LogRhythm NextGen SIEM Review

Custom rules/alerts in LRM and AIE provide insight into network for internal users and InfoSec, although adding an entity could be much faster.

What is most valuable?

  • Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
  • LRM for logging and compliance, 8/10

How has it helped my organization?

Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.

What needs improvement?

Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.

For how long have I used the solution?

  • LRM – four years
  • AIE – three years

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

There have been issues with the hardware which has resulted in the LRM going down a few times.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's the best there is.

Technical Support:

It's the best there is.

Which solution did I use previously and why did I switch?

We had Tripwire, but we needed logging and SIEM, not just logging.

How was the initial setup?

It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.

What about the implementation team?

We had a mix of an in-house team with one from LogRhythm.

What was our ROI?

Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.

What's my experience with pricing, setup cost, and licensing?

Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.

Which other solutions did I evaluate?

  • QRadar
  • RSA
  • Tripwire

What other advice do I have?

Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.

Which version of this solution are you currently using?

6.3.5
**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More LogRhythm NextGen SIEM reviews from users
...who work at a Financial Services Firm
...at Large Enterprises
...who compared it with Splunk
Free Report: LogRhythm NextGen SIEM Reviews and More
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
Download now
464,594 professionals have used our research since 2012.
Add a Comment
Guest
Author
Highlights
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature.
The feature that makes it usable is the web interface.
We use this solution to examine disparate log sources and provide a cohesive method to search for anomalous behavior.
I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios.
The initial setup is pretty easy.
The most valuable feature is that we can alternate incident automations.
In terms of security, LogRhythm NextGen SIEM is great.
See more »
Buyer's Guide
Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.
Download Now
Quick Links
Learn More: Questions: