Trellix ESM and LogRhythm SIEM are competing security information and event management products. LogRhythm SIEM appears to have the upper hand due to its advanced analytics and extensive log management capabilities.
Features: Trellix ESM provides robust features in threat detection, real-time analysis, and proactive incident response. LogRhythm SIEM offers comprehensive log correlation, advanced analytics, and deeper insights into security events. Trellix ESM offers robust security measures, while LogRhythm SIEM provides broader analytical power for complex environments.
Room for Improvement: Trellix ESM users mention the need for a more intuitive search function, enhanced reporting capabilities, and internal functionality improvements. LogRhythm SIEM users highlight the need for smoother integration with third-party tools, a more streamlined update process, and better external tool integration.
Ease of Deployment and Customer Service: Trellix ESM is noted for its straightforward deployment process and reliable customer service with responsive support teams. LogRhythm SIEM offers comprehensive deployment documentation but is seen as having a more complex initial setup. Customer service feedback for LogRhythm is positive but less emphasized compared to Trellix ESM.
Pricing and ROI: Trellix ESM is recognized for competitive pricing, balancing cost and functionality well, providing substantial ROI in the mid-term. LogRhythm SIEM has a higher initial setup cost but delivers significant ROI over time due to its powerful capabilities and enduring value in large-scale environments. The choice depends on immediate budget concerns versus long-term investment returns.
The technical support is good; we have a separate portal for partners, and since we are paying for the service, they provide a response timeframe based on severity—critical issues are addressed within four hours, medium issues within one day, and non-urgent issues may take a couple of days.
The automated responses and detections of LogRhythm SIEM are much better and faster compared to others.
Customer support is very helpful and effectively solves my problems.
It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.
I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support.
The scalability of LogRhythm SIEM is good enough, warranting an eight out of ten rating.
LogRhythm SIEM is highly scalable as it has modular components allowing me to expand storage, indexing, or other resources as needed.
LogRhythm SIEM is scalable; it can handle about 200 or 500 devices without much difference.
Scalability is quite easier with Trellix ESM, because all we need to do is add more receivers to it, so it can go to any point.
LogRhythm SIEM still needs improvement regarding stability, particularly in environments with heavy data consumption.
The platform needs regular updates to fix problems encountered with each quarterly patch and version release.
I have noticed some problems with parsing errors, event mismatches, and data mismatching, so ensuring accurate parsing and continuous improvement according to device updates are my basic expectations as a detection engineer.
If LogRhythm SIEM could make a lightweight version of their solution, that would be quite competitive because some of my customers have a very large need but refuse to go with LogRhythm SIEM due to its complexity and high resource intensity.
There is currently no way to determine how much data is being consumed in terms of gigabytes, terabytes, or petabytes from particular devices or environments.
If there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.
The license cost is around $10 per MPS.
I find LogRhythm SIEM affordable, as it is a bit less costly than QRadar.
This helps SOC analysts significantly as they can monitor all log sources through a dashboard, quickly identifying which sources haven't reported within their specified timeframes.
We have enough budget for cloud deployment, but we choose to keep it on-prem to ensure data privacy; cyberattacks are a concern, but data privacy is the foremost priority due to sensitive government information.
The seamless integration for case management, along with a user-friendly dashboard user interface, makes tasks like threat hunting more efficient.
The weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team.
| Product | Mindshare (%) |
|---|---|
| LogRhythm SIEM | 2.5% |
| Trellix ESM | 1.2% |
| Other | 96.3% |
| Company Size | Count |
|---|---|
| Small Business | 38 |
| Midsize Enterprise | 39 |
| Large Enterprise | 83 |
| Company Size | Count |
|---|---|
| Small Business | 15 |
| Midsize Enterprise | 6 |
| Large Enterprise | 24 |
LogRhythm SIEM offers advanced threat intelligence, scalable deployment, and streamlined log management. It enhances security posture with AI-driven threat detection and comprehensive monitoring.
LogRhythm SIEM stands out for its AI-driven threat correlation, ease of log aggregation, and robust reporting. Offering real-time visibility and analytics through consistent navigation and dashboards, it integrates with security components for enhanced monitoring and response. Advanced threat intelligence and customizable alerts streamline processes and bolster security. While it faces challenges with log parsing, reporting, and dashboard intuitiveness, plans to enhance cloud integration and transition to Linux are noted.
What are the standout features?In industries like banking and finance, organizations utilize LogRhythm SIEM for centralized log management, security monitoring, and compliance. It helps detect insider threats, analyze server logs, correlate events, and monitor user behaviors. Appreciated for log ingestion and anomaly identification, it ensures robust cybersecurity and incident response by integrating data from multiple sources.
Trellix ESM is an innovative tool designed to enhance security management through its seamless integration, user-friendly deployment, customizable dashboards, and robust threat detection capabilities.
Trellix ESM is essential for comprehensive security management, ensuring effective threat detection and analysis. It integrates seamlessly with third-party systems and provides advanced correlation and security visualization. Capable of managing logs and monitoring network traffic, it enhances security across diverse environments, making it indispensable for security operations. Despite needing improved SaaS integration, API documentation, and addressing stability issues, it remains crucial for user-friendly deployment and incident analysis. Its benefits are complemented by comprehensive reporting and real-time malware protection.
What Are Trellix ESM's Most Important Features?In diverse industries, Trellix ESM is deployed for central log management and security operations, monitoring servers, virtual machines, and hybrid-cloud environments. Companies use it for managed security services and threat detection, analyzing logs and securing data. It finds great use in monitoring network vulnerabilities and event correlation, enabling service providers and MSSPs to effectively manage endpoints and hybrid-cloud setups as well as gather logs from servers and firewalls, offering abundant transparency into security threats and network activities.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
