LogRhythm UEBA [EOL] Reviews

The solution's most valuable features are the graphical user interface and the reporting.

The search feature needs to be improved. 

The solution needs better filtering in the next versions.

The stability isn't very good, but it's okay.

The solution is scalable.

Technical support is okay. It's not great. The problem is being able to reach the right people at the right time. This is what needs to be improved.

The initial setup is very complex.

The solution is very expensive. There are also costs beyond the standard licensing fee.

We use the private cloud deployment model.

I would rate the solution six out of ten.

Like they say, you don't know what you don't know. So, with CloudAI, it's just watching everything to see what you don't know, and it gives you a second opinion.

An ever-changing landscape, in medical, we deal with a lot of doctors in all sorts of places. So, they're always changing, moving, and using Macs. So, it makes it interesting. I definitely think that it's good at finding things automatically, versus trying to define it.

Not yet, but it's still working on it, it's still maturing. Right now, we were having some issues with some things, but as it continues, it will definitely.

Better dashboarding. At the moment, the dashboard only has an hour. It will give you one period of time, versus being an active dashboard like the rest of the dashboards. It doesn't give you an active tally of what's going on. It just gives you a snapshot.

Also, better automation and response.

So far, so good. We haven't needed to scale yet.

We've been working with their Beta team, not really technical support. I would say their Beta team is good, a seven on a scale of one to 10.

No. We've been using the AI rules within LogRhythm for UABE. This is just on top of it.

Users are always the hard part. They're the biggest vulnerability in any environment. For us, we needed to go through and find something that would help us keep better track. And this does that.

Straightforward. We had to do a couple of changes in a couple of places that were very specific, but the applications were already precompiled and we just had to run it in the various locations. So it was pretty straightforward.

We looked into LightCyber, which is a Palo Alto product. At the moment, LightCyber requires an on-premises box, and we didn't want to go with that.

We're at about 2000 logs per second. We have about 42 locations and around 4000 users.

In terms of important criteria when selecting a vendor, whichever one works the best, whether it be the newest or whatever. Whichever one has the best feature set would probably be the winner.

If I were advising someone looking at this solution or something similar, I would say there are a lot of log collectors out there, but LogRhythm's the only one that incorporates intelligence into the solution, versus just being something that collects.