LogRhythm Enterprise UEBA Review

It watches everything to tell you what you don't know, and gives you a second opinion


What is most valuable?

Like they say, you don't know what you don't know. So, with CloudAI, it's just watching everything to see what you don't know, and it gives you a second opinion.

An ever-changing landscape, in medical, we deal with a lot of doctors in all sorts of places. So, they're always changing, moving, and using Macs. So, it makes it interesting. I definitely think that it's good at finding things automatically, versus trying to define it.

How has it helped my organization?

Not yet, but it's still working on it, it's still maturing. Right now, we were having some issues with some things, but as it continues, it will definitely.

What needs improvement?

Better dashboarding. At the moment, the dashboard only has an hour. It will give you one period of time, versus being an active dashboard like the rest of the dashboards. It doesn't give you an active tally of what's going on. It just gives you a snapshot.

Also, better automation and response.

What do I think about the scalability of the solution?

So far, so good. We haven't needed to scale yet.

How is customer service and technical support?

We've been working with their Beta team, not really technical support. I would say their Beta team is good, a seven on a scale of one to 10.

Which solutions did we use previously?

No. We've been using the AI rules within LogRhythm for UABE. This is just on top of it.

Users are always the hard part. They're the biggest vulnerability in any environment. For us, we needed to go through and find something that would help us keep better track. And this does that.

How was the initial setup?

Straightforward. We had to do a couple of changes in a couple of places that were very specific, but the applications were already precompiled and we just had to run it in the various locations. So it was pretty straightforward.

Which other solutions did I evaluate?

We looked into LightCyber, which is a Palo Alto product. At the moment, LightCyber requires an on-premises box, and we didn't want to go with that.

What other advice do I have?

We're at about 2000 logs per second. We have about 42 locations and around 4000 users.

In terms of important criteria when selecting a vendor, whichever one works the best, whether it be the newest or whatever. Whichever one has the best feature set would probably be the winner.

If I were advising someone looking at this solution or something similar, I would say there are a lot of log collectors out there, but LogRhythm's the only one that incorporates intelligence into the solution, versus just being something that collects.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest

Sign Up with Email