We performed a comparison between Elastic Security and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, but there have been occasional delays and knowledge problems.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"The most valuable feature is the ability to collect authentication information from service providers."
"Elastic Security is very easy to adapt."
"The product has huge integration varieties available."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"Enables monitoring of application performance and the ability to predict behaviors."
"The solution has a good community surrounding it for lots of helpful documentation for troubleshooting purposes."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The most valuable feature is the speed, as it responds in a very short time."
"LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"The artificial intelligence engine."
"What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see."
"Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"Their customer support is friendly and willing to help."
"SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem."
"There isn't really a very good user experience. You need a lot of training."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"Their visuals and graphs need to be better."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"The solution is likely not the best option for a smaller organization."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"The software needs to work on its pricing."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Elastic Security is rated 7.6, while LogRhythm SIEM is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Sentinel, IBM Security QRadar and SentinelOne Singularity Complete, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Graylog. See our Elastic Security vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.