We performed a comparison between LogRhythm UEBA and Mandiant Advantage based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can use Defender to block and monitor for security purposes without needing multiple other products to do different tasks."
"The summarization of emails is a valuable feature."
"I have found the ability to delete unwanted threats beneficial."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"Its most significant advantage lies in its affordability."
"It has been great for us. Previously, we didn't have a solution to protect us, especially from malware, whereas now, we are getting protection up front, especially from the malware attacks coming through emails or endpoints."
"In Microsoft 365 vendor products, monitoring and connectivity across all Microsoft and third-party connectors enable viewing of all activity within those environments."
"Email protection is the most valuable feature of Microsoft Defender XDR."
"The tool's most valuable feature is server threat hunting."
"The solution's most valuable features are the graphical user interface and the reporting."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"The most valuable features are file activity monitoring and registry activity monitoring."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"Good capability pinpointing specific cyber incidents."
"The advantage of the solution is being able to go look up threat actors and get a lot of detailed information about different attacks and different tactics and general information about threats."
"The feature I have found most valuable is directory monitoring. We experienced an instance of threat actors trying to ensure a complex and massive attack against our customer's infrastructure on the forum. That is, they were animating people on a formum. The solution alerted us to this two days ahead of the attack, which gave us plenty of time to prepare for it."
"It is so valuable to have someone performing these functions outside of our business hours when we don't have staff in the building. We've seen a lot of solid metrics on the amount of malware that it's detecting and resolving. We're pleased with it so far."
"The onboarding and offboarding need improvement. I work with other vendors as well, and they have an option to add a device or remove a device from the portal, whereas with Microsoft 365 Defender, we need to do that manually. However, once you do that, everything can be controlled through the portal, but getting the device onboarded and offboarded is currently manual. If we have an option to simply remove a device from the portal or get a device added from the portal, it would be more convenient. The rest of the features are similar. This is the only area where I found it different from others. I would also like to be able to simply filter with a few of the queries that are already there."
"While the XDR platform offers valuable functionalities, it falls short of other solutions in its ability to deliver a cohesive identity experience."
"When discussing the secure score, which includes overviews and recommended actions, some of these recommended actions are not applicable to us, particularly those related to Microsoft Internet Explorer, which we do not use in any of our environments."
"Sometimes, configurations take much longer than expected."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"Defender XDR could provide recommendations for threat-hunting queries. Some people do not know how to write an advanced threat query, so we need to spend time training them."
"Since all of our databases are updated and located in the cloud, I would like additional support for this."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The UI could be improved a little bit."
"The search feature needs to be improved."
"It would be helpful if there were more guidance provided for integrating with unsupported devices."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
"The cloud version is lacking and not up to par."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"Mandiant's on-prem client is too processor-intensive, so it's putting a strain on the local device's CPU. When a scan is running on the device, the other processing tasks slow to a crawl. We're still trying to figure out the correct settings for the client."
"They could have better support. Now that they've merged, they are moving towards a portal system, which isn't very helpful."
"I think that the data query that is used for data cloud language should be improved. It's really hard to query actual data from the platform."
LogRhythm UEBA is ranked 22nd in Extended Detection and Response (XDR) with 10 reviews while Mandiant Advantage is ranked 20th in Extended Detection and Response (XDR) with 3 reviews. LogRhythm UEBA is rated 7.2, while Mandiant Advantage is rated 8.6. The top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". On the other hand, the top reviewer of Mandiant Advantage writes "It gives us peace of mind that issues can be addressed when our core IT team isn't working". LogRhythm UEBA is most compared with Wazuh, Darktrace, CrowdStrike Falcon, Microsoft Purview Insider Risk Management and Trend Micro Deep Discovery, whereas Mandiant Advantage is most compared with CrowdStrike Falcon, Cortex Xpanse, Cymulate, Microsoft Defender External Attack Surface Management and Group-IB Threat Intelligence. See our LogRhythm UEBA vs. Mandiant Advantage report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
