We performed a comparison between CrowdStrike Falcon and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Fortinet is very user-friendly for customers."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"The product detects and blocks threats and is more proactive than firewalls."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"I value the overall behavior analysis of CrowdStrike. The engine of this product is what drew us to this solution."
"Regarding features, I appreciate its integration capabilities with identity providers...Stability-wise, I rate the solution a ten out of ten."
"The features we showcase to potential customers are prevention, malware protection, zero-day protection, and application scripting. Vulnerability assessment is another valuable feature."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"The threat intelligence is the most valuable feature."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"Its integration capability is valuable. It integrates easily with any OS."
"The UI is simple and self-explanatory. Everything is easy to understand."
"It allows us to automate a lot of things with a smaller team."
"NextGen SIEM's most valuable feature is its user-friendliness."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"The user interface is good."
"Detections could be improved."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"ZTNA can improve latency."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"The dashboard isn't easy to access and manage."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"It takes about two business days for initial support, which is too slow in urgent situations."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Support, particularly related to after-sales and after deployment, could be improved a bit. If you need to connect to support, it takes at least a day to reach the support team and get a proper reply."
"The ability to receive text alerts natively in the console would be kind of cool."
"The management reporting functionality needs to be improved."
"Any kind of integration that you want to do, such as using the API to connect to a SIEM, is complex and it will be expensive to do."
"Unfortunately, native applications are not supported."
"CrowdStrike Falcon needs to improve their host management system."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"We sometimes get false positives."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"For our market, the solution is quite expensive. It would be ideal if they could work on and improve their existing pricing plans to help make it more affordable in our country."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."
"My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"Scalability-wise, it's not that great."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm SIEM is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Rapid7 InsightIDR.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.