We performed a comparison between LogRhythm SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The UI of Sentinel is very good and easy to use, even for beginners."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"It has a lot of great features."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"It's positively affected our overall rate of efficiency."
"I would rate the product a ten out of ten. The solution is very user-friendly and straightforward. The tool's report customization is interesting."
"The ability for me to go into the Web UI, and just learn what's going on in my environment."
"AXON has the ability to add and compare use cases."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"The support I have received from the vendor has been great."
"Trellix ESM is very user-friendly."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The most valuable feature is the correlation rules."
"I like the ease of deployment."
"It is easy to use and deploy. It comes with user-friendly manuals."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The product can be improved by reducing the cost to use AI machine learning."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The playbook is a bit difficult and could be improved."
"I would like to see case management become more independent from LogRhythm itself."
"The product's stability needs improvement."
"There is room for improvement with separate running sources or better integration."
"I would like to see APIs well-documented and public facing, so we can get to them all."
"The solution is likely not the best option for a smaller organization."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"It's not easy for someone new to the solution."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The support from McAfee ESM could improve. They could improve the speed."
"The product's stability is an area of concern where improvements are required."
"There should be support for multitenancy in the product."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"I would like to see improvements to the user interface."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. LogRhythm SIEM is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and ManageEngine Log360, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, Trellix Helix and Cybereason Endpoint Detection & Response. See our LogRhythm SIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I cannot respond to the query as I have worked with solutions based on NetIQ and AcrSight.
1. I feel the query is very generic and can not have any tangible response other than users listing their side of the stories (experience) while tabulating Pros & Cons would be inconclusive.
2. The vendors mentioned (McAfee, Splunk, LogRhythm and IBM Q1 Labs) are from the top quadrant and are very much comparable based on evaluation parameters such as List of Features, capabilities and capacities, Integration to other corporate IT security tools etc.
3. Methodology used by Gartner for evaluation of vendors for SIEM Quadrant should also be kept in view to get a realistic comparison. I feel, its not a real Apple-to-Apple comparison nor can be used as a measure to influence the decision making for a new deployment (or migration to another vendor)
4. I also feel that vendor experiences, most of the times are dependent on how clear you are of your own Security Landscape, Compliance & Regulatory drivers and requirements.
Thanks
Rajendra Nag
Unfortunately while evaluating SIEM solutions I was unable to evaluate the IBM solution. I tried to work with IBM for two weeks to get an evaluation of the product and finally gave up.
I think Splunk is an incredibly diverse and flexible product; however, if you are just looking for a SIEM I think it's a bit overcomplicated.
Our company choose SolarWinds LEM due to it's ease of deployments for small to mid sized environments and we have a good track record working with SolarWinds as a vendor.
I asked this question in a previous discussion, what is your experience with the solutions?
I went to Infoworld and found some pretty interesting results - www.infoworld.com
It seems that based on price, GFI took the prize with $220/server $22/workstation.
But based on features and sheer capability, Arcsight took the prize there.
Additional findings bring up HP Arcsight, IBM Q1 Radar and McAfee Nitro as the industry leaders - Gartner Magic Quadrant from 2013 - infosecnirvana.com
But if you were to go to the comparison charts:
Cons
HP Arcsight - Complex, Suited for Medium to large deployments, learning curve, skilled employees
IBM Q1 Radar - Limited Customization, limited multitenancy support, limited use case configuration
McAfee Nitro - Very basic correlation capabilities, requires agent installs, no analytics capability, limited customization, limited support for multi-tier, multi-tenancy
There are others these seem to be the leaders in the industry.
So from the report from Gartner, Infoworld and Infosecnirvana.com, they all seem to think that HP Arcsight is the way to go
Todd
Hi,
I disgree for SME installation since Q1 is usually on a large scale
installation. While expertise on the product is still needed including
integration with other security platforms.
Splunk/LogRythm is good for Network correlation only not focusing much on the
security area.
McAfee is ok for both SME and Enterprise whilst expertise should also be
considered as they have an easy and available tool for integration with their
ticketing system, IPS, and AV.
Hope this helps.
Cheers,
Lilet
Its is now an easy and clear answer.
It depends on the environment, the integration needed, and the staff expertise.
IBM is usually a better solution for large/very large installations and integration.
But it requires much more staff and skills.
But for smaller environments Splunk and LogRhytm is better.
McAfee is correctly rated against others.
So the answer is YES/AGREE for large installations.
And NO/DISAGREE for smaller ones.