It is creating a whole ecosystem, integrating different security components together, whether it is bringing the CloudAI, a UABE solution or smart response case management.
Definitely, the LogRhythm solution is a central piece. It helps us in visualization, it helps us in monitoring of our different log sources, and helps us with auditing compliance.
This is all tying things together, bringing a lot of functionality and benefit to us.
One of the features that we'd definitely like to see is the user inference, entity inference, where one entity would have a unique ID and then with that unique identity you could pull out the information or log associated with that. It helps a lot in the investigation, because currently what happens when we get an alert from LogRhythm it's just the tip of the iceberg. Then we need to do lot of investigation. But having this entity inference kind of tool would help us. We could tie all the logs with that unique entity, and we would be able to collect the information, I think it would be really cool to have something like that.
Also, with automation, like identifying new log sources and the environment, or automation of log sources that have not been reported from last month or a week. You can put up some kind of alerting system there so you can retire or look into it.
It is quite scalable. This whole solution, you can have different components on different servers or platforms. For example, I was in that meeting, and we were talking about collecting 50,000 to 60,000 messages per second, which is really a high number. I was very impressed to see how many records, 12 DPX or five or six AIE servers or similar platform managers. It looks like it's quite scalable and they are quite happy with that.
LogRythm technical support is really excellent, very good in timing and answering questions very quickly. I have not seen such a good time response with any other product we are using. In those terms they are very good.
Though we had some issues initially in terms of technical support, the expertise of technical people, but I am seeing that they have improved a lot now, so a lot of our questions and queries get solved with the technical support.
I was not initially involved in the deployment but I read all of them on the business case at that time: Splunk and ArcSight and one other.
We've got around 2500 logs per second, and primarily a Windows-based environment. We have around 300 Windows-based servers, and we are also collecting a lot of logs from the end-user devices, which are primarily on the Windows base. We also have some Lynux-based servers and also some network component firewall proxies.
Over a period of time, LogRythm has improved a lot and the future, the road map of the product, really looks nice.
The most important criteria when selecting a vendor is the scope you have defined for the business objective you want to solve, whether it will meet that objective or not. Also, for us, feedback from industry peers matters a lot, and the people who are really using a product help us a lot. It needs to suit the budget as well. So financial, commercial and meeting the business objectives.
It is quiet important that a solution be a unified, end-to-end platform
because we have limited resources. It's very difficult if we have to scale and train on all the different platforms or security tools; and once someone leaves the organization it is difficult to hire a new resource. So having something unified under one platform means that scalability. We can have someone and utilize their skills to fulfill our requirements.
I would definitely recommend LogRhythm to someone looking for this kind of solution.