LogRhythm NextGen SIEM Review

Custom rules/alerts in LRM and AIE provide insight into network for internal users and InfoSec, although adding an entity could be much faster.


What is most valuable?

  • Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
  • LRM for logging and compliance, 8/10

How has it helped my organization?

Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.

What needs improvement?

Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.

For how long have I used the solution?

  • LRM – four years
  • AIE – three years

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There have been issues with the hardware which has resulted in the LRM going down a few times.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's the best there is.

Technical Support:

It's the best there is.

Which solution did I use previously and why did I switch?

We had Tripwire, but we needed logging and SIEM, not just logging.

How was the initial setup?

It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.

What about the implementation team?

We had a mix of an in-house team with one from LogRhythm.

What was our ROI?

Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.

What's my experience with pricing, setup cost, and licensing?

Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.

Which other solutions did I evaluate?

  • QRadar
  • RSA
  • Tripwire

What other advice do I have?

Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More LogRhythm NextGen SIEM reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Add a Comment
Guest