unified.

It's allowed us to have more visibility into our network as well as be able to respond more quickly to incidents seen on the network.

• Being able to gather logs in one place
• Being able to process them and generate alarms

I work in a highly regulated industry. I know the product has compliance mechanisms, but being able to get more governance surrounding some of the compliance. Merging things that we have to be on top of would be helpful.

LogRhythm has been able to show that their products are very scalable. Usually, when you buy things that are out of boxes, you get them, they're old. But the new enhancements and things that LogRhythm continues to integrate allow you to scale up with them as they grow. They scale with you also.

I've used tech support. They're very helpful, very knowledgeable people who genuinely care about you and want to see not just their product but you, as a company, be successful.

This is our first iteration of SIEM at my organization. At the time, my superior had used Splunk previously, and that was what he was a fan of. But LogRhythm is one of the emerging leaders, price point was very important, and also to be with a company that's on the cutting edge of technology.

I think that anytime you're integrating SIEM monitoring tools into an environment, it is complex, but the LogRhythm Professional Services help make things easier, and I've worked with them every step of the way.

It's very important to our organization that the solution be a unified end-to-end solution.

I don't think any company is perfect, but I know that they're striving, and that's why I give them such a high score.

I understand that whatever you're buying with LogRhythm, it is not going to be static. It's a very dynamic company and a lot of new technologies emerge, so ensuring that you get the proper level of training upfront, as well as continued training for your staff, is important for being able to wrap your hands around what LogRhythm is actually doing and where they're going.

You start to talk about some things like blockchain and quantum, I'm sure that LogRhythm is already researching some of those new computer technologies. I didn't know what to expect back in 2015 when we bought the product, but it's showing to be agile, scalable, and the people are very knowledgeable.

The ability to threat-hunt and, being a small staff of five people, we can actually not put a lot of time in administration, the care and feeding of it, and get useful analytics out of it.

We have two facilities, roughly 500 logs per second. Microsoft shop, Cisco stack on the networking side. We run two FortiGate firewalls, and a slew of different security products that we have not integrated into LogRhythm.

We haven't seen the improvements yet. We bought it as a compliance tool, and it's still sitting there. It's part of the reason why came to the LogRhythm User Conference, to figure out what our next steps are. When we had to tackle PCI compliance, one of them was log aggregation, and so that was why we brought it in.

It's met all of our compliance issues, really easy to do. As I said, there's not a lot of admin overhead, so it doesn't cost an FTE for us, which is nice. I think the added benefit is when we start using it for actually doing some analytics and in increasing our security posture, we're just not there yet.

I can't think of any features they should add because we haven't used everything they've already released. They have Office 365 logs integration. They've got this new phishing engine that we haven't used. They've got dashboards we haven't used, so we're basically right at the very bottom, we need to start building with what they're already doing.

In terms of improvement, their community boards, where to go find things, as a customer. As they're growing and they're moving stuff around, and it would be nice if we knew exactly where to find what. They're constantly reinventing how they do things and where they put stuff, that's the one challenge I've run into. I've always found the answer when I got to the right person: "Yeah. That's over here now," but I know other customers have shared that same issue.

Being a small shop, we're in an XM, everything in one appliance, which is really easy for administration, but I think it can get more complex as you get bigger. They've scaled to really large Fortune 500 companies, so that's nothing that we're worried about.

Great, you have almost the service-desk model, where you're going to get a live person. They're going to answer the call. They're going to make sure you get routed to the proper team. They're really good at followup, when "Everybody's busy now," they're really good at scheduling times, when both the technical agent is available and our staff is available, which I really appreciate. You don't have those, "I tried to get a hold of you," going back and forth. Not a lot of vendors understand that. LogRhythm does a good job with that.

It's straightforward, to the point that we brought it. We did a week of engagement with our security value-added reseller, and we were basically shoulder surfing. Everything looked like it made sense and why they were doing it, and it's not that complicated.

Where it can get more complicated, like I said, is if you're a big organization, you didn't have it all on one platform. Those components would have to be put together, and there can be a little bit more to the infrastructure.

The SIEM's a very technical tool, but LogRhythm - that's one of the beauties of it - once you figure out how it's installed, the care and fitting of it, the updating of the SIEM to new versions, and even the monitor agents, it's really pretty straightforward. Good documentation.

ArcSight and Splunk, and that was it.

We went with LogRhythm because of cost, administration, and ease of use when you're in the tool. Those are the top three. The fact that it was the lowest cost one, easiest to use, and easiest to administer. It was a no-brainer for us. It wasn't even really a conversation, other than the fact that we have to shop at the three different vendors.

Right now our focus is on user behavior, and that's part of why we joined the cloud Beta, they are our biggest risk. We don't know what they're going to do when and why, and so we've rolled out some security awareness training, we've rolled out some phishing exercises, and really trying to figure out how we can stop them being their biggest risks. Learning about what we learned today at the conference, with LogRhythm doing their phishing intelligence engine, it's going to be nice to see how we can implement that into the SIEM as well.

Security solution, number one is FTE; being a small shop and how much FTE does it take to run that? If that's a challenge for somebody, so they have co-piloting that you can do. We were able to absorb that in with two different FTEs splitting the duties, and they probably spend 45% of the time doing that. Might be different for a bigger shop, but that's our focus.

The most important criteria when selecting a vendor:

• reputation
• have they delivered on what they say they can do
• are there customers out there that we can talk to, that can validate what they're saying is actually true?

Regarding a solution being a unified end-to-end platform, it's not necessarily so important. Going forward, as we mature, more maybe, but we're really just tacking on the stuff that we go after. It's addressing certain needs, it's a little bit siloed right now, so it's not a huge need for us.

I gave it a nine out of 10 because I hesitate to rate anything a 10, that's perfect. But I think they do a great job, and I think it's more on us to really engage them more. They're always happy to talk to us about where we want to go with it, and it's just us dedicating the time to them.

Talk to people in the industry, make sure it can fit those needs you're buying it for. Proof of concept is huge. Do a proof of concept, especially in a SIEM. You don't want to just buy one and then implement it, and then try to figure out is it going to actually work for me?