LogRhythm SIEM Reviews

LogRhythm NextGen SIEM is great. We use it for log management for security purposes.

The security operation center is excellent, and we can pick logs from any system, not only the IPS or firewall. In addition, it has the capacity to accept logs and provide smart dashboards and analysis.

The most valuable feature is the SOC Security Operations Center feature. This solution has two types of systems, virtualization and the appliance. The appliance is ready and configured, so we use the IP addresses and trigger the endpoint. It's very user-friendly, and whenever anyone deploys a virtualization system, they can experience it.

The customer support system is time-consuming and needs to be improved because it is not very good. For other solutions, you can deliver whenever you have a customer problem. All you need to do is open a ticket, log into the system, and the issue is resolved. However, for LogRhytm, we have to flag the problem and then send the log, and we never know if we will receive a response in one hour or one week.

In addition, LogRhythm NextGen SIEM has one of the best analysis features, but it can still be improved. However, I believe they plan to make improvements since they're only selling the product for two systems currently.

We have been using this solution for three years.

It is a very stable solution.

It is a scalable solution.

I rate the customer support a four out of ten.

Neutral

The setup was very easy. I rate the setup a ten out of ten.

The price is very good, and it is very cheap compared to other solutions. If we compare it to SolarWind, SolarWind is not as advanced as LogRhythm NextGen SIEM.

I rate the price a nine out of ten. We always consider the features and quality before the price, but the cost is still very good. We get about 98% of the features we want.

I rate LogRhythm NextGen SIEM a nine out of ten.

This solution's use case is abnormal administrative lockouts, most of the time.

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

We'd like to receive alerts for zero-day attacks in the future. We'd like alerts that offer us better security. For example, if there are abnormal occurrences, we'd like to know right away. 

We've had issues with scaling and local support.

We've been using the solution for two years. 

It is stable. There are no bugs or glitches and it doesn't crash or freeze. It's reliable and the performance is good. 

We have seven people, admins, who are working directly with the solution. 

It's not easy to scale. Sometimes we have difficulties. For example, when doing updates, we cannot depend on our local support. In some cases that we have found, they don't have much knowledge. We have to work on separate tickets for the kinds of issues we have.

We have local support. If they cannot assist us, they do offer in-house support we can use. The first step in terms of getting help would be our local partner. 

The issue is that local support sometimes isn't as knowledgeable as they need to be. The solution should work to do more training in order to improve local support.

Neutral

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

The solution offers a pretty straightforward and simple setup. That said, you need some knowledge going into the process. 

The deployment itself took about 90 days. 

I'd rate it a three out of five in terms of the general ease of deployment as there is some complexity and a learning curve. 

There's not much maintenance. We do have to do the updates of the servers and if there is a new release and update, we work on those. For the day-to-day, we try to focus on more log-related tasks.

I can't speak to the exact cost of licensing the product. My understanding is that it is less expensive than RSA. 

We are an integrator and service provider. 

We are not currently using the latest update.

I'm not sure if I would recommend the solution to others as they still need to improve a few things. For example, support, at least on the local level, is lacking. 

I'd rate the solution five out of ten.

LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it.

LogRhythm NextGen SIEM could improve by adding more applications for the banking sector. There are not any custom applications at this time.

I used LogRhythm NextGen SIEM within the last 12 months.

The stability of LogRhythm NextGen SIEM is good.

LogRhythm NextGen SIEM is scalable.

The solution has good technical support. 

I would rate the technical support from LogRhythm NextGen SIEM a four out of five.

I have used previously ELK Logstash. In my country, LogRhythm NextGen SIEM is used more than ELK Logstash.

The installation is straightforward.

I rate the installation of LogRhythm NextGen SIEM a four out of five.

The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee.

The price of LogRhythm NextGen SIEM engineers is expensive, but when comparing them to ELK, ELK engineers are more expensive.

My advice to others is for the initial deployment it should be done by certified engineers or the authorized vendor.

I rate LogRhythm NextGen SIEM a nine out of ten.

Our customers are financial institutions, basically banks, and others in the financial sector. They have a lot of web-facing applications and technologies for which they need to have a complete trail of logs and audits. Whether they log in through their mobile devices and do mobile banking or internet banking, or do some queries, or are working on their systems, we need to have security logs for future audits and compliances. One use case is on the data protection side, because we are a data protection tech company, which determines if we need to activate security. The second is for audit trails, compliance, and if there are any issues. We need to have logs of all events and these logs are stored in the central bank. These logs have to be maintained for 10 years.

The user interface is good.

We are still implementing and have not yet completed the LogRhythm implementation for one particular customer. We haven't faced any issues right now. Once we've completed and we are doing the log analysis and the correlation and audits, at that point in time, if we find challenges, I can update you. Right now, it's okay.

Let us see once we finish the website we are working on. Then we'll understand better more of what we need. We'll probably need an improved user experience in terms of reporting and analytics. If the reports are very easy to configure and generate what we require, that will be the best thing. At the end of the day, it is just logging, correlating and reporting.

I have been using LogRhythm NextGen SIEM for the last four years. We are using the latest version.

The stability is there, it is good.

As of November we have four customers in the field of info, security, officers, managers, and risk and compliance. Generally, these are all risk and compliance teams at the financial institutions or in the government. The implementation is done by the IT security team but the reports and everything are part of the risk and compliance team.

It is scalable.

One person is more than enough to operate it. We have a specialist, one engineer who does it.

The support is quite good. We haven't had any challenges. Initially, there was something that they requested, so we logged a call and they were able to respond immediately. We had no challenges. They are quite responsive.

The initial setup is not so easy because it is quite a process. Nevertheless, from my experience in implementing SIEM, Splunk is the easiest, and LogRhythm comes next.

LogRhythm is okay, we never had any challenges.

The installation is per site. Because these are all government customers, public sector government customers, we generally take anywhere between four to six weeks for installation. We have five people doing it.

When they buy the license, whether on-prem or cloud licenses, I don't think that's all they pay. We do charge them for implementation and installation, but that's about it. Subscription is year on year.

We have tried many other products. But if you want to look for a mature product in the SIEM market - Gartner Quadrant, LogRhythm and Splunk are all leaders and are well placed products. The rest are yet to come up.

When I say LogRhythm is a mature product, I mean it covers all 360 degrees for SIEM requirements which is not there in the other products. Only a few products have this kind of totality of integration, especially in the reporting. It has very good machine learning and AI techniques. It is very good.

I of course would recommend LogRhythm NextGen SIEM to others.

On a scale of one to ten, I would give LogRhythm NextGen SIEM definitely a nine.

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

We started with LogRhythm about three years ago.

LogRhythm is stable. 

Scalability is a matter of cost. LogRhythm has the technical capacity to scale if you pay for the components and licenses. 

LogRhythm's support is good.

Setting up LogRhythm is straightforward. It is not complicated.

We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context. 

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

I have been working with LogRhythm NextGen SIEM from a company perspective for three years. 

All of the deployments that I have been involved in have been very stable, over long periods of time. There's very little in the way of breaking and fixing at all. Most complaints are typically just that the customer comes across extra requirements that need to added on to the base product.

There are some issues with scaling that I'm aware of. Most of the time, the scalability becomes increasingly more complex when increasing the indexing or when processing the loss security complex. It's not easy when we go to a high-volume customer environment where many laptops are involved, for example. In that case, it's perhaps not that easy to scale.

The technical support is good, and they are available at any time. They allocate customer assistants and account managers for taking care of all the application support. Any time that I need a technical fix and the customer is not certified, they will escalate the issue to the customer success manager who will then help solve it.

Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.

The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required. 

My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term.

I would rate LogRhythm NextGen SIEM a nine out of ten.

We really appreciate the new cloud functionality. The cloud is really showing its dominance. 

Technical support is very helpful and responsive.

The product has a lot of useful features.

There aren't really any missing features. It's quite a complete solution.

Most of the clients using the on-prem are using customized applications. In the customized applications, we are facing parsing issues and a minimum of two days is required by the LogRhythm team for parsing logs. 

Parsing is totally controlled by LogRhythm and they do not allow any partner or any third-party to handle this part and this is a key challenge on my end. This is a huge cost impact -at least on the Pakistani market. It needs to be addressed.

The solution should be less expensive.

It would be very helpful if there was Kashif a package to help users migrate from QRadar to LogRhythm.

In Pakistan, the government is in the process of developing its final recommendation of cybersecurity and data protection process. We hope this solution will prove to be compliant and will meet the requirements in the future.

I've been using the solution for approximately one and a half years at this point. It hasn't been too long just yet.

We have four or five people using the solution in our organization. They are managing the LogRhythm infrastructure.

We are in touch with their support. It's government support, and they're quite supportive, and they are quite responsive. They have a divisional team is quite responsive. 

The initial setup is complex with LogRhythm. In that Pakistan market, with LogRhythm, the climate is very limited at this point. For the on-prem, there may be only two customers, for example. One is a bank and one is serving as an MSSP.

We've added four customers to a pay-as-you-go model. You apply Windows 2000 MPS or a cloud environment. The initial setup is quite difficult, however, after making certifications we are able to provide the initial setup and got it working with the LogRhythm support team.

For maintenance, I have five engineers that are part of my security team, including me and my sales and operations. Approximately we have 14 to 15 people that can handle maintenance.

We had some assistance from the LogRhythm support team. We did not entirely do it ourselves.

The cost of the solution should be reduced. In the Pakistan market, they have competition from IBM QRadar. They have quite a significant core difference. While the quality of this product is better, IBM has a stronger penetration in the market base don price. 90% of financial institutions are doing the QRadar in Pakistan. The Central Bank is using QRadar and simply due to the cost differences.

Initially, we tested out the QRadar, however, due to some delay and due to some market awareness tests, we did not continue.

We are using the solution for our own infrastructure and we are also offering it as a service. We are the largest service provider, cloud service provider, in Pakistan. However, we use a variety of deployment models - including cloud and hybrid.

We have an ISO position for government-certified infrastructure. We have a PCI-certified infrastructure as well as a GDPI compliant infrastructure.

We work closely with this product in particular. We have a lot of hands-on experience.

I'd rate the solution eight out of ten. If it weren't for some parsing limitations in the product, I would rate it even higher.

We use it for log ingestion and monitoring activity in our environment.

It is a simpler system than what we had before. We had IBM QRadar, which used to give us everything, and we had to dig through, figure out, and piece it all together. LogRhythm lights up when an event occurs. As opposed to just giving us everything, it will piece things together for you and let you know that you probably should look at this. It also provides the evidence. 

It is easy to find what you're looking for. It is not like a needle in the haystack like QRadar was. It is not a mystery why something popped or why you're being alerted. It provides you the details or the evidence as to why it alerted or alarmed on something, making qualifying or investigations a little bit quicker and also allowing us to close down on remediation times.

Automations are very valuable. It provides the ability to automate some of our small use cases. 

The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools.

Their ticketing system for managing cases can be improved. They can either do that or adopt some of the open-source ticket systems into theirs. The current system works and gets the job done, but it is very bare-bones and basic. There are some things that could be improved there. 

They should also bring in more threat intelligence into the product and also probably start to look into the integration of more cloud or SAS products for ingesting logs. They're doing the work, but with the explosion of COVID, a lot of businesses have started to move towards more cloud applications or SAS applications. There is a whole diverse suite of SAS products out there, which is a challenge for them and I get it. They seem to be focusing on the big ones, but it'll be nice to be able to, for example, pull in Microsoft logs from Office 365. They are working towards a better way of doing that, and they have a product in the pipeline to pull logs in from other SAS applications.

The biggest thing for them is going to be moving away from a Windows Server infrastructure into a straight-up Linux, which is more stable in my eyes. For the backend, they can maybe move into more of an up-to-date Elastic search engine and use less of Microsoft products.

I have been using this solution for three years.

Bugs are there. We've encountered quite a few, but support is pretty quick at picking up and working with us through those and then escalating through their different peers until we get a solution. Now, the bugs are becoming less and less. Initially, they were rolling out features pretty quickly, and maybe some use cases weren't considered. We ran into those bugs because it was a unique use case.

It is easy to scale. We run different appliances. So, for us scaling is not an issue. Each appliance does a different piece of the function, so scalability is not a problem. We started off doing say 10,000 logs per second or MPS event, and then we quickly upgraded. Now, we're sitting at a cool 15,000. There is no need to upgrade hardware or anything. You just update the license. That is it.

We have multiple users in there. We have a security team, operations teams, server team, and network team for operations. We also have our research team, HBC team, and support desk staff. We have security teams from other universities in the States. We're sitting at a cool 50 users.

Their technical support is good. They are pretty quick at working with us. I would give them an eight out of ten. I don't know what they see on their end when a customer calls in and whether they are able to see previous tickets. It always feels like you're starting fresh every time. They could maybe improve on that end.

We had IBM QRadar for what seemed to be almost a decade. So, we just needed something different. There was a loss of knowledge transfer, as you can imagine, over a decade with different people coming in and out of security teams, and the transfer of knowledge was very limited. At the time I got on board, I had to figure out how to use it and how to maintain it and keep it going. We had some difficulties or challenges with IBM in getting a grasp on how we can keep getting support. It was a challenge just figuring out who our account rep was. After I figured that out, it was somewhat smooth sailing, and then we just decided it was time for something different, just a break-off because products change in ten years. You can either stay with it and deal with issues, or you do a break-off and get what's best for the organization.

It was complex simply because we had different products. 

We did have professional services to help us, which made the installation a little bit smoother. Onboarding of logs and having somebody with whom you can bounce ideas and who can go find an answer for you if they didn't have one readily available made the transition from one product to the other pretty straightforward.

We did a five-year agreement. We pay close to a quarter of a million dollars for our solution.

I would definitely advise giving it a look. If you're able to deal with it in your environment and just give it a chance, it'll grow on you. It is not Splunk, but it's getting there. They're gaining visibility with other vendors. The integration with third parties is starting to light up a little bit for them, unlike IBM QRadar that has already created that bond with third parties to bring in their services into the product. LogRhythm is definitely getting there, and it is a quick way to leverage in-house talent. So, if you want to do automation and you have someone who is good at Python scripting or PowerShell, you can easily build something in-house to automate some of those use cases that you may want to do. 

I would rate LogRhythm NextGen SIEM an eight out of ten.