LogRhythm NextGen SIEM Review

Custom rules/alerts in LRM and AIE provide insight into network for internal users and InfoSec, although adding an entity could be much faster.


Valuable Features

  • Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
  • LRM for logging and compliance, 8/10

Improvements to My Organization

Custom rules/alerts in LRM and AIE provide insight into network for internal users as well as InfoSec. Proactive account lockout alerts for SecAdmin, alerts to DBAs on domain admin access to SQL servers, PCI and GLBA compliance alerts/reports for InfoSec and Audit.

Room for Improvement

Adding an entity (should be able to create a template and/or eliminate locations) could be much faster/streamlined. The wizard could be improved to specify OU/Groups to search for new entities.

Use of Solution

  • LRM – four years
  • AIE – three years

Deployment Issues

No issues encountered.

Stability Issues

There have been issues with the hardware which has resulted in the LRM going down a few times.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:

It's the best there is.

Technical Support:

It's the best there is.

Previous Solutions

We had Tripwire, but we needed logging and SIEM, not just logging.

Initial Setup

It was straightforward as the training provided all the tools. Also, the UI has gotten better with time.

Implementation Team

We had a mix of an in-house team with one from LogRhythm.

ROI

Literally impossible to quantify. We haven’t had any events or deficiencies in audits, which is invaluable.

Pricing, Setup Cost and Licensing

Pricing (especially considering feature sets) is best in the market, though HA/DR is tough to justify for a SMB. Even with two outages due to hardware we haven’t invested in a backup.

Other Solutions Considered

  • QRadar
  • RSA
  • Tripwire

Other Advice

Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest

Sign Up with Email