LogRhythm SIEM Reviews

I am a new user who just made the decision to purchase Intuit.

We are in the process of deployment. At this point, we're in the middle of rolling it out to servers and just collecting logs, so as far as the actual deployment of rule sets, and anything like that, we haven't gotten that far yet.

Our environment is Windows and Linux. We have about 1200 users. We have about 500 servers and about 1200 machines that we can be collecting from, as far as endpoints. 

The initial configuration was easy. 

We worked with professional services, and they remoted in and got us the setup and explained the setup. 

We looked at eight or nine other vendors. 

We quickly eliminated four or five of them. We ended up with a final four, which was LogRhythm, Splunk, McAfee's solution, and AlienVault. From there, for various reasons, we narrowed it down to LogRhythm and Splunk. AlienVault, we felt was a nice solution as far as being able to plug it in, get it up and running quickly, but we felt we'd outgrow it. Splunk was on the other end of the spectrum. We felt that it was very powerful, probably more powerful than any of the other solutions, but we didn't have the manpower to configure it out-of-the-box. 

From our own analysis and a lot of other customers we talked with, they confirmed the configurations on Splunk is just too top-heavy, so we felt that LogRhythm was the happy medium. A lot of customers recommended it, because of the built-in rules, and the out-of-the-box configuration is much better than Splunk, and given our team size and our internal resources, we made the decision to go with LogRhythm.

The speed at which I can get into forensic data is the most useful thing.

It’s very easy to overwhelm the system. I have some of the beefiest data that they provide, and I can still overrun the system.

The native ability to identify the correct time of logs and data also needs work, e.g. if I bring in a system log data stream, LogRhythm's ability to natively say it's a Cisco firewall or a Palo Alto firewall -- sometimes it struggles to identify the device.

I've used it for 18 months.

I love the tech support people. Everyone I have worked with knows their stuff, which is great. I have worked with other SIEM products before and it was hard to find a knowledgeable person. At LogRhythm, everyone I have talked to has been incredibly good.

We were a RSA Envision customer. Our platform was going away, so that’s one of the reasons we switched. We weren’t really impressed with the security analytics platform that they wanted us to move to. We didn’t want to make the investment they wanted. For our industry they were lacking.

I had seen LogRhythm before, and back then a few years ago, they weren’t a player in the market. Since then they have moved to a much better security analytics platform. For what we need, LogRhythm is a perfect fit.

It was very straightforward.

We did it in-house.

We have had the production environment up now for over a year. I foresee a ROI. The thing about a SIEM, is that it allows you to get a visibility quicker. It’s hard to quantify that soft cost. I’d say we are there or about to be there.

I'm not a fan of the big names in the space. I recommend it as a solution for medium to large business.

I’m in contact with them on a very frequent basis. I work with my contact a few times per month. I can’t complain about them at all.

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

This product has made it easier for our team to correlate security events and react quicker to incidents.

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

I've used it for five months.

The deployment was very smooth.

There were occasional stability problems, but they were resolved by support in a timely fashion.

No issues encountered.

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

This is our first SIEM.

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

LogRhythm's SOAR and NDR features don't stack up well against competitors. 
maybe integrating theme functionality as the other do. But in general, it's okay.

We started with LogRhythm about three years ago.

LogRhythm is stable. 

Scalability is a matter of cost. LogRhythm has the technical capacity to scale if you pay for the components and licenses. 

LogRhythm's support is good.

Setting up LogRhythm is straightforward. It is not complicated.

We work with French-speaking African countries, and it costs more than the average SIEM solution. Also, the pricing isn't too flexible. AlienVault, Splunk, and IBM QRadar are more suitable for customers on a tight budget.

I rate LogRhythm eight out of 10. With any solution, you need to deploy the use cases correctly, so the customer should understand the use cases for a SIEM. An SIEM solution only collects and centralizes logs instead of detecting unknown malware. There are no use cases that are customized to fit the customers' context. 

We typically consult with our clients and help them with necessary services.

The UEBA flow is the most useful aspect of the solution.

The initial setup is pretty easy.

While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind.

I'm not a fan of the system's user interface.

For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country.

We'd like it if the solution could be more customizable in future releases.

We've been dealing with the solution for about a year.

The solution is quite stable. There aren't issues related to bugs or glitches. It doesn't crash. It's reliable.

The solution can scale if a client needs it to.

We have clients that have 10-15 users on the solution. They are mostly security analysts. In terms of those that can actually view and escalate cases, there may only be five with such access.

At this point, there aren't any plans to increase usage.

We typically are the ones that handle technical support for our clients if they run into issues.

The initial setup is not complicated. It's quite easy and very straightforward if you follow the guides provided. I followed the guides and found it to be rather simple. It's not difficult to get everything up and running.  

The deployment doesn't take too long. You can have it ready to go in one working day. That includes installation and configuration.

We have a minimum of five people who handle maintenance and deployments.

Our company handles the installation for our clients. We can handle the implementation ourselves. We don't need a separate consultant or integrator.

In our market, for the price it costs, our clients aren't using this solution so much. It seems to be quite expensive in Nepal. That said, even with the fees and a rather high cost, it is the best product among other competitors. 

We're partners with LogRhythm.

We don't technically use the solution typically. We consult with clients and advise on products. We also provide services on the solutions we offer. In this case, we do use the product as we log issues.

We use the latest version of the solution.

For our customers, the pricing will scare off many. However, if users are concerned more with the security of their account, they'll find this is a good option.

I would recommend the product. On a scale from one to ten, I'd rate it at an eight.

The primary use case is compliance requirements. 

It is performing at the moment, but we are still in the process of implementing it.

We haven't fully integrated it or stood up the platform, so the benefits are realized yet.

The most valuable features would be the automation, reporting, and the support.

I do plan to use the full extent of the correlation and AI Engine to streamline our processes.

My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome. 

If I remember correctly, there are some compatibility issues with different browsers. The user system work only on Chrome. In order to use something like this solution, we would have to have that extra browser. It would be nice if LogRhythm had a full support compatibility across all browsers, regardless of what platform they're using and whether they are on desktop or mobile devices.

I'm a little on the fence about stability, because the platform runs on Windows at the moment. There has been some finicky administration stuff, especially if we are going to try to integrate it with our own domain's policies which need to be correctly reflected. In the instance that we have, it is not necessarily a good idea to have an endpoint security, but when you have to meet compliance and follow rules, these are some of the exceptions. There needs to be a way to allow organizations to utilize these platforms and still be in compliant.

I don't what the demand is. I know the number of systems that we have. We try to forecast the demand ahead of time by coming up and listing the services that we need in the environment, but there are still things which are probably still yet to be seen.

As we run into systems which we were not aware of and need custom integration, I don't know what the pain points will look like or if things will be overlooked: Is the system scalable enough to where it will allow me to continue to log certain things without any restrictions? I don't know at this time, and I will find out once it happens.

So far, the technical support has been good.

I was hired in because I have the skill set to implement it. The original acquisition of the product was done by other people. Now, they have somebody who has the skill set and understands the technology deploying and configuring it, then going forward maintaining it.

For the development and maintenance, it will be just me. However, for the day-to-day log analysis, there will be a second person providing that function.

While we are aware of the playbooks, we still need to look into them.

We are close to a gig of messages a second, so quite a bit of data.

To capture your use cases, understand exactly what you are looking at ingesting. Do the research as far as what the company has done. For example:

• What have they provided at organizations of similar size?
• At peer organizations, how have they implemented the solution and what are some of their pain points?

Understand what everybody else has done previously with the solution.

Probably the investigation part, being able to investigate any log. We've got so many sources that go in there that, at any given time, we can easily look up the logs on just about any system that we have.

What I'm looking for was actually in a session, here at the LogRhythm User conference, about the PIE phishing analytics. That was real interesting because right now we've got a guy that walks through that process attempting to see if the email came in, who got it, and whether or not it was exploited. That's all manual at this point. 

I think they're limited now with this to Office 365. We've got on-prem Exchange and it would be interesting to act like they're going to evolve that into that, to have that ability to look at that information a lot quicker.

We've had it for about nine years, going on 10 years. 

It's definitely evolved. It's gotten to the point where you can scale it well. We recently got the AI Engine running and realize that we need to spin off the Web Console and the AI Engine to a separate box, and off the platform manager. Then we can easily add a data processor or a data indexer to expand our processing power too.

We had some other vendors at the time, but LogRhythm beat them out. We had RSA, I don't remember what the name of their product was, and LogLogic.

It's just amazing, that you can get the information, especially the AIE information, where it correlates different logs together. It's just incredible. It's something that in the old days, that you had to use grep and go to multiple servers, versus now you just tap in and drill-down and, bam, you've got all the logs that you need. It's just amazing, the process.

• The user interface (UI)
• Ease of use, especially if you are starting off
• The AI

Key challenges and goals: Anytime you are building a program from the ground up, there is a lot of legwork to be done to get things tuned to the point where they are usable.

Effectiveness of solution in meeting security challenges and goals: It is very effective. It is a single pane of glass for all of the logs, that not just myself, but anybody who is looking for information about how the network is behaving can use. So, not just primarily a security tool, it is a tool for everybody if it is set up that way.

We run across the odd vendor which we are using that we think are large players in their environment, but there is not necessarily a native support for their log ingestion per se, where it requires customization in order to be able to parse and accept their logs. I would also like to see them expand on some of the ability to interact with other technologies in real time via the programming platforms.

It pre-existed before I got there. Once it was deployed, I have been responsible for most of the log ingestion and the tuning efforts.

It seems scalable so far. I have not had to add more devices to our deployment yet, but it has yet to be discovered.

We have used LogRhythm tech support and they are excellent. They have been very helpful.

This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.

It pre-existed before I got there.

I am very happy with the solution right now. I would absolutely recommend it and have.

Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them.

The most important criteria when selecting a vendor: It is very important for it to be unified.