LogRhythm NextGen SIEM Review

It provides reports on the Cardholder Data Environment at 95% effectiveness, but to operate at the 99.99% level, it needs to have uninterrupted reporting host connections to the Log Mediator.


LogRhythm is a perfect example of "Garbage In, Garbage Out" in Information Security—LogRhythm reports on the Cardholder Data Environment (CDE) activity are only as reliable as the data coming in.

If there are interruptions in the data downloads or hosts that don't report to LogRhythm from the CDE, the utility of the LogRhythm Reports declines dramatically. Even when reporting at 95% effectiveness, critical information regarding Threat Agent activity is probably still missing.

To operate at the 99.99% level, LogRhythm needs to have uninterrupted reporting host connections to LogRhythm’s Log Mediator(s) for optimal LogRhythm device functioning, complete and valid CDE host presence in LogRhythm’s log records, the minimization of false positives (Trash Traffic), the use of dedicated LogRhythm Appliances (not VMs), and flexibility in LogRhythm Change Management procedures that accommodate swiftly to LogRhythm-specific needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Alireza GhahroodReal UserTOP 5LEADERBOARD

like :dude - Speciallyyyy LogRhythm Change Management

26 October 15
Guest

Sign Up with Email