LogRhythm SIEM Reviews

We are about 5000 users. At this point, we only have one XM appliance with an external storage. We're looking for a vendor right now, for a sales engineer to work with us in trying to upgrade it. We're looking to expand it. We're looking at monitoring more our work stations. We have about 1000 servers on it, and about 300 to 500 routers and switches on our system. And of course, we are also a Windows shop, so we have about 4000 to 5000 units on it.

A lot of it is being a single point of log management for the whole company, not only for our compliance, but basically it has become an operational tool for our company, for our day-to-day stuff. And it's more, on my end, for the security solution.

It's a compliance tool for our needs.

Security analytics, cloud security, log management are also definitely valuable. We're looking at all the cloud features at this point, even antivirus is going to cloud. A lot of analytics are going to the cloud. So, we're looking at LogRhythm, what it's going to do at with the AI cloud stuff.

What I would like to see is improvement on the analytics, especially on the cloud and intelligence workspace.

We have one box right now. We're in the process of scaling that, so I can't speak to this.

I've been working a lot with technical support, technical professional services. We just recently did an audit of our system. I'm waiting to get a report from that, so that's one of the things I'm working with.

They're pretty much responsive. The only basic thing is, when support issues are passed on to a first-level support, it takes a while to get to the second-level support to make sure the first-level support answers all our questions. Sometimes it's a challenge to bring it to the second level of support and get the answers that we need.

No. We have always done our homework and we believe that LogRhythm continues to be our solution.

It was pretty straightforward. I was happy with the deployment team. They were onhand and they were explaining a lot of stuff that was happening, so I feel pretty good about the initial deployment.

No.

The driving factor for our company is compliance. And next, for our security team to make sure that there's no occurrence of anything that we don't know about, besides operational issues.

My key challenge is to make sure that LogRhythm stays relevant on our day-to-day stuff, making sure that we can have a quick analysis of what's happening in our network, what's going on, and what our security posture is at a given time. For my needs, I'm looking more for it to bring a more comprehensive picture of our security, for the whole network, since I'm routing all the logs to it.

The most important criteria when selecting a vendor is technical support. At the end of the day, when all is said, price and pricing and so on, you will have to deal with technical support one way or the other.

In terms of a solution being a unified end-to-end platform, it's one of the top 10 SIEM tools on my list right now. A lot of our auditors are saying, "We need to track to a one flat form where we could see a dashboard, where we could see how everything is going on in our network."

My customers use the solution for user behavior analytics and as an anti-malware and anti-threat kind of tool. My customers are in finance-related areas. I deal with some gambling companies, and in my country, it is categorized under the finance sector.

The solution's features include good visibility of events, faster response to threats, and advanced ability to analyze events and data. In general, the visibility of events and advanced analysis of events are good.

The tool needs to improve the implementation part and have a virtual list of files for a virtual appliance or something like that because it is a very complicated area when it comes to implementation. There are a lot of pieces that need to be installed and prepared, and, of course, there is a need for virtual resources. The tool must offer better virtual resources and prepare some virtual appliances with some ISO or VMDK files. I don't care, but the solution must do something to improve the product. There are too many things that are complicated during the implementation phase.

I have been using LogRhythm SIEM for a year. I use the solution as a partner.

Stability-wise, I rate the solution an eight out of ten.

It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.

From LogRhythm's perspective, my company deals with small to medium businesses.

The solution technical support team provides quick answers to any request. The team's knowledge and way of resolving issues are also fast. We haven't had any problems reaching out and getting the support we need for the tool. I rate the technical support a ten out of ten.

Positive

The product's initial setup phase is pretty complex. The tool offers good guidance, and everything else is clear, but there are a lot of steps involved in the implementation. From the client's end, there is a need to include a lot of people, like system admin, DB admin, and network admin. Sometimes, I think the tool needs to improve something in the area of the setup phase so that there aren't difficulties during the implementation process.

If ten means easy setup and one means difficult, I rate the product's installation phase a four out of ten.

The solution is deployed on an on-premises model.

If everything is prepared already, the solution can be deployed in one or two days. In the end, there are a lot of things that you need to prepare before starting the tool's use, so it takes two to five days for the initial deployment, but after that the installation processes take just two days.

For my customer, I think the tool is reasonably priced. I think the tool is reasonably priced. There is a need to pay per year towards the licensing costs of the tool. From what I heard, the tool has a very reasonable price, and users pay on a yearly basis for its licensing charges.

Speaking about how LogRhythm SIEM influences operational costs, or if it does have any security efficiency, I would say that I don't work with the tool every day to know what the operational cost benefit is. In any case, with fewer people, the tool has better visibility. There is a need for three or four people in a team for SIEM. The tool ensures better efficiency of the team by improving costs, but I am not very sure how to explain it as the tool has centralized events as it is spread out geographically with a lot of branches. We get a better understanding of the networks in different countries with the centralization part, improving the efficiency of the SIEM team.

With LogRhythm SIEM, there is a need to deal with a lot of customized services. The tool spends a lot of time with professional services for customization. The good part is that the support team finishes their job very quickly and offers very good responses when it comes to the area of customization. There was a little disappointment since the tool did not have some of the parsers for some systems in the environments, like IBM, which was a surprise. In any case, support did the job, as there were tons of customizations needed. We were able to deal with the customization area and resolve the issue around it, making it a very customizable tool. It is a very flexible tool. I spend a lot of time with the support team doing the customizations. Customizations take a lot of time, but they are still a plus.

I have not noticed any AI elements in LogRhythm SIEM.

I recommend the tool to others.

It is a perfect search engine, and every report is analyzed really quickly and in a straightforward manner. The tool has an easy GUI, and it is the perfect choice for security analysts. The tool has consoles, including an administrative console and a web console. For some people, that can be a problem. I think it is really good when you have administrative guys who deal only with the solution and analysts who deal only with the analyzed part without some preparation for the core configuration. Everyone can deal with the day job. For me, the tool is advanced, but maybe for others, it can be an issue. In any case, it is really visible to others for documentation. The tool is scalable and really operational. The tool is easy to use and for sizing. In the end, it is a good tool. In the Serbian market, most of the tools demanded are on-premises. When it comes to the on-premises solution, I think LogRhythm is one of the best tools. We are a little different than the other parts of the world. Everyone wants to go to the cloud, but here, everything wants to be kept on an on-premises model. The market in Serbia is very strange because we aren't a part of the European Union, and so, with regard to compliance, we always have some problems. The companies in Serbia like to have on-premises solutions because most financial institutions, banks, or government institutions have data centers, so they won't go to the cloud. In Serbia, we don't like to deal with cloud solutions, especially when the data needs to be consumed somewhere in the cloud because the biggest problem is the cost of cloud solutions for SIEM tools. Most of the applications and everything is also hosted on-premises in Serbia. Normally, the SIEM tools are used in an on-premises model.

I rate the tool a nine out of ten.

We operate a Security Operations Center. We have to provide internal security to our client base and intel. That's why we use it.

We mostly deal with phishing email attacks from our Intel-related clients. So, most of the cases are related to using the SIEM. And we receive the logs in our database to do all those things.

In Sri Lanka, we have a local SIEM supplier. And in addition to that, if we need some more calibration or help with incidents, we raise a ticket to LogRhythm, and they will give us their support.

It is good for us. 

The price could be improved.

In future releases, I suppose if they can give us some training related to LogRhythm, that would be very beneficial. I suppose the training is not enough.

And the product might be a little bit complex for non-experienced people

I have been using it for two and a half years. 

It is good. 

Positive

Our Security Operations Center (SOC) and our SIEM use LogRhythm. We have to renew our license and are looking for another SIEM. We are doing a comparison with Elastic.

The initial setup is complex. There's a complexity, actually. We have received some training in the last two and a half years. We got training from our local supplier. Actually, we haven't received any training before from [LogRhythm], so I suppose they should provide training for that.

I suppose there's a very high cost in that. So that's the main reason we are trying another solution.

I would recommend it to others. Overall, I would rate it an eight out of ten. 

LogRhythm SIEM is primarily utilized for cybersecurity analysis and incident management.

Its most valuable features include robust dashboards and effective alerts. I find LogRhythm's log management capabilities to be beneficial.    

We integrate multiple credentials and feeds from various sources to enrich customer data. However, we haven't extensively explored its capabilities for compliance reporting as it hasn't been a priority for our clients.

Regarding identifying potential security incidents, LogRhythm's preconfigured alerts are quite effective in detecting vulnerabilities. As for the impact of LogRhythm's log management capacity on security posture, it largely depends on the deployment type. The analytics and intelligence features, particularly the correlation functionalities, have proven valuable in catching complex cyber security threats.

I have been using LogRhythm SIEM for 1.5 years.

We haven't encountered any significant problems, so it effectively keeps our processes running smoothly. I'd rate it an eight. It's generally stable, though we haven't faced any major stability issues.

I'd give it a 6 because appliance-based setups can sometimes pose scalability issues, but otherwise, it's fine. 

We have specialists, and whenever we need technical support, we can easily get it.

Positive

LogRhythm SIEM is a factor in our capabilities, particularly for incident response and insurance management.

The incident response times have improved since implementing LogRhythm SIEM.

On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either.

Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution.

My advice for someone considering implementing LogRhythm SIEM would be to start with proper controls and understand the value it provides.

Before installing the solution, users should consider factors like EPS calculations and endpoint support to ensure proper sizing, especially if not going for an appliance.

Overall, I'd rate this product an 8 and would recommend it to others due to its cost-effectiveness, value for money, and user-friendly nature.

It's a next-generation SIEM solution. We use it for our clients. 

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

It's not easy for someone new to the solution. There are some complexities involved with the initial onboarding. It needs to have more user-friendly dashboards and onboarding processes. 

It is a premium solution which means it is quite expensive. 

I've used the solution for the last three years. 

The solution is scalable. I'd rate it eight out of ten. There are no bugs or glitches. It's reliable, and the performance is good. 

The solution is very scalable vertically as well as horizontally. It is great for big setups. You can scale as per your requirements. There's no issue with expansion. I'd rate the solution nine out of ten in terms of ease of scaling if a company has multiple locations or has a setup across countries. 

We are a gold partner. We've never faced any support issues. They are very helpful and responsive. 

Positive

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

The solution can be difficult to set up. I'd rate the process six out of ten. You need to know what you are doing. There are complexities involved. 

A hardware-based setup would require some configurations. Typically, we need a minimum of three to four weeks to do a setup. 

The solution is moderately priced. Sometimes they give good deals if there is a larger requirement. 

If the solution is on-prem, there is a cost to investment. If it is on cloud, this is not the case. 

We are a gold partner. 

I'd recommend the solution to others. It has a lot of new features and offers AI and ML. There is good support, scalability, and flexibility on offer. 

I'd rate the solution seven out of ten. 

We have 250 cases in LogRhythm. It's used for collecting logs and analyzing logs from the servers.

The solution has the ability to add and compare use cases. 

The log storage capacity should be increased.

I have been using LogRhythm SIEM for three years.

I rate it at 10 out of 10 for stability.

I rate it at 10 out of 10 for scalability.

I rate LogRhythm support 10 out of 10. 

Positive

LogRhythm SIEM is easy to set up, and it took us about two weeks. 

We had help from a person from LogRhythm.

LogRhythm is a costly solution. I rate it five out of 10 for affordability. We have a three-year license, and you need to pay to add features like endpoint licensing, behavior analytics, etc.

We looked at Splunk and IBM QRadar.

I rate LogRythm Siem at 10 out of 10. 

I'm a user, administrator, and analyst. We are using version 7.4.

The solution is deployed on-premise. Three people are working with this product in our company.

Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default.

Sometimes the Platform Manager crashes because it's built around Windows.

Every component is on a separate device. Right now we are just integrating log sources. We didn't do any threat intel or use cases until now. I did this with another customer, but with QRadar.

They have to think like IBM. IBM did X-Force public cloud, which is a beautiful tool that gives us threat intel feeds. LogRhythm doesn't have this solution, but maybe they want to integrate this. The Client Console is very bad.

The console is for administrators to add log sources or do some basic investigation. It is a very bad GUI. I think it's very old and built upon an old OS. They have to get rid of it or use a web-based application or develop it in the Client Console application.

I have been using LogRhythm for one year.

It's very scalable. We can scale up or have vertical or horizontal. If you want to add more indexers or connectors, it's easy to implement.

We haven't opened any cases until now. I used to work with QRadar, and sometimes it takes very long to receive a reply from IBM. We didn't experience any use cases until now, but with LogRhythm, we have some delays from the implementation view.

LogRhythm is expanding in my country, Egypt. Multiple customers have moved to LogRhythm. So, they don't have many people for support. We have to schedule a session, and then in implementation engage with engineers.

Initial setup was complex.

We have multiple data indexers, and each component is on a separate device. I think QRadar has many tools from the point of view of applications integrated within the SIEM solution, like threat intel or use case manager. In LogRhythm, I don't see this.

Maybe we haven't gotten so far in the implementation, but in QRadar I can feel it's easier from the initial setup. We have only these components placed on one site. We don't have another recovery site.

I didn't see the RFP, but I heard that it is more expensive than QRadar. I remember one customer implemented only one QRadar in two sites. It cost them $2 million, I think. Maybe LogRhythm is much higher.

QRadar is built around Red Hat, so it's more stable. I think LogRhythm is more complicated than QRadar.

I would rate this solution 7 out of 10.

When you integrate a log source by default, you have to know what the customer needs or the process that is wanted, because we did the reconfiguration multiple times for log sources.

So, they have to also follow the MITRE ATT&CK Framework, because by default LogRhythm collects the common logs, so you have to enable this.

To estimate it in the licensing sizing exercise, it must be done correctly. Sometimes I see customers sizing away from the current situation. Customers sometimes buy a license that is not enough for their implementation, because they didn't expect what they would be adding in the future during the implementation.

Sometimes the implementation takes one year, and the customer adds more devices, so it exceeds their license. I think it's the presales' job to do the sizing correctly. And the customer must be aware of how or what to implement during, so that implementation doesn't take long.

It took some customers two years to implement a SIEM solution. I don't remember the solution, but it was a waste of two years' time.

It serves several different features. We can check the checkbox for HIPAA compliance, SEC-type stuff.

But really, our biggest focus was actually on our clients. Because we're an accounting firm, a lot of our clients actually audit us, or they have large security questionnaires that we have to fill out. So having a SIEM product is one of those check boxes, and being able to say "yes" on security questionnaires; or one that clients come in and say, "We want proof that you're auditing your domain controllers, that you're auditing the security files servers, you know who touched our files, how they read them, deleted them, modified them." 

Being able to pull all that information up before the auditors, it's great. Very critical.

We're fairly new to LogRhythm. One of the things that we really liked in the deployment PoC phase was the dashboard. How easily it percolated critical information up onto a screen that we could immediately review, and drill-down to look at the raw logs. That was one of the key features that we liked in the PoC. Still today, that is by far one of the best features.

Probably the biggest improvement and I've talked to several of the management here at the LogRhythm User conference on it, is their thin piece, which is their file integrity monitor, that we use on some of our security servers. The data sets are extremely large, tons of files are being modified, deleted, created. That product could use some more enhancing.

We've been working with them to enhance that product for future releases. It's been a good experience. 

Any issues that we've had, they've actually fixed the majority of the issues that we had with the initial product, by even giving us customized installation packages to adapt to our environment.

It's been real good. We've done several upgrades since then. Each time, if there has been an issue, we've just opened up a ticket with support and literally, it's hours to minutes sometimes - depending on time you open up the ticket. There's a response and then engineers calling you, and helping you out through some of those issues. It's been good.

We haven't scaled because, like I said, we're still the first-year phase. Now, when we purchased the product, we did purchase it to scale it out a little bit over time. We overbuilt it just a little bit so that we could keep adding log sources to it. But so far, we've been right on the money, as far as the initial build of it. 

We had come from two other SIEM products that were going end-of-life. The original one was the Cisco Security Manager, and then the latest one was RSA enVision. Because that was going to end-of-life, we needed to find a replacement product.

The big thing was the PoC was a great tool to get a great overview of what the product was going to be like. We also worked with an SE that helped deploy the product. Then we also were able to talk to support. So we got a good feeling to how the product was going to operate, not only from our operational standpoint, but also from a support standpoint, and also from help from our local support engineer.

We just had a great experience all round, and when comparing feature sets, the web interface to the alarm drill downs, the AI Engine drill downs, to the network monitor product, it was definitely on the top of the list.

The other big thing that we really liked about LogRhythm - we had a unique requirement - was that we had to have appliances, we didn't want virtual devices. Just from the security side of things, we wanted to be able to manage those devices ourselves, rather than having our infrastructure group manage those. LogRhythm also provided us the appliance base versus Splunk which is all virtual base.

We actually used LogRhythm's Professional Services group to help us get the product up and running. It went real smooth. Matter of fact, the amount of time that we allocated the Professional Services, we were short of that. It just went real well. 

Our group caught on to the product very quickly, which was another great benefit. We were able to do a lot of the work ourselves, versus relying on Professional Services to do it, just because we caught on much quicker than we had thought initially.

Our SIEM solutions list included several different vendors from Splunk to LogRhythm to RSA, their new product. We ended up choosing LogRhythm.

Just from the simplicity standpoint, it's met all of our expectations now. Like I said, you always have that little thing here and there that you still have to tweak, but other than that, we've really liked the product. 

The biggest thing in this product is not everybody on our security team is well versed in SIEM or analytics, but we found that LogRhythm - the Web Console UI - really simplified, especially with the metadata parsing out. It allowed those people to read those type of events much quicker, because it was right there, and it was pretty easily translated. So "user" is username, "host" is the host, and so it's very easy. You're not having to dig through this big long raw log file to actually figure it out. Then if it needs to go there, it goes to an advanced person.