LogRhythm SIEM Reviews

The advanced intelligence engine -- in fact, the whole suit -- is very powerful. It depends how you use it. Security management is what it's best at. As far I’m concerned, it’s one of the best.

This product is in general for medium-sized companies. For bigger companies with millions of logs coming in, it just cannot support them. The solution is not robust. It depends on the size of the companies and the size of the firewalls you have which will determine if it will work for you. Thus product is really good and easy to use for medium sized companies.

I've used it for three years.

Initially we had a lot of issues. Today it has improved dramatically, and it has no issues in deployment.

It is very stable, but we have to work with it and identify which logs we need. If we don’t, it doesn't handle the traffic well. 

Every tool is different, and you just have to work with it.

It’s one of the best customer services you could find. Everyone is very knowledgeable and helpful. You aren’t waiting around for tickets to be resolved. If they can’t resolve it, they escalate and resolve quickly.

Absolutely we have made a ROI. It resolves a lot of issues. It helps a lot of our infrastructure and everyone is benefiting. It’s absolutely worth the money spent.

They are very transparent about the licensing. They are upfront. They tell you what can handle what. They are honest people.

I have been invited to user group meetings and we have had good conversations. They have been very helpful and they understand my needs. They listen to our input and really take it seriously. They really work with us on different issues. 

Everything is fantastic.

The log aggregation is what we use it for.

We don’t have a lot of the reporting configured or the advanced analytics. When the time is right, we will we will make the most of these features.

We need to improve our internal training and use of it. We use it, but we don’t use it to its potential. It’s a very powerful and robust device and application. We don’t use it how we could.

I don’t have a lot of confidence in their support. The support is not first class. I am still working with them with follow ups with the numerous issues we have had. The appliance itself seems to be doing what it’s supposed to, but the support is lacking.

I've used it for six years.

We went through research of multiple products that were similar in nature and selected LogRhythm based on the ability to comply with regulations and the advanced features that it offered. It’s a really deep product and you can do a lot with it, but it just hasn't been realized.

It handles what we throw at it.

I have mixed feelings. We have had some issues with their internal support.

We lost our ability to access the support portal, and it took them around three weeks to resolve it. We had a new upgraded appliance implemented and professional services set it up. They failed to take all of the alerts and bring it to the new appliance.

We implemented it in-house.

The licensing has improved. It has gone down because it is no longer individual monitoring licensing, whereas before it was licensed per collection manager. They have given us decent pricing, they gave us credit for the old appliance.

I find that the ease of installation is a valuable part of the solution.

The consolidation of the logs and being able to manage the items we have coming in -- all in one product -- has really helped this company a lot.

The main area of improvement is that the client must be installed on the computer for all of the functions to work. So if the client doesn't have a customer in their system, they can’t use it.

I have been directly responsible for this install around two years. I worked with LogRhythm at another company for around three years.

We didn’t encounter any issues that were not fixable.

I can’t remember the last time it was down. It’s very stable.

The way it’s set up with agents, we can scale very well and if we need to we can just add more hardware to the system. The only limit is the hardware. We have been happy with it.

Very knowledgeable, though I wouldn’t say proactive. When you speak with technical support you don’t actual speak with someone: you leave a message, which I do not like, although they respond pretty quickly.

The scalability was the main reason for switching. You never know how much you may need and the ability to quickly adapt is great.

The ability to add something quickly is very important. It's more complete than a lot of products, such as Splunk, but you have to put in a lot of work.

With LogRhythm, security feeds and security alerts are just built in.

We did migrate recently and had help from LogRhythm.

I’d say we have an ROI. It helps us identity problems before they become issues.

Always plan for more logs than you think you have. Once you start collecting you will realize that you need more than you thought.

My relationship has been very good. When we updated our software we set up weekly meetings which really helped us with reporting. We don’t directly get in touch with support but when we do they solve our problems.

• SIEM
• File Integrity Monitoring
• Danned compliance reports (PCI, GLBA, HIPAA).

The solution has significantly reduced the time and effort necessary to manage and review logs and produce reports for regulatory compliance.

No current suggestions.

I've used it for six years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10

10/10

No previous solution was in place.

Our entire implementation was completed in one day.

The vendor team was one of the best we have ever worked with. They were able to work through issues not covered in their implementation manuals quickly, and without further support.

No ROI. The solution is in place to meet PCI compliance and improve our overall security posture.

While LogRhythm's professional services are one of the best we have ever worked with, their hourly rate is generally quoted at a much higher rate than the industry standard. Additionally, the hours necessary for an engagement are also regularly over estimated.

Several other solutions were considered including Q1 Labs (now IBM), EMC, and HP.

There were two primary reasons we selected LogRhythm. First was the ease of implementation, which was extremely simple and straight forward. Second, was the integration of file integrity monitoring. LogRhythm at the time, and I believe still today, was the only vendor that provided a solution that included integrated SIEM and FIM.

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

This product has made it easier for our team to correlate security events and react quicker to incidents.

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

I've used it for five months.

The deployment was very smooth.

There were occasional stability problems, but they were resolved by support in a timely fashion.

No issues encountered.

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

This is our first SIEM.

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

• Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
• LRM for logging and compliance, 8/10

Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.

Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.

• LRM – four years
• AIE – three years

No issues encountered.

There have been issues with the hardware which has resulted in the LRM going down a few times.

No issues encountered.

It's the best there is.

It's the best there is.

We had Tripwire, but we needed logging and SIEM, not just logging.

It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.

We had a mix of an in-house team with one from LogRhythm.

Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.

Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.

• QRadar
• RSA
• Tripwire

Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.

• Investigation
• Advanced Intelligence Engine
• Alarming and Response

We have made this the foundation of our security intelligence within our organization. It has allows us to detect and remediate Advanced Persistent Threats.

I would like to the log management database perform more efficiently.

I've used it for five years.

Some minor bugs with the mediator. Those have been fixed in patch releases a long time ago.

9/10.

9/10.

Setup was fairly straightforward. We were up and running with coverage of most log sources within two days.

We implemented it in-house. Active Directory import makes initial configuration quick and easy.

We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.

We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.