Technology Solutions Head at MANTRA TECHNOLOGIES LTD
Real User
Top 10
Mature product for logging, correlating and reporting.
Pros and Cons
  • "The user interface is good."
  • "The initial setup is not so easy because it is quite a process."

What is our primary use case?

Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

What is most valuable?

The user interface is good.

What needs improvement?

We are still implementing and have not yet completed the LogRhythm implementation for one particular customer. We haven't faced any issues right now. Once we've completed and we are doing the log analysis and the correlation and audits, at that point in time, if we find challenges, I can update you. Right now, it's okay.

Let us see once we finish the website we are working on. Then we'll understand better more of what we need. We'll probably need an improved user experience in terms of reporting and analytics. If the reports are very easy to configure and generate what we require, that will be the best thing. At the end of the day, it is just logging, correlating and reporting.

For how long have I used the solution?

I have been using LogRhythm NextGen SIEM for the last four years. We are using the latest version.

Buyer's Guide
LogRhythm SIEM
November 2022
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,474 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability is there, it is good.

As of November we have four customers in the field of info, security, officers, managers, and risk and compliance. Generally, these are all risk and compliance teams at the financial institutions or in the government. The implementation is done by the IT security team but the reports and everything are part of the risk and compliance team.

What do I think about the scalability of the solution?

It is scalable.

One person is more than enough to operate it. We have a specialist, one engineer who does it.

How are customer service and support?

The support is quite good. We haven't had any challenges. Initially, there was something that they requested, so we logged a call and they were able to respond immediately. We had no challenges. They are quite responsive.

How was the initial setup?

The initial setup is not so easy because it is quite a process. Nevertheless, from my experience in implementing SIEM, Splunk is the easiest, and LogRhythm comes next.

LogRhythm is okay, we never had any challenges.

The installation is per site. Because these are all government customers, public sector government customers, we generally take anywhere between four to six weeks for installation. We have five people doing it.

What's my experience with pricing, setup cost, and licensing?

When they buy the license, whether on-prem or cloud licenses, I don't think that's all they pay. We do charge them for implementation and installation, but that's about it. Subscription is year on year.

Which other solutions did I evaluate?

We have tried many other products. But if you want to look for a mature product in the SIEM market - Gartner Quadrant, LogRhythm and Splunk are all leaders and are well placed products. The rest are yet to come up.

When I say LogRhythm is a mature product, I mean it covers all 360 degrees for SIEM requirements which is not there in the other products. Only a few products have this kind of totality of integration, especially in the reporting. It has very good machine learning and AI techniques. It is very good.

What other advice do I have?

I of course would recommend LogRhythm NextGen SIEM to others.

On a scale of one to ten, I would give LogRhythm NextGen SIEM definitely a nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Assistant Manager Enterprise Security
Real User
Easy to configure, user-friendly, and has simple and informative dashboards, but the UI needs some minor changes
Pros and Cons
  • "What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
  • "One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."

What is our primary use case?

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

How has it helped my organization?

LogRhythm NextGen SIEM has improved the organization through the alarm system my team has configured. The alarm system is key to looking after all the hardware and endpoints.

What is most valuable?

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

What needs improvement?

One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead.

Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.

For how long have I used the solution?

I've been using LogRhythm NextGen SIEM for one month now.

What do I think about the stability of the solution?

LogRhythm NextGen SIEM is a stable tool. I didn't find any instability in it.

What do I think about the scalability of the solution?

LogRhythm NextGen SIEM is a scalable tool. Scalability is one of the reasons why my organization uses it.

How are customer service and support?

When I joined the company, a ticket was previously opened with the LogRhythm NextGen SIEM technical support team. Though I didn't directly connect with support, I have information that the problem was resolved and that the support team was very cooperative and very technical in solving the problem.

How was the initial setup?

Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.

What's my experience with pricing, setup cost, and licensing?

Senior management is in charge of purchasing the license for LogRhythm NextGen SIEM, so I have no information on how much it costs.

Which other solutions did I evaluate?

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

What other advice do I have?

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version.

My organization uses the on-premise version of the tool, and it's been applied to the data center.

I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain.

The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions.

My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
LogRhythm SIEM
November 2022
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,474 professionals have used our research since 2012.
Kashif Ali - PeerSpot reviewer
Unit Head Titanium (Security Solution) at RapidCompute
Real User
Top 10
Great features with good cloud functionality and excellent technical support
Pros and Cons
  • "Technical support is very helpful and responsive."
  • "Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end."

What is most valuable?

We really appreciate the new cloud functionality. The cloud is really showing its dominance. 

Technical support is very helpful and responsive.

The product has a lot of useful features.

What needs improvement?

There aren't really any missing features. It's quite a complete solution.

Most of the clients using the on-prem are using customized applications. In the customized applications, we are facing parsing issues and a minimum of two days is required by the LogRhythm team for parsing logs. 

Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end. This is a huge cost impact -at least on the Pakistani market. It needs to be addressed.

The solution should be less expensive.

It would be very helpful if there was Kashif a package to help users migrate from QRadar to LogRhythm.

In Pakistan, the government is in the process of developing its final recommendation of cybersecurity and data protection process. We hope this solution will prove to be compliant and will meet the requirements in the future.

For how long have I used the solution?

I've been using the solution for approximately one and a half years at this point. It hasn't been too long just yet.

What do I think about the scalability of the solution?

We have four or five people using the solution in our organization. They are managing the LogRhythm infrastructure.

How are customer service and technical support?

We are in touch with their support. It's government support, and they're quite supportive, and they are quite responsive. They have a divisional team is quite responsive. 

How was the initial setup?

The initial setup is complex with LogRhythm. In that Pakistan market, with LogRhythm, the climate is very limited at this point. For the on-prem, there may be only two customers, for example. One is a bank and one is serving as an MSSP.

We've added four customers to a pay-as-you-go model. You apply Windows 2000 MPS or a cloud environment. The initial setup is quite difficult, however, after making certifications we are able to provide the initial setup and got it working with the LogRhythm support team.

For maintenance, I have five engineers that are part of my security team, including me and my sales and operations. Approximately we have 14 to 15 people that can handle maintenance.

What about the implementation team?

We had some assistance from the LogRhythm support team. We did not entirely do it ourselves.

What's my experience with pricing, setup cost, and licensing?

The cost of the solution should be reduced. In the Pakistan market, they have competition from IBM QRadar. They have quite a significant core difference. While the quality of this product is better, IBM has a stronger penetration in the market base don price. 90% of financial institutions are doing the QRadar in Pakistan. The Central Bank is using QRadar and simply due to the cost differences.

Which other solutions did I evaluate?

Initially, we tested out the QRadar, however, due to some delay and due to some market awareness tests, we did not continue.

What other advice do I have?

We are using the solution for our own infrastructure and we are also offering it as a service. We are the largest service provider, cloud service provider, in Pakistan. However, we use a variety of deployment models - including cloud and hybrid.

We have an ISO position for government-certified infrastructure. We have a PCI-certified infrastructure as well as a GDPI compliant infrastructure.

We work closely with this product in particular. We have a lot of hands-on experience.

I'd rate the solution eight out of ten. If it weren't for some parsing limitations in the product, I would rate it even higher.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Information Technology with 501-1,000 employees
Video Review
Real User
Top 10
Provides a comprehensive and powerful view of our environment from one dashboard
Pros and Cons
  • "This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network."
  • "Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."

What is our primary use case?

We have about 600 employees supported by this solution. Our goal is to try and bring in at least one additional application into our SIEM tool each month so that we can get better insights for those particular platforms.

How has it helped my organization?

This solution has improved our organization in many different ways. The biggest benefit is being able to view all information in one dashboard instead of having to look at several different applications and dashboards. I can see information across our entire environment and every aspect of our network.

LogRhythm really helps with our cybersecurity exposure because it gives us insights to make us more proactive versus reactive regarding events happening in our environment. LogRhythm gave us so much insight into blind spots that we didn't even know we had.

LogRhythm also really helped our environment in terms of security posture because it gives us so much more information that we can use in a timely manner. Some of our other providers don't give us reports until as late as the next day. With LogRhythm, we can have alarms triggered within seconds that let us know that there are particular things that need to be addressed. This is much quicker than if we just trusted that particular vendor to let us know.

What is most valuable?

My favorite feature is the Drill Down which allows us to look at several different logs originating off of one particular alarm. If there is suspicious activity, we can use that feature to access one dashboard with different anomalies that might stand out or different places where alarms would've been triggered for particular events. 

We use the Event Log Filtering feature quite often. It makes it much easier to find useful information in our SIEM tool in a quick and efficient manner. There have been several times when we have imported 20,000 plus logs within a matter of minutes and it makes it much easier to find what we're looking for, especially when time matters.

The Event Log Filtering utility also allowed us to find information much quicker in our environment because it simplified the process of finding information. 

What needs improvement?

Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm. We would like to plug in an API key for another system and have that vendor's information readily available. 

For how long have I used the solution?

We've been using LogRhythm as our SIEM provider for about five or six years now. I have personally only been using it for the last six months, learning the ins and outs of how it can support our organization. 

What do I think about the stability of the solution?

LogRhythm is very stable and reliable.

What do I think about the scalability of the solution?

LogRhythm has amazing scalability potential for whatever your particular needs are.

How are customer service and support?

We've had really good experiences with LogRhythm's technical support for things that are already in the environment. When it comes to trying to innovate with some of the newer things, this has been a little bit more difficult. I feel like they could be a little bit more intuitive going forward. I would rate their technical support an eight out of ten.

How would you rate customer service and support?

Positive

What other advice do I have?

I would rate LogRhythm an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior System Administrator at DP Infotech Pvt Ltd
Real User
Reliable with good dashboards but needs better alerts
Pros and Cons
  • "It's reliable and the performance is good."
  • "We've had issues with scaling and local support."

What is our primary use case?

This solution's use case is abnormal administrative lockouts, most of the time.

What is most valuable?

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

What needs improvement?

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

For how long have I used the solution?

We've been using the solution for two years. 

What do I think about the stability of the solution?

It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

What do I think about the scalability of the solution?

We have seven people, admins, who are working directly with the solution. 

It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

How are customer service and support?

We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

How was the initial setup?

The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

The deployment itself took about 90 days. 

I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

What's my experience with pricing, setup cost, and licensing?

I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

What other advice do I have?

We are an integrator and service provider. 

We are not currently using the latest update.

I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

I'd rate the solution five out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
FSE at a computer software company with 1,001-5,000 employees
Reseller
Top 5
Cost-effective, good support, and can be effectively tuned to get meaningful information
Pros and Cons
  • "As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
  • "It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."

What is our primary use case?

Its primary use cases are log aggregation, security information, and event management correlation.

All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

What is most valuable?

As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed. It has the capability to do that, but it probably takes a little more time to do that. 

What needs improvement?

It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup.

For how long have I used the solution?

I have probably been using it since it has been around.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

They provide very good support.

How was the initial setup?

It takes a little more time to get operationalized, but I haven't personally set it up. I'm only taking feedback from my customers when they say they've gone through the steps and the process of setting it up.

What's my experience with pricing, setup cost, and licensing?

It is a very cost-effective solution.

What other advice do I have?

Don't do it without managed services, but I would say that for any SIEM. In SIEM technology, the setup and maintenance side is different from the monitoring and alerting side. I recommend all of our customers to always go with a managed service provider to take care of the monitoring and alerting side, or at the very least, to fill in for off hours because you only have so many people on your staff. Small and medium-sized customers are our bread and butter, and most of our customers don't have the staffing for this. 

If you don't have the expertise to set it up, manage it, or the time to learn it, a managed service can help you get it set up. For most SIEMs, LogRhythm included, for the first six months, you probably need one to one half of an FTE for doing the setup, getting it operationalized, and doing all the tuning. You're going to need one-quarter of an FTE for ongoing operations, maintenance, and support. That doesn't include monitoring of alerts and the response to the alerts. If you've got it well tuned, you don't need a lot of staff to do the monitoring and the alerting during the regular daytime hours. That's where having a managed service provider during off hours and weekends is handy. It is beneficial to have a managed service to do the operational work for maintenance.

It is good, but there is room for improvement. There are plenty of solutions on the market that do a lot of what it does. It is not a huge product differentiator or market differentiator.

I would rate it an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Systems Administrators at a tech services company with 201-500 employees
Real User
Top 5
Very helpful for monitoring and alarming, very stable and scalable, and excellent technical support
Pros and Cons
  • "File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
  • "It should have some more message monitoring features. It can also have some free message monitoring tools."

What is our primary use case?

I use LogRhythm for PCI DSS compliance. All of our devices are sending logs to LogRhythm. I have set up Silent Integrity Monitoring, Data Loss Prevention, Registry Integrity Monitoring, and other alarms for detection, and we do investigations.

How has it helped my organization?

I don't have metrics, but it has really improved the monitoring and alarming for us. 

What is most valuable?

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

What needs improvement?

It should have some more message monitoring features. It can also have some free message monitoring tools.

For how long have I used the solution?

I have been using this solution for about two years.

What do I think about the stability of the solution?

It has been very stable. There are no major issues. It has been exactly doing what I expected it to do.

What do I think about the scalability of the solution?

It has been very scalable in terms of adding new systems and stuff like that. It has been quite good.

We have plans to increase the usage of LogRhythm. We have some new solutions and new networks coming up. We might be looking to expand within the next two years to onboard new systems.

How are customer service and technical support?

Technical support has been excellent so far. I never had any issues with technical support. Their support has been excellent.

Which solution did I use previously and why did I switch?

I didn't use any other solution previously.

How was the initial setup?

It was pretty straightforward. The actual deployment of it took about two days, but the implementation strategy took longer. It took a couple of months for meetings and planning with different experts, project managers, and engineers. They looked at our business requirements and other things.

We have two administrators and two analysts. Four of us are managing the system.

What's my experience with pricing, setup cost, and licensing?

It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that. 

Which other solutions did I evaluate?

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.

What other advice do I have?

I would definitely recommend this solution for compliance requirements, such as PCI DSS compliance. It does cost a great amount, but its pricing is competitive with some of the other vendors. If it is a necessity to have a SIEM solution, I would definitely recommend LogRhythm.

I would rate LogRhythm NextGen SIEM a nine out of ten. It has been really good. So far, my experience has been seamless. They should keep doing what they're doing.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cybersecurity Analyst with 201-500 employees
Video Review
Real User
Top 10
Can search through metadata in different ways and helps reduce administrative overhead costs
Pros and Cons
  • "The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on."
  • "The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."

What is our primary use case?

We've been using this solution to aggregate and correlate logs to dive a little bit more into auditing any sort of suspicious activity or malicious ideas that are going on within our network and using it for compliance purposes.

How has it helped my organization?

We partner with another company to help co-manage LogRhythm SIEM, and it definitely brings everything down to a single pane of glass, especially for people who are coming into the cybersecurity industry and don't have as much experience. It helps to correlate things to where they're more human-readable.

It has also increased our overall rate of efficiency by about 10 to 15%.

What is most valuable?

The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.

The Event Log Filtering feature filters out certain logs that we don't need, and it has definitely helped decrease costs and increase efficiency for all of the products. With its hardware being on-premises, it reduces resources all around and makes it more efficient.

The Event Log Filtering feature has also helped us reduce our administrative overhead by approximately 10 to 15%.

In terms of managing workflows and cybersecurity exposure, LogRhythm SIEM is very efficient and is a good tool to use for locating and auditing any sort of activity that goes on in the network. It's very helpful for tracking and finding, even down to a granular level or up to events.

It's definitely been helpful with blind spots, especially in terms of vulnerabilities that aren't picked up by the scanners that we have. There were multiple instances where we've had brute force and various types of attacks that were quickly escalated to us via alarms and that were easily read and acted on.

What needs improvement?

The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be.

For how long have I used the solution?

I've been using LogRhythm SIEM since 2016.

What do I think about the stability of the solution?

The stability is great. We had an agent go down on a DC once or twice, and it just involved a restart. That is about it. The stability of the hardware and the software itself is awesome.

What do I think about the scalability of the solution?

We're going to be scaling soon, and there hasn't been any reason to switch away from LogRhythm. So far, scalability-wise, it's been able to fit our environment well.

What other advice do I have?

You would be wrong to think that LogRhythm SIEM is an outdated solution. I use it every day, and it has helped me fix or see vulnerabilities or compromises in our network that I wouldn't have seen before. It's still definitely around.

On a scale from one to ten, I'd rate LogRhythm SIEM an eight.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.