What is most valuable?
The AI engine is what I like the most. It’s all in how LogRhythm correlates the events that it is receiving. It takes a lot of guesswork away from the analyst. We don’t have to reinvent the wheel. Out of the box, it's very easy and intuitive to get started. It’s easy to see the impact of the event in which you are receiving.
What needs improvement?
For me right now, I have not used it long enough to give an evaluation of what the product is lacking. As far as room for improvement, I would like to see the solution be a more hardened operating system other than Windows. I’d prefer that they didn’t use the Microsoft Windows platform. I think that they lose a lot of efficiency and performance that way.
What do I think about the stability of the solution?
When I first deployed the product, I did find some issues with log consumption. The appliance we had was rated at 25,000 messages per second and we run an average of 1,204 messages per second. We are seeing performance issues with the appliance. It appears that there are some inconsistencies that are running with the hardware of the solution.
How are customer service and technical support?
It seems pretty good, but they do seem to be plagued with what a lot of new companies are plagued with -- their internal staff are still learning the product as well. Some of the sessions I’ve had were with technical support, not professional services. We have discovered some answers together instead of the technical support person knowing it off-hand. Some things we stumbled on by accident, some things I had to point out to the agent. Seeing as I have only used the product for two months, that person should know more than I do.
Which solution did I use previously and why did I switch?
I previously used McAfee ESM, QRadar, and ArcSight. McAfee is by far my favorite SIEM to utilize. It is very robust, very quick. The ability to query is much faster than all other popular SIEM tools. Now that it requires a lot more hardware investment, it almost requires a developer mentality to massage the tool to make it do exactly what you want. This is where LogRhythm really outshines McAfee.
What about the implementation team?
It was done in-house. A person from a different state logged on and helped me via web conference and helped me through the initial configuration.
What was our ROI?
I foresee a ROI. You need to understand what an ROI is. We are trying to buy peace of mind. It’s almost an insurance policy. It’s really measured in soft dollars.