LogRhythm SIEM Reviews

We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.

I am hoping that we will be able to response to threats and gain visibility into our environment that we don't currently have.

The AI Engine.

I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now.

It seems like it will scale easily with the way our environment is set up.

We have not used LogRhythm's tech support yet.

We were using an MSP and were dissatisfied with its performance. What we started to do was figure out what we could bring in-house and what we needed from a security standpoint, and this SIEM kept coming up as something we should look at.

The initial setup is complex.

We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now.

We require one person for deployment and maintenance.

I would recommend LogRhythm. I am really impressed with it, though we haven't start using it yet.

We are just in the middle of deployment of the full-spectrum analytics capabilities. We haven't finished the configuration of the product yet.

We do plan to use the built-in playbooks.

We have approximately 931 log sources at this point.

Most important criteria when selecting a vendor: 

1. The reputation of the vendor. 
2. The quality of the product. 
3. The integration into the environment that we have right now.

The most valuable feature to me is certainly the CloudAI, which I have been a beta tester of, and also the SIEM capabilities and automation.

I see CloudAI expanding greatly. It's obviously a new product for them. It will be able to give contextual evidence of people's behavior which, at the moment, whilst the SIEM does that, AI actually is that specification and concentration on people's behavior, which is a huge component in cybersecurity.

The benefits at an organizational level would certainly be that for my company, which is in healthcare, certainly a huge compliance, but also it gives me visibility of all the departments in my company, not just the IT department. I'm able to see the actions and behaviors of the whole company, not just on my campus, but remotely as well.

What still needs improvement is automation. The SmartResponse obviously does not use open APIs at the moment, so we're having a lot of problems connecting it with things like Palo Alto Traps and some other systems, things like Cisco. I know that it's on the roadmap, but at the moment that is where the weakness lies.

For myself, I would like a HIPAA configuration out of the box where I can switch on various HIPAA rules. Obviously, HIPAA has 18 very exact identifiers and I'd like those to be already in the box ready to be switched on.

My impressions of stability are exceedingly, that I've not heard any down-time. We have had to contact support a few times, but just to see how to do a few configuration settings.

It's actually been scaling incredibly well. We have put more memory in the box and we've taken some of the Websense traffic and put it onto VMs. We can take more hardware and daisy-chain them up, so we know that when we do need to have physical hardware scalability, that feature is there.

Exceptional. One of our tickets had to go all the way to level three, but it was exceptionally covered well and the resolution was incredibly timely.

It was our very first log management solution. When I joined, we did not have a cybersecurity program. My employment was to build a cybersecurity program right from scratch, right from the start. Whilst I evaluated a couple of other programs, LogRhythm came to me, through the evaluation of those, to be the clear winner.

The criteria certainly was scalability. Our company, within a year, has gone from $600 million of revenue to $1.3 billion. At that point, I knew that we had to have that scalability function.

I've been very lucky that some of my staff have very high technical knowledge on configuration of LogRhythm. If I didn't have those staff available to me, I would certainly recommend the Co-Pilot, which is an option that LogRhythm provides. I think that gives you the confidence that you've not only bought a product but, at that point, how to configure it and use it.

Very happy. Yes.

As a guidance and recommendation, I would ask them, what is your level of comfort in configuring LogRhythm? If they say to me, "Not so much," I would say, "Well, then you have to budget not just for the product, but for the Co-Pilot solution as well." If, however, they say, "No, I'm very happy. I have the skills already in-house," then I would say obviously to buy the product with the Professional Service hours.

The thing that I find most valuable is that every interface is consistent. Whether you're looking at a dashboard, a drill-down, an alarm, a search, the interface is exactly the same. As you move through the experience of looking at some type of event, some type of incident, following up on a search, everything is consistent throughout the whole user experience.

One of the evidences we have that LogRhythm is being very successful for us is in this year's penetration test. I caught the pen-testers five times in the course of their duties. That was just great ammunition to show that this works.

The biggest thing that I think needs improvement is reporting in the Web Console. Most of our reporting is done in the thick client console. The only people that have access to that, really, are the people that work for me, the administrators of the system. So the end-users, the people whose logs we consume, we give them views to their logs but they aren't able to run reports. By moving reporting to the Web Console, that would enable all of the regular, non-administrative users to run reports as well.

We've been using it for several years.

We just went through an upgrade just to increase our capacity, so we could bring in more log sources, and it's been a wonderful product for us.

It scales great, which is one of the reasons why we went to it.

Almost all the time things are handled in a proper way. We've had very good experience with technical support. On one or two occasions, a couple years ago, they were going through some growing pains because of their expansion. Our CRM, our Customer Manager, stepped in and helped us get through those hurdles.

It's actually our second SIEM tool. Our first one was not scalable. We didn't really get to pick it, it was chosen for us. We got to a certain point and we just couldn't grow it anymore. 

So we did a full RFP, a bake-off so to speak, and looked at everything that was really competitive on the market. Ended up with LogRhythm. Did our initial deployment, which lasted us for about two years. Because we did our basic measurements on a tapped-out SIEM - we didn't realize how much growth we would have once we uncapped the bottlenecks - we ran into some growth issues. We just doubled our capacity three months ago with no problems at all.

I always recommend training for everything, but that really is use, not setup. Setup is very easy. I do recommend people take advantage of the LogRhythm Professional Services. They make it very helpful, it's easy to get up and running in a day or two. Use Professional Services is my recommendation.

In terms of the most important criteria when selecting a vendor, there isn't any single important criterion. I have a spreadsheet that I use that expresses value.

• Price is one component of value 
• Usability
• Manageability
• How many resources do I have to apply to it? 
• Can I run it with one FTE? Do I need two FTEs? 
• Also, its efficiency. Does it meet all of the use-cases that we're buying it for?

The first thing you do is sit down and think about, "what are going to be my first steps?" This is the kind of thing you have to phase, really, to be successful. "What are my goals out of my first year?" Plan that out, and then plan where I'm going to go from there. Then sit down with somebody that's experienced like the LogRhythm Professional Services, or your SE, or other people you know that have used LogRhythm for a while, and review that plan and make sure that you've got some specific strategic benchmarks in place so that you can guide yourself through that growth.

I would rate it a 10 out of 10. I am very happy.

Well our eCommerce site is very important to our business. So not only NetMon, but also just knowing the traffic that's coming in and out of there, and whether it's coming from bad sources. We have to protect our eCommerce site and it is helping us do that.

• We have been impressed with the data that we're getting back. 
• We have been impressed with the look and feel, ease of use, and things of that nature.

As a security organization, we are constantly attacked, either from disgruntled ex-distributors, as we're a distributor-based company, or just people that don't like distributor-based companies at all. Therefore, we are constantly attacked, and we are pretty confident LogRhythm will put us in a good way that we can deal with this. 

We have got a lot to learn. However, doing the research that we did, it looks like LogRhythm is going to be a great solution for us that we'll be able to monitor external and internal traffic with our SIEM, again with Netmon, and log the sources that we need. 

Better knowledge transfer during implementation.

We definitely thought it was complex when we initially set it up, but that is usually just a single pain problem. It could definitely be more straightforward.

We are a new customer.

We are around 3000 logs per second. We have datacenters in Amsterdam, one in Florida, and some in Salt Lake City. It's a global company, so we get traffic from all over the place.

I don't know that I have much to answer on this yet. We have only purchased a single appliance and the NetMon appliance. I think it will be interesting to see if we need to scale, depending on if we ramp up, how many logs we're actually processing. 

We have come from a separate SIEM, SolarWinds, and just purchased LogRhythm within the past couple of months. 

They switched because they flat out didn't like SolarWinds and their interface or anything like that.

We've had, in the past in our company, ransom attacks. Prior to me being, there there was one that they paid out, and obviously, that is a painful way to go about doing business. We want to secure our data. We want to make sure that does not happen again.

We have implemented the core implementation, but we haven't done any of the onboarding or anything like that yet, but I was there. 

We were overwhelmed at first, and now we're starting to figure out what the capabilities are.

7pace and Nagios.

We chose LogRhythm due to its better interface. We had demos and felt like LogRhythm was the better solution for us. 

Do your due diligence. For the most part, you're dealing with the same data depending on who your SIEM is. It is still the same data that's being returned or that you can pull. Definitely do your research because your SIEM itself may not get you what you need out of that data. 

A unified end-to-end platform is very important to us. We don't want to go to 12 different user portals. We want to know in a quick way what we're dealing with. We want to be able to see the data without having to jump all over the place to get it. 

Most important criteria when selecting a vendor: 

1. We are buying a product that is going to succeed for us.
2. We want to know that we are going to have good support and help when we need it as we won't know anything or everything for a long time. But we have experts that we can lean on, that's a definite benefit.

• The integratedness
• The parsing
• Their partnerships with various device manufacturers

They keep it up to date, you don't have to worry about that when their products change.

I think as an aggregator it works very well, and as a case management tool it works very well. I think it works reasonably well for parsing. I think there's always room for improvement there; I'm thinking any solution that I've seen, it's just a difficult problem to solve.

We're an MSSB, we have about 10 or so different customers that all host with us. Currently we're licensed for 15,000 MPS, average, and we use about 8000 MPS average, consistently, and we're growing.

Among our key challenges is getting everybody on the same page about the value of security, and why it's worthwhile to pay for security solutions, and the people to staff them.

LogRhythm has absolutely helped improve the security of our organization. We're able to respond to potential threats in a unified system, where that was impossible before. This is our first SIEM product.

I would like to see more focus on it being a data lake. We have around 100 terabytes of data stored in LogRhythm, machine data, sensor data. That all could be used for operations tasks as well. It would really be awful to have to stand up another Splunk instance at 100 terabytes alongside of it.

Also, seeing more analytics features, and more flexibility around that, and their schema.

Bringing it out completely horizontally scalable, and also continued focus on supporting lots of different vendors, for a lot of data sources.

Scalability is not great, at the moment. That's changing with newer releases, and I know that's been a focus of the team. It's actually the purpose of my coming to the LogRhythm user conference, to learn more about that.

They're moving towards a horizontally scalable system, and frankly a lot of their competitors don't have this yet either, so it's kind of a wash in that. I think once they get to that point where they're completely horizontally scalable in all components, they'll have a leg up on the competitors, at least for a little while, until they get there as well.

Great in some areas, not so great in others. We had a lot of challenges during our initial deployment, self-inflicted in some ways. Others, we didn't have the right support, and the technical services team was stretched pretty thin when we used them.

It was hard to schedule time with them and get pre-deployment meetings, a proper architecture review on time, so we knew that our environment was ready for the deployment.

We used EiQ. It was terrible. Just straight up, they didn't fulfill support promises. They pivoted from being a self-hosted company to hosting in the cloud and offshore, using offshore analysts. So, it just wasn't a fit anymore. And their product didn't scale.

We needed something that would give us a single pane of glass, that visibility over our whole organization - and correlate all the data - without too much staffing needs.

We undersized the environment from a hardware perspective, which led to the system not performing well.

I'd say the requirements weren't really well defined, in our particular situation, but from what I've heard, other customers don't necessarily have that same issue. I think it was more so that LogRhythm was just growing at that time, and they had more customers than they knew what to do with.

We looked at RSA, we looked at Alien Vault, we looked at a vanilla ELK Stack homegrown solution. We actually evaluated that one. And we also looked at McAfee/Intel at the time, security.

We went with LogRhythm because aligning with the critical security controls, SAN security controls, was important for us. Also, the price was good, MSSP support was good. I think ultimately it was the combination of their willingness to partner with us, and the price.

I would say for us, being an MSSB, when selecting a vendor, scalability is paramount. And the support ability. If we're going to drop a lot of money on a solution, it needs to be easy for our analysts to get up to speed with it. That's worth a little bit extra, versus going with something that requires months of training just to do the basic running of the system.

If I were to advise a colleague looking at this or a similar solution, I would say take a look at all the options, figure out what you need out of a solution first, and then just make sure you evaluate it. If possible, test drive it. See what it can do, not in a sales presentation. Don't just look at a PowerPoint, actually test drive it.

I am a distributor and not an end-user of the product, so I cannot comment on use cases.

I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

I do think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments.

With that said, I think it's good enough. For the most part, I just want to have a consolidated platform for the NDR, i.e. the new MistNet NDR that they have acquired, with the current XDR. At this time, it is still two separate controls.

I have been working with LogRhythm NextGen SIEM from a company perspective for three years. 

All of the deployments that I have been involved in have been very stable, over long periods of time. There's very little in the way of breaking and fixing at all. Most complaints are typically just that the customer comes across extra requirements that need to added on to the base product.

There are some issues with scaling that I'm aware of. Most of the time, the scalability becomes increasingly more complex when increasing the indexing or when processing the loss security complex. It's not easy when we go to a high-volume customer environment where many laptops are involved, for example. In that case, it's perhaps not that easy to scale.

The technical support is good, and they are available at any time. They allocate customer assistants and account managers for taking care of all the application support. Any time that I need a technical fix and the customer is not certified, they will escalate the issue to the customer success manager who will then help solve it.

Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

The deployment for only one small or medium size environment is pretty straightforward, but for enterprise deployments where there are many different components (e.g. various appliances or other software add-ons) it can become very complex, especially for HA setups.

The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required. 

My advice is to take a look at the account directly with the account manager of LogRhythm and find a value-added distributor to support you with the sizing, consulting, use case discovery, and building up the operation maturity roadmap, in order to be truly aligned with the LogRhythm deployment in the long term.

I would rate LogRhythm NextGen SIEM a nine out of ten.

Our primary use case for LogRhythm is using the log ingestion and analytic features.

LogRhythm improves our organization by giving us insight into user activity and potential security threats.

Our mean time to detect and respond has really improved with LogRhythm. We've got more people, more visibility, and on our team, looking at security incidents, and we're able to act on things more quickly.

I see room for improvement in the log ingestion. Customizing a log source is very technical, probably more technical than it has to be.

Our security program's maturity is, I would say, fairly advanced. LogRhythm uses a maturity model of crawl, walk, run, and I think we're just about to move from walking to running.

The most valuable features, for me as user, is probably the AI engine rules and dashboards, which give us a lot more insight into our security.

The playbooks functionality will be valuable down the road, but right now my team is too small to really take advantage of it.

Our messages per second right now is probably about 4,500.

I see room for improvement in the log ingestion. Customizing a log source is very technical, probably more technical than it has to be.

Stability of the products is mostly pretty good. Like anything else, there are incidents that we have to respond to. Some very small amount of downtime, some system administration that goes along with any implementation like that.

Scalability, for us, has been very good. We've had two appliances in five years. We've been able to upgrade without too much of a problem.

We have to use tech support pretty regularly and it is sometimes not very good. We've had issues where we can't get immediate responses that we need, and cases are open for far too long.

I was not involved in the initial setup. I inherited it from a previous admin.

We probably had close to 2,000 log sources at this time. Setup for them is variable. Some are straightforward, supported out of the box, some take a little more technical expertise.

If I had to rate LogRhythm on a scale of one to 10, I would probably give it a solid eight.

Key challenge, of course, is how the threat situation changes every day. LogRhythm is on top of that and very helpful. Another challenge, of course, like many other companies, staffing is not where it should be, money is not where it's supposed to be, but we do well.

We service the University of Massachusetts, but we also have other customers, all higher-end. It's up to the customer what they want us to look at and LogRhythm, absolutely, has the tools that we need to find the data threats that the customers are interested in.

We're MSSP and we've only been using LogRhythm this past year and we've actually found several instances where we've benefited our customers with the data that we have found, that we've collected. We were able to find out what was wrong, deep dive into it, and suggest to our customers what they need to do.

I would say the amount of data that it collects and the way it correlates it, extracts it, and makes it easy for an analyst to look at it and deep dive into it. I had another SIEM before LogRhythm and it was nowhere near what LogRhythm does.

The idea to me is collecting all this data and then extrapolating all that data, and it's phenomenal.

From what I saw yesterday here at the conference, they seem to be right on track with making the Web Console much easier, case management much easier.

When you're searching on something, you see something that you think may be a threat, you have to keep threat-hunting, deep diving, and from what I saw yesterday, it looks like it's going to get a lot easier and more helpful.

Unbelievable! Very good.

Very good. I was very impressed, especially yesterday, here at the LogRhythm User Conference, I did the 7.3 session, what's coming out. We've been around, as I said, less than a year and within that time frame - and from what I saw yesterday - it's unbelievable the way LogRhythm is moving forward.

If I look back to my other SIEM solution providers, the one we had before this, it's light years difference. LogRhythm support is very, very helpful, very knowledgeable. There's always somebody there. If they don't know the answer, they're going to go find someone who knows the answer. So it's very good.

We used their Professional Services, I was one of a group of three - and the professional services - that helped roll out. It was pretty straightforward. Of course, it was different because it was all new to us, and using the Professional Services was very helpful.

The driving factor in searching for a security solution would be, in this day and age, the threats that are out there are incredible. I think LogRhythm addresses a lot of the issues that are out there. Again, it's on us to make sure LogRhythm is a solution. It's a tool. If we don't use it properly it's pretty useless at that point. It's on us.

I would say it's very important that a solution be a unified, end-to-end platform, especially in a higher-end environment.

My nine out of 10 rating is based on what they offer, and what I saw yesterday at the conference, what they're coming out with. They seem to be on top of things.

Among the different SIEMs that are out there, the companies, I would definitely recommend LogRhythm.