Threat Intelligence Platforms Features

Read what people say are the most valuable features of the solutions they use.
SOCmgr67 says in an AT&T AlienVault USM review
‎SOC Manager at a tech services company with 11-50 employees
The most valuable feature of this solution is security management for PCI DSS. View full review »
Information Security Engineer IV at a financial services firm with 1,001-5,000 employees
We are primarily using it for its static analysis capabilities. It is valuable because it offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information, and then we use that information to decide whether or not we want to send it on and do further analysis. It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types. While we have not extensively tested the detection, it has detected everything that we've thrown at it that we've known is malicious. From the numbers they've given us, the solution's malware and goodware repository seems huge. It easily integrates with our SIEM, Splunk. View full review »
CSO - Information Security at a financial services firm with 1,001-5,000 employees
As far as the cloud version is concerned, we mostly leverage the product to retrieve samples, or malicious programs, that we are otherwise unable to find. So, the ability to download programs directly from the platform is of importance to us. Other than that, we mostly leverage the information regarding static analysis. As far as URLs are concerned, we would use the product as a source to verify whether or not the URL has been flagged as malicious. As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name. Besides this, packing or unpacking related information is something that we leverage a lot. As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources. View full review »
KatMcMillian says in a LogRhythm NextGen SIEM review
Sr IT Security Engineer at a energy/utilities company with 1,001-5,000 employees
The most valuable feature is scheduling the KB update, which reduces administrative effort. View full review »
Avraham Sonenthal says in a LogRhythm NextGen SIEM review
Senior Network Engineer at a government with 5,001-10,000 employees
The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value depends on how the vendor formats it. Fields within log messages, such as a time stamp or source IP address, are delimited by spaces. Depending on the type of device, the information varies because if it's a temperature sensor you'll get temperature, or if it's a pressure sensor you'll get pressure, but if it's an active directory server you'll get an active directory message. The problem comes about because in some cases, the fields are not labeled. Rather than an identifier for a source IP address (e.g. "SRCIP="), it will just have the address, and you have to determine what it is based on its location within the message. Of course, even though the field name is not in the log message itself, the field will still have a name. Extracting it correctly requires that you understand how the vendor formatted it. With LogRhythm, it does a better job than some products at slotting every field into a field name. View full review »
Salesengine67 says in an AT&T AlienVault USM review
Sales Engineer at a tech vendor with 51-200 employees
The features that we have found most valuable are the out-of-box vulnerability scanner, Network IDS, Host IDS, Netflow Monitoring, and more than four thousand pre-installed correlation rules. View full review »
Vice President at a financial services firm with 201-500 employees
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature. View full review »
Director1fc6 says in an IBM X-Force review
Director Cyber Security at a consultancy
It has a lot more AI capability in terms of trying to understand the nature of threats and detect some of those major threats. View full review »
Deputy Manager at a tech services company with 201-500 employees
The network security feature is awesome. It's excellent because you know that if any fishing or attack occurs you will be protected. View full review »
reviewer980886 says in an AT&T AlienVault USM review
I.T. Manager at a non-profit with 51-200 employees
The fact that AlienVault is several tools in one is most valuable to our small team. We can collect logs, and also actively scan our network for vulnerabilities all from one tool. View full review »
seniorbu978126 says in an AT&T AlienVault USM review
Senior Buyer & Operations Specialist at Nth Generation Computing
* In my experience, I've found the vulnerability assessment very valuable because it identifies vulnerabilities and AWS configuration issues, so we are less likely to have potential risks. * The compliance reporting is also valuable for reporting purposes. View full review »
Vpf4dc says in an AT&T AlienVault USM review
VP at Castra Consulting
The IDS and the threat intelligence are very useful. They are very intuitive and data-rich. View full review »
Corey Bussard says in an AT&T AlienVault USM review
Manager, Security Operation Center at a tech services company with 51-200 employees
* Vulnerability assessments and log aggregation/correlation These were the two answers we needed for our solution. It gave those solutions very easily. It is easy to implement, and effective. View full review »
Jeremy Alder says in a LogRhythm NextGen SIEM review
Security Lead at a financial services firm with 201-500 employees
LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to us, I can remediate that almost immediately, and then feel secure again knowing that that data is coming to LogRhythm, and LogRhythm is correctly dealing with it. I can know that our security is in place. We haven't used any of the LogRhythm built-in playbooks yet. Stability has been really good. The LogRhythm platform in our environment actually sat for three years with no one really using it. I came in about six months ago. I was able to pull it from generating about a thousand alarms a day that were just heartbeat errors, or critical components going down, to it actually only generating about 100 alarms a day, some of those being diagnostic alarms, but most of them being very helpful alarms that rarely ever point to having a component being down. With some short maintenance daily, LogRhythm has been a very stable platform. View full review »
James Whistler says in a LogRhythm NextGen SIEM review
Security Administrator at a non-profit with 501-1,000 employees
The most valuable feature has just been the log reporting. Within three hours of installation of LogRhythm, we were pulling error reports that actually indicated we had a switch about to fail. It saved us about ten thousand dollars of a potential failed switch. We are ramping up the analysis and the analytics part of the LogRhythm. We're in the process of building a lot of that. We're trying to build out as clean as possible, so what we have in place is a lot of the intrusion detection and basic PCI compliance. View full review »
Principal Security Analyst at a healthcare company with 10,001+ employees
Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring everything is just not possible. So we centralize everything and then we get it, come into the web console and we're able to triage and respond quickly to anything that is important. We do use many other capabilities with LogRhythm. We of course collect from our printer devices and our servers as well as some of our security specific systems. We'll drink from API's. We'll also implement file integrity monitoring in our data environment. So we use a lot of different features available within LogRhythm. It makes is possible to stay aware of much more of what's going on. We get an overview, a macro view that we can zoom in on as opposed to prior to that we had individual panes of glass. You might be stuck in the firewall interface for half a day whereas something goin on is not getting addressed that we really should probably investigate. So that's our biggest benefit. We're not using any of the built in playbooks. We are about to go up to version 7.4 once it becomes available. We were not an early adopter because of our size. View full review »
Gene Cupstid says in a LogRhythm NextGen SIEM review
Security Engineer at a logistics company with 10,001+ employees
Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just in real time is incredibly powerful. It's very fast. That's one of the things that I love about it is that we can get trending information at a moment's notice for just about anything that we have packed into the SIEM. So it's incredibly quick to get very easy high level information on any field we're looking for in the SIEM, and then be able to drill down into that through the log feature at the bottom. We are using their AI engine, we're using the actual web console itself. We're using lists in some of their automated list for generating content of blacklisted hosts or known malware sites and things like that. Most of those features are turned on at this point in time. We're actually pretty new, I think that says a lot to the amount of use we've been able to get out of it. We've only installed it maybe three or four months ago. And the amount of data that we have going into the SIEM at this point in time, which amounts to nearly 20,000 events per second, plus all the different features we have turned on is pretty impressive. So I think that that speaks a lot to the ease of getting it stood up and running, which is something that I've seen be way more difficult in other SIEMs in the past. We will be using the playbooks immediately, on day one, as soon as they're available. I've attended some of the playbook sessions here already and we're looking at which ones are already out there for use and how we're going to integrate them into our environment. So, playbooks are going to be a huge point of focus for the next year for sure for us. View full review »
Punit Patel says in a LogRhythm NextGen SIEM review
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
Some of the valuable features, I find it's very easy for me to integrate new log source types within the SIEM. The MPEs, there's plenty out of the box solutions that we can integrate new appliances with. We're constantly buying and upgrading our appliances, so it makes it easy for me to ingest logs and run correlations in the AI Engines. Currently, we don't have full spectrum capabilities. We're using AI Engine mostly to run correlations, and then we obviously have our dashboards and stuff, but apart from that, we're working on the UEBA implementation for users to run more correlations. We do have our net monitors that we use to run packet monitors, packet captures, and even traces. View full review »
reviewer748821 says in a LogRhythm NextGen SIEM review
Information Security Analyst at a non-profit with 1,001-5,000 employees
The most valuable features for me is just to be able know who's in the network, being able to drill down on the alarms, to being able to look at the different rules or whatever that's been impacted within the network for anyone being in the network. At this point we don't use the full spectrum of analytics. We're still fairly new and trying to tweak our system to get the information that we want out of it. So we're still at the beginning stage. We are not using the playbooks, we're still on a version that doesn't support them. But yes, after going through the session today, the preview session, we definitely want to use the playbooks. View full review »
Security7ef8 says in a LogRhythm NextGen SIEM review
Security Admin with 1,001-5,000 employees
The most valuable features are probably the AI Engine is very valuable, as well as Netmon. We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks. View full review »
Kevin Merolla says in a LogRhythm NextGen SIEM review
Security Manager at a manufacturing company with 1,001-5,000 employees
The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web console usage across multiple layers of IT, and I didn't have to sit back and teach everybody complex SQL queries. Just that point-and-click interface, it's nice and bouncy and it's beautiful to look at has really driven the adoption of the use of the software. Secondarily, I think another really great feature is the community. And the content that that provides has enhanced our adoption over the years. We don't use the full-spectrum analytics capabilities of the SIEM mainly because I'm a lone wolf in running it. It's just a matter of timing and focus. We do a lot of analytics around user behavior although we're not a cloud AI customer yet. We're doing a lot of what they call the AI engine to do user behavioral modeling and we're starting to onboard some network behavior modeling analytics as well. View full review »
David Kehoe says in a LogRhythm NextGen SIEM review
Information Security Analyst at a pharma/biotech company with 51-200 employees
The most valuable features for me are the customization features. I can build it out to do whatever I want. I've created rules in there for Crypto mining and Crypto jacking. The compliance aspect is phenomenal. The reporting in there is fantastic. It helps our internal audit team. It also helps us with our compliance, as well, for our audit. So it's a lot of good options in there. CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks. A lot of bad habits. Just for a specific use case, I've identified where an account that should have been disabled was being used by another user inside of our network. A lot of policy violations. A lot of geographical location identification inside of the networks. CloudAI-UEBA has enhanced my security operations because I've been able to track down users with anonymous behavior. To be more specific about that, I've been able to track down users that were using accounts that they shouldn't have. So for example, we had a user that left the company and another user was using that account to access servers inside of our network that they didn't have access to. So it's very powerful. It just takes some learning to get used to. View full review »
Eric Hart says in a LogRhythm NextGen SIEM review
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
The capabilities that we mostly take advantage of in the LogRhythm platform is the wide array of log formats that we can bring in from various systems, and the capability to create custom role processing capabilities for log sources that may not already be a part of the platform. Currently, LogRhythm, the playbook's functionality is not in my version, so we're looking forward to utilizing playbooks. That's part of the main draw for me to come here, was to learn more about the playbook functionality and how we can incorporate that into our platform. But right now, the functionality is not there. View full review »
David Schell says in a LogRhythm NextGen SIEM review
IT Security Analyst
The most valuable feature I get out of the LogRhythm platform is being able to take machine data and present it in a format that's easy to understand, easy to analyze, easy to pivot through to get answers to the questions that I had that I'm investigating, whether they're security related or operationally related. At this time, we're not using any of the playbooks in LogRhythm because it's currently not available in our version. However we are very excited about that feature coming out in the near future and we're definitely looking at using playbooks to do phishing, unauthorized access and our other use cases we're gonna identify in the future to make sure that our analysts are responding to the threats in similar ways and that the correct actions are being taken. We have around 75 different types of log sources coming into the environment right now. The log source support is good, there's always room for improvement. One of the areas that LogRhythm's kind of pushing really hard right now is to integrate more cloud solutions, so your Office 365, your Azure, your AWS, making sure that those SaaS and other cloud platforms are getting the data you need into that platform. It's getting better but there's definitely still work to be done. We currently have 3000 messages per second in our environment but we still have a number of different resorts to onboard in our tenant. So we're definitely looking to push above, probably the 7, 8000 range. View full review »
Steve Bonek says in a LogRhythm NextGen SIEM review
Information Security Manager at a healthcare company with 1,001-5,000 employees
I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment. As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so. View full review »
Sign Up with Email