it_user756357 - PeerSpot reviewer
Senior Security Analyst at a energy/utilities company with 1,001-5,000 employees
Real User
The ability to leverage alarm and case management features through a centralized location

What is most valuable?

The recognition of many device types, log message formats, and the most common device types out there. Then, the ability to quickly display data, and do the classification on it. That is the big value.

I have used it a lot. I have used it against other SIEMs. I have used it in conjunction with other SIEMs, and it is the easiest to use and makes the most sense to me.

How has it helped my organization?

  • Being able to gather the data into one central location.
  • Being able to leverage alarm and case management features through there on that centralized single pane of glass. That lets us work through those issues that we find from all those disparate device types, fairly quickly and efficiently using that stuff.

Key challenges and goals are retaining talent. Guys tend to do really well in this field, oftentimes monetize those skills pretty quickly. So, there is always someone willing to pay a premium out there for those skills and that talent. Therefore, you find a lot of churn from that.

What needs improvement?

I would like to see additional features around alarm management. We are producing alarms right now, and we are able to change statuses on them. But, I would like to see more details around having timers on those alarms. So, if I have a new alarm that has been sitting there for 15 minutes and no one has gotten to it, I would want some sort of alert to tell me that or a threshold I can set.

What was my experience with deployment of the solution?

I was not involved in this particular deployment, but have deployed about 25 LogRhythm deployments previously.

It is straightforward. Not too bad.

Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,667 professionals have used our research since 2012.

What do I think about the scalability of the solution?

It scales well. It can go from 1,000 messages per second to 50,000 messages per second fairly easily.

How are customer service and support?

I have used a lot of tech support, and I think it's the best out of other SIEMs that I have worked with: McAfee ESM and IBM QRadar. LogRhythm definitely has the best support.

What other advice do I have?

Go ahead and do the evaluation with their other competitors out there. Understand each of the SIEMs capabilities by sitting down with them. I think you will find that LogRhythm will win out.

A unified end-to-end platform is extremely important, because as we get going to this more holistic security model, we will be looking at minimizing the number of tools that we have to have in our environment, and trying to centralize a lot of that work into one platform, which LogRhythm is definitely one of those platforms that does that.

Most important criteria when selecting a vendor: Selecting a vendor is pretty important. We go through a lot of things, a lot of due diligence. We like to put them up against their main competitors in the market. That is generally a step we take when evaluating different vendors for a solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Mohammed Jamous - PeerSpot reviewer
Chief Information Technology Officer at a insurance company with 11-50 employees
Real User
Top 10
It has the ability to add and compare use cases
Pros and Cons
  • "AXON has the ability to add and compare use cases."
  • "The log storage capacity should be increased."

What is our primary use case?

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

What is most valuable?

The solution has the ability to add and compare use cases. 

What needs improvement?

The log storage capacity should be increased.

For how long have I used the solution?

I have been using LogRhythm SIEM for three years.

What do I think about the stability of the solution?

I rate it at 10 out of 10 for stability.

What do I think about the scalability of the solution?

I rate it at 10 out of 10 for scalability.

How are customer service and support?

I rate LogRhythm support 10 out of 10. 

How would you rate customer service and support?

Positive

How was the initial setup?

LogRhythm SIEM is easy to set up, and it took us about two weeks. 

What about the implementation team?

We had help from a person from LogRhythm.

What's my experience with pricing, setup cost, and licensing?

LogRhythm is a costly solution. I rate it five out of 10 for affordability. We have a three-year license, and you need to pay to add features like endpoint licensing, behavior analytics, etc.

Which other solutions did I evaluate?

We looked at Splunk and IBM QRadar.

What other advice do I have?

I rate LogRythm Siem at 10 out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,667 professionals have used our research since 2012.
FSE at a computer software company with 1,001-5,000 employees
Reseller
Top 5
Cost-effective, good support, and can be effectively tuned to get meaningful information
Pros and Cons
  • "As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed."
  • "It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."

What is our primary use case?

Its primary use cases are log aggregation, security information, and event management correlation.

All of our clients use different versions across the board. In terms of deployment, some use it on-prem, and some use it in the cloud. It is all over the place.

What is most valuable?

As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed. It has the capability to do that, but it probably takes a little more time to do that. 

What needs improvement?

It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup.

For how long have I used the solution?

I have probably been using it since it has been around.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

They provide very good support.

How was the initial setup?

It takes a little more time to get operationalized, but I haven't personally set it up. I'm only taking feedback from my customers when they say they've gone through the steps and the process of setting it up.

What's my experience with pricing, setup cost, and licensing?

It is a very cost-effective solution.

What other advice do I have?

Don't do it without managed services, but I would say that for any SIEM. In SIEM technology, the setup and maintenance side is different from the monitoring and alerting side. I recommend all of our customers to always go with a managed service provider to take care of the monitoring and alerting side, or at the very least, to fill in for off hours because you only have so many people on your staff. Small and medium-sized customers are our bread and butter, and most of our customers don't have the staffing for this. 

If you don't have the expertise to set it up, manage it, or the time to learn it, a managed service can help you get it set up. For most SIEMs, LogRhythm included, for the first six months, you probably need one to one half of an FTE for doing the setup, getting it operationalized, and doing all the tuning. You're going to need one-quarter of an FTE for ongoing operations, maintenance, and support. That doesn't include monitoring of alerts and the response to the alerts. If you've got it well tuned, you don't need a lot of staff to do the monitoring and the alerting during the regular daytime hours. That's where having a managed service provider during off hours and weekends is handy. It is beneficial to have a managed service to do the operational work for maintenance.

It is good, but there is room for improvement. There are plenty of solutions on the market that do a lot of what it does. It is not a huge product differentiator or market differentiator.

I would rate it an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Principal Security Analyst at a healthcare company with 10,001+ employees
Video Review
Real User
Our ability to respond quickly or the time to detect has dropped significantly. There's some things that we see now that we would have never seen

What is our primary use case?

My primary use case is to alert to any anomalies that may have security relevance as far as some of the industry regulations that apply to our health care, as well as payment card industry.

How has it helped my organization?

We have a product that is a security orchestration and response tool Demisto and I think that from the standpoint of automation and response perhaps the first version of the playbooks is not going to compare to the product that we have that's a stand alone for that purpose. However from a price point it's very attractive and I think that as it matures we'll look at probably moving over onto the LogRhythm playbooks if it can support the kind of things that we're leveraging out of this other product and it looks like that's their plan.

It was the same that was brought up in one of the talking sessions. Our users will tend to forward every email they don't like just to be safe. It's a spam review and it takes our analysts then a ton of time to go through. So we have leveraged this to go and read from the mailbox that those spam emails all get forwarded to and then to look and analyze the hashes of any files. They'll hash them or the links in the file or the sender or anything that looks funny and it'll do all the things an analyst will do and make its determinations and then we'll see from there if we have anything to follow up on.

Our ability to respond quickly or the time to detect has dropped significantly. There's some things that we see now that we would have never seen. For example, maybe a domain administrator adding an account to a server's admin group that goes against process and policy but they're doing it to troubleshoot something or whatever. We have never seen that before because of the amount of logs that come out of those Microsoft security logs and the fact that we've got 6,000 servers in our environment. But the other things that we would have seen we still see them faster. When we see something that from the power firewalls that verdict change did pass something through, but now it says it's malicious an attachment on an email or something. We can take action now far faster whereas before we might have got the indication out of our antivirus tool when somebody tried to double click the attachment.

What is most valuable?

Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring everything is just not possible. So we centralize everything and then we get it, come into the web console and we're able to triage and respond quickly to anything that is important.

We do use many other capabilities with LogRhythm. We of course collect from our printer devices and our servers as well as some of our security specific systems. We'll drink from API's. We'll also implement file integrity monitoring in our data environment. So we use a lot of different features available within LogRhythm.

It makes is possible to stay aware of much more of what's going on. We get an overview, a macro view that we can zoom in on as opposed to prior to that we had individual panes of glass. You might be stuck in the firewall interface for half a day whereas something goin on is not getting addressed that we really should probably investigate. So that's our biggest benefit.

We're not using any of the built in playbooks. We are about to go up to version 7.4 once it becomes available. We were not an early adopter because of our size.

What needs improvement?

There's two that I can think about off the top of my head. One is service protection. So for example to compare it to the antivirus product, if I'm an admin on a server I can't uninstall the antivirus product unless I have the administrator password for the antivirus not the domain administrator passwords. In the same way these guys that are out there doing upgrades in the middle of the night and stuff they don't know why anything isn't working. But the first thing they do is they want to peel off all the security products 'cause they think that's interfering. Then all of a sudden I'll have a server that is no longer even has the LogRhythm agent on it. I'm trying to figure out who uninstalled this and whatever. It gets into a situation where I just go well why is that possible? Product like Symantec antivirus or trapps or something. I couldn't uninstall it from my work station even if I'm a domain admin. I got to have that admin password for the product and I think that should be baked into the LogRhythm agent so we have more stability over our deployment.

The second thing that I would like is, like I said our login level is about 750 million logs a day, but sometimes we'll go 850 or 1.2 billion logs a day. Sometimes maybe 680. So what in my environment changed? I don't have the ability really with the tools they give me to profile the systems very well and the log sources except for running supports which I can look at and kind of the crystal reports interface or I can export it to a big giant PDF or spreadsheet. But then I'm looking, well last month the exchange service kicked out this many logs and it's a little bit more but where did the rest of it go? If I go from 750 million logs average in a day to 850 it might not just be a delta of 100,000 logs increase, it could be 150 because something else might not have generated the same amount of logs.

So for the ability for me to be able to profile a system and say what's behaving normally and abnormally you can do some of that with the AI rules and we've played a little bit with that in the past, but it would be better if it was something like what they're doing with UEBA where I can say this server kicked out 80 million logs yesterday and that's not normal for it. I'd like to see what was going on with that box. That would in some ways where my mean time to detect which servers went through a significant variance in what they typically do would be very helpful for me on a lot of days.

LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent confidence in the fact that it's not actually touching a person because a biomed is a computerized medical device that connects to a person. So in our environment with a half dozen hospitals, 130 clinics. We can't just go around shutting things down or even necessarily quarantining them because it might be a client server type of situation where we can't interrupt this if maybe they're giving a radiation treatment to someone. We have a lot of different enclaves and things. But LogRhythm allows me to see things that I may want to take action on via a human resource. I can send a desktop tech out there to make sure that whatever it is I'm concerned about is not in fact taking place.

What do I think about the stability of the solution?

In LogRhythm the stability is very good. We're pleased with it. However we have a high rate of logs for at least I think it is. We approach 750 million logs on a daily basis is about our average and if anything stops working or service needs to be restarted it will rapidly vary itself. We don't have too many problems with anything like that it's just from time to time if something's not available, resource it needs, things will begin to back up and then it's exciting trying to recover.

What do I think about the scalability of the solution?

Scalability is good. We had 23 systems not counting the collectors that are big LogRhythm servers, data processors, indexers. That monitors web consoles, pm's. We have in two different data centers we find that scaling for volume is very good. Scaling for the flip over for any disaster recovery situation we don't use Microsoft DNS we use Infoblox and the DR utility up to this point did not incorporate that product line and what was necessary. But they did take it back and that's what I like about how responsive they were. They didn't charge us the PSR's for all the time that we spent when it didn't work. They went back, they worked with Infoblox they handed off a technical document that I can work with my DNS guys back there and then reschedule the hours with PS. So it's really, I liked the way that they addressed it. They made it like we were important. I know we're one of many, but they took that back and they expanded their disaster recovery capability based on the fact that that's what we wanted.

How are customer service and technical support?

Oh, tech support's good. We generate a lot of tickets. Anything from log, sometimes the vendors will enrich their logging but then that changes the ability of the tool to parse it and so then we'll notice that a log is not parsing and everything's going to the catch all rule. We'll open up a ticket, they'll take care of that pretty timely as well as anytime that we have a high issue, something that's affecting our availability and visibility and our network, they're very responsive.

I was back in 2014, so I was assisting someone else who's primary function was to implement it and it was several full versions back. I think it was version six or five or something like that. I don't know what it was. I think your awareness of LogRhythm grows over time. There's certainly ways to do things that are advisable that you can get away with. Rules that are not two and two well when you're on a certain scale once you get big, no technology is going to really handle any efficient rules and log processing policies that are beyond what you need, right? So I think that we probably had a normal growth path and knowledge curve compared to others where we first got it and we tried to do too much, turned on a bunch of rules. Didn't know how to tune them. But I think that right now we have a solid implementation. We have 130, 150 alarm rules running. We're not maxing out resources. Everything is running really well from a reliability standpoint, availability from the product. We do wish that the web console would go back a little bit further with its look in time. However, it is fortunate that they've embraced some of the other stand alongside technology like Cabana and ELK stack where we can take a look at the parsed data and trend back over time.

What other advice do I have?

LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent confidence in the fact that it's not actually touching a person because a biomed is a computerized medical device that connects to a person. So in our environment with a half dozen hospitals, 130 clinics. We can't just go around shutting things down or even necessarily quarantining them because it might be a client server type of situation where we can't interrupt this if maybe they're giving a radiation treatment to someone. We have a lot of different enclaves and things. But LogRhythm allows me to see things that I may want to take action on via a human resource. I can send a desktop tech out there to make sure that whatever it is I'm concerned about is not in fact taking place.

If I had to rate LogRhythm I would say I give it an eight out of ten. I think that I like the direction that they're going as a company. I like their philosophy and their milestones that they lay out at these conferences. I do like them also from a product standpoint because some of the competitors are just not, they're price prohibitive as far as volume especially when you look at SIEM tools like Splunk. Small shops can afford Splunk, but big shops you got to really need Splunk to really afford it. The same with Qradar that's what we had previously where we were at and they just became price prohibitive. So I like LogRhythm, they have the full package. I like where they're going with network monitor. I like the UEBA stuff. We're not currently using that. I like the playbook integration. It seems like they're really thoughtfully maturing their product line and I think that gives me confidence for even if I have a pain point now they're going to address that going forward.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Engineer at Managed Technology Services, LLC fka LexisNexis
Real User
The customer support is friendly, attentive, and willing to help
Pros and Cons
  • "We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
  • "Their customer support is friendly and willing to help."
  • "The installation was a bit complex because we are running a virtual infrastructure."

What is our primary use case?

We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.

What is most valuable?

The most valuable features are the reporting tools. A lot of times as security, we are tasked with explaining to management and the executives how the security program is going, what our concerns are, and if we want to get anything out of them as far as budget to fix some issues. We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It has been completely stable. We have had it in for a little over a year now, fully in production, and it has never gone down once. 

The only thing we had an issue with was when I tweaked the AI roles to basically fire on everything, which then caused a lot of accelerated rollover in our events. This was simply user configuration, and not anything on the LogRhythm side. It has been a very stable solution the whole time that we've had it in.

What do I think about the scalability of the solution?

We are currently in the process of upscaling our current LogRhythm instead of buying a new one, which is really beneficial.

I don't know what they do on the back-end as far as the algorithm for crunching logs and keeping everything small and compact, but we haven't had any problems with the sizing. With some of the other systems the we have used, we quickly run into the problem where everything gets overblown and you have to go in and filter stuff out. What LogRhythm does that I like is they have all these knowledge base add-ons and modules out-of-the-box. It comes with all these features that you can use and get up off the ground running.

How are customer service and technical support?

Their customer support is friendly and willing to help. I can't compliment their support staff enough. They've been nothing but helpful. Any questions that we have, they come out and help us, or they email us. It's great to have such an attentive support staff.

Using the LogRhythm Community, you can find the answers to any of the problems that you have. Everyone out there is just trying to help each other get better. So, it's really nice.

How was the initial setup?

The installation was a bit complex because we are running a virtual infrastructure. Some of the stuff that we dealt with on the virtual machine and the discs was a little complex. However, the engineers at LogRhythm were more than willing to help. I had a little trouble because I was unfamiliar with the way vSphere works in the way that disk sizing stuff goes to get it setup.

What about the implementation team?

Everything is running on one large virtual machine instance that we have because we have a lot of virtual infrastructure. We help other companies and host their solutions. We are really versed in that. So, we have one huge deployment, and it works really well.

What's my experience with pricing, setup cost, and licensing?

The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them. So, we have used the CIS Log for a lot of ours because it was easy to put into LogRhythm and change the destination of our CIS log solution. Now, our CIS Logs go into LogRhythm, and it's easy. You see them pop up there, then you just accept them as new log sources, and bingo you're in. Now, you're working. So, it is really good.

Which other solutions did I evaluate?

Where some other engines have been touted as SIEMs, you actually have to do a whole lot of actual engineering work of your own to even get the basic functionality out of them. This is one thing LogRhythm knocks out-of-the-box. 

What other advice do I have?

It helps that the product is fully realized and ready to go as soon as you get it installed. You can immediately see results and immediately see the data coming in. You're able to collate and correlate it, obtaining your data in a quick and easy manner. 

Do a demo. See what they're offering. Just know that their support is the best.

I haven't used any of the automated playbooks yet. Our engineers are leery about having the automatic stuff go off, which I can understand. We also have separation of duties. I don't have a lot of their credentials to work with it on my own, so we would have to go back and forth with the engineers, and that is something that they don't really want to do. However, we do have our own playbooks and security team, but it's more manual. I am interested in the playbooks feature, so I will attend one of the events here to learn more about it and figure it out, then take it back to the team to get buy in on it, so we can then use it.

We have about 2500 log sources sending logs to LogRhythm right now. We have about 20 firewalls, with a lot of Windows PCs. 

It's the best solution that I've ever used. We're expanding its use, not only in our corporate network, but out to the cloud environment where we host customer data stuff, too.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
Deeper look into our applications helps us see configuration errors, enhancing security

What is our primary use case?

The primary use case is looking at our security as a whole, as an organization, trying to get all the logs collected, see how things can be integrated or what's happening through the different products. We also use it to see how people are trying to potentially circumvent security and what we can do to prevent people from doing that. Finally, we use it to get training out to end-users for certain things that they may be doing inaccurately.

We don't currently use the full-spectrum analytics or the built-in playbooks.

How has it helped my organization?

The benefits are having a deeper look into some of the applications, what's happening within them and possibly seeing configuration errors, enhancing not only the security but the functionality of different applications.

It has also provided us with increased staff productivity through orchestrated, automated workflows.

What is most valuable?

The most valuable features are the alarms, and some of the reporting features in the product are great. The web interface is awesome, it's very intuitive and gives a lot of great information.

What do I think about the stability of the solution?

So far the stability has been great. No issues whatsoever.

What do I think about the scalability of the solution?

We're actually going through an expansion at the beginning of next month and it seems to be fairly easy.

How are customer service and technical support?

We have used technical support in the past and it hasn't been an issue. They get back with us fairly quickly. Great people to talk to, very knowledgeable.

Which solution did I use previously and why did I switch?

We were using another product before, McAfee Nitro SIEM, and that product was just getting too hard to maintain. We had other people on the team and within the organization who had used LogRhythm in the past, so it came highly recommended. We checked into it, checked reviews on some of the different vendors, and LogRhythm is the one that came out on top.

How was the initial setup?

The initial setup was pretty straightforward.

In terms of the deployment and maintenance of the solution, for us right now, it was very light staff for the setup. It was two or three people that racked and stacked the servers. Once that is done, you don't really need them anymore. For maintenance, we've got two or three people on staff who manage and maintain it.

What other advice do I have?

I'd highly recommend going with the product.

Our security program is pretty much in its infancy. We're always looking to improve things. Just as IT, in general, constantly changes on a daily basis, LogRhythm is always evolving and coming out with different things, helping with innovation. It's been great.

Right now we have roughly 70 to 80 different log sources. We have about 5,000 to 6,000 events per second, and we're looking at expanding that.

I rate it at eight out of ten. It's up there, top-of-the-line, but just like with any other application or program, as you grow, there are going to be some small hiccups. They're very minor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Security Engineer at a healthcare company with 10,001+ employees
Real User
We can't feed it fast enough, gives us a ton of insights into our organization

How has it helped my organization?

We have 10 hospitals or so throughout Minnesota, and a lot of clinics and smaller health facilities. The technology stack is mostly Microsoft based. We do about 25,000 MPS.

Key challenge is just protecting PHI, personal healthcare information, that's a challenge in our industry. Patient care comes first, even before security. Then also, healthcare is a bit behind the loop. It's a large organization, we've got over 30,000 end points.

Just like any SIEM product, LogRhythm gives you a lot of insight into your organization. The web UI has been particularly helpful for our analysts and our budding SOC program. Being able to give them a nice kind of sexy layout, dashboard. And the reporting is great for management.

Then there are all the "cobwebs" that we're discovering, that LogRhythm gives us insight into.

We can't feed it fast enough, is basically what it comes down to. It's given us a ton of insight that we didn't have before. It's been magic.

What is most valuable?

The functionality of it. It definitely does a lot of things out of the box. You don't have to do a ton of tweaking and tuning, but that's there for you if you want it. Big-time usability and implementation is easy.

What needs improvement?

Maybe it's just my lack of understanding of it, but I would like to see the web UI expanded further.

I would also like to see - and there might be some documentation around it - building your own smart response plug-ins.

I think those would be pretty nice.

What do I think about the scalability of the solution?

So far so good. No complaints.

How is customer service and technical support?

It's been very good. I've had a couple instances where it's taken a week or more to figure out the issue. But usually, when it gets to the tier-2, tier-3 guys, they get it answered really quickly. We've also had a lot of success sending logs to them so they can do RegX on those for us, some custom parsing. It's nice.

The issues we had surrounded integrating the Qualys API, and some questions that we had. It ended up taking awhile to get it figured out, that we needed to get a feature request put in.

What other advice do I have?

In terms of a solution being unified, end-to-end, for us it's huge. We have a ton of different security controls. I'm sure we're not any different than any other organization. Being able to bring it all in and put it on a single pane of glass is awesome.

My rating of eight out of 10 for LogRhythm is because, while I think the support is great, the solution is a little rough around the edges. Like I said, I'd like to see the web UI built out more, and be able to jam more data into it. The fat client console feels a little rough around the edges to me, even though I use it every day. But overall, not a ton of complaints.

Definitely check out LogRhythm. That's one of the things that I've noticed in talking to other people, it seems like people really focus on other top 10 SIEM tools like ArcSight and such. I don't hear LogRhythm talked about that much, so usually I'll bring it up and say, "Hey, go check out Logger."

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Andrew S. Baker (ASB) - PeerSpot reviewer
Andrew S. Baker (ASB)Cybersecurity & IT Operations Professional (VirtualCxO) at BrainWave Consulting Company, LLC
Consultant

LogRythm is a very good tool, but it comes with a pretty hefty price tag (especially for smaller orgs than yours). While it does not have (as yet) the name of an ArcSight -- especially with larger orgs -- it is definitely making a strong name for itself in the mid-market and enterprise space.

Assistant Manager Enterprise Security
Real User
Top 20
Easy to configure, user-friendly, and has simple and informative dashboards, but the UI needs some minor changes
Pros and Cons
  • "What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
  • "One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."

What is our primary use case?

We're using LogRhythm NextGen SIEM only for a few databases. Members keep their data on our FTP server, and we monitor firewalls, endpoint management solutions, and some critical endpoints.

How has it helped my organization?

LogRhythm NextGen SIEM has improved the organization through the alarm system my team has configured. The alarm system is key to looking after all the hardware and endpoints.

What is most valuable?

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

What needs improvement?

One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead.

Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM.

For how long have I used the solution?

I've been using LogRhythm NextGen SIEM for one month now.

What do I think about the stability of the solution?

LogRhythm NextGen SIEM is a stable tool. I didn't find any instability in it.

What do I think about the scalability of the solution?

LogRhythm NextGen SIEM is a scalable tool. Scalability is one of the reasons why my organization uses it.

How are customer service and support?

When I joined the company, a ticket was previously opened with the LogRhythm NextGen SIEM technical support team. Though I didn't directly connect with support, I have information that the problem was resolved and that the support team was very cooperative and very technical in solving the problem.

How was the initial setup?

Though I didn't configure LogRhythm NextGen SIEM as it was pre-configured when I joined the company, any solution won't be difficult to implement, as long as you have an understanding and knowledge of the product or tool. I was an implementer once.

What's my experience with pricing, setup cost, and licensing?

Senior management is in charge of purchasing the license for LogRhythm NextGen SIEM, so I have no information on how much it costs.

Which other solutions did I evaluate?

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

What other advice do I have?

I work in the enterprise security department or the SOC, and I just have to deal with the logs. The tool being used within the organization for log management is LogRhythm NextGen SIEM, particularly the N-1 version.

My organization uses the on-premise version of the tool, and it's been applied to the data center.

I belong to a very small organization with a data center that has sixty people using LogRhythm NextGen SIEM. In terms of maintenance, the tool isn't difficult to maintain.

The only advice I have for anyone who'd like to start using LogRhythm NextGen SIEM is that it's a very good tool, with good features and functions.

My rating for LogRhythm NextGen SIEM is seven out of ten. I didn't give it a ten because it's Windows-based, plus I also don't like its UI that much. LogRhythm NextGen SIEM is also not as good as IBM QRadar.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free LogRhythm SIEM Report and get advice and tips from experienced pros sharing their opinions.