LogRhythm NextGen SIEM Review

Our team has been able to correlate security events and react quicker to incidents, though retrieving logs that have been archived can be difficult and time consuming.

Valuable Features

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

Improvements to My Organization

This product has made it easier for our team to correlate security events and react quicker to incidents.

Room for Improvement

Retrieving logs that have been archived can be a difficult and time consuming process. The module which performs this, called the Second Look Wizard is not very well integrated into the rest of the product. It would be nice if you had the ability to right click on a log and search the archives for more data like it (you can do this with non-archived logs) and then after restoring archived logs, easily pivot to an investigation for that data. Currently, those 3 steps all have to be run separately.

Use of Solution

I've used it for five months.

Deployment Issues

The deployment was very smooth.

Stability Issues

There were occasional stability problems, but they were resolved by support in a timely fashion.

Scalability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:

Excellent, everyone I have worked with at LogRhythm has been courteous and helpful.

Technical Support:

Technical support has been very good, and they will often go out of their way to help correct an issue, even if it is not a technical issue with the product.

Previous Solutions

This is our first SIEM.

Initial Setup

The initial setup was done with the help of LogRhythm Professional Services and was fairly straightforward. Our version of the software is integrated into one hardware unit which made it easy to setup and understand.

Implementation Team

We implemented with LogRhythm Professional Services and the engineer I worked with was very thorough and knowledgable.

Pricing, Setup Cost and Licensing

Pricing was on the higher end when compared to other products we looked at. However, we felt the advantages with LogRhythm justified the price premium. Licensing is fair and straightforward. We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

Other Solutions Considered

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

Other Advice

If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Sign Up with Email