LogRhythm NextGen SIEM Review

Our team has been able to correlate security events and react quicker to incidents, though retrieving logs that have been archived can be difficult and time consuming.


What is most valuable?

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

How has it helped my organization?

This product has made it easier for our team to correlate security events and react quicker to incidents.

What needs improvement?

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

For how long have I used the solution?

I've used it for five months.

What was my experience with deployment of the solution?

The deployment was very smooth.

What do I think about the stability of the solution?

There were occasional stability problems, but they were resolved by support in a timely fashion.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical Support:

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

Which solution did I use previously and why did I switch?

This is our first SIEM.

How was the initial setup?

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

What about the implementation team?

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

What's my experience with pricing, setup cost, and licensing?

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

Which other solutions did I evaluate?

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

What other advice do I have?

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest