We performed a comparison between CrowdStrike Falcon and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"NGAV and EDR features are outstanding."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The setup is pretty simple."
"This is stable and scalable."
"It is stable and scalable."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"I like the feature called RTC, the remote time connector."
"The solution is silent and sits on your system as one single agent."
"The most valuable features of Crowdstrike Falcon XDR are Spotlight and Discovery, they are helpful. Additionally, the console is user-friendly, with fewer false positives than other solutions."
"Scalability hasn't been an issue for us."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"The solution offers great stability."
"We haven't had any infections or down time."
"Technical support has always been helpful."
"The PCI compliance pieces that help us produce reports for our external auditor, and their support."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The user interface is pretty good compared to other SIEM tools."
"The daily alerts allow me to quickly find security and operations issues which need to be addressed."
"The ability to investigate a particular period of time where you can analyze logs is its most valuable feature."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The only minor concern is occasional interference with desired programs."
"ZTNA can improve latency."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"The support needs improvement."
"The pricing is a bit too high."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"CrowdStrike needs to quit making up stuff about its features and functionality to bash its competition."
"They respond quickly on the weekdays, but the weekend response times are slower."
"CrowdStrike Falcon could be enhanced by extending its security capabilities to include NDR and XDR."
"I've found that CrowdStrike's technical support could benefit from increased technical expertise."
"We can do a threat analysis of any machine at any time, but that threat analysis is very limited."
"The technical support could improve because I am in India and the support I receive is from the UK or Australia. It is difficult to manage the time difference. The service could be faster. However, when we do have the support they are knowledgeable."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"I think there is room for improvement because the system is still running on the Windows Server platform. The problem with running on Windows is that it is not that good for scaling and providing for big deployment environments."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"The security playbook could be pre-defined and available to other analysts with similar security issues."
"LogRhythm NextGen SIEM is currently based only on the Windows platform. This means that some of our customers have to purchase a Windows license elsewhere. If LogRhythm can move to a Linux platform or a proprietary platform, it would be very helpful."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"The initial setup is not so easy because it is quite a process."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 107 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm SIEM is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Rapid7 InsightIDR.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.