LogRhythm NextGen SIEM Review

The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.


What is most valuable?

The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.

How has it helped my organization?

I work in the IT Security channel, reselling LogRhythm and associated consultancy services. The improvements from implementation of LogRhythm are to my clients' organizations.

What needs improvement?

The reporting engine is poor in comparison to other areas. It should be moved to the web interface to improve its functionality and usability.

For how long have I used the solution?

I've been using it for over four years, since v3.

What was my experience with deployment of the solution?

We have had no issues with the deployment.

What do I think about the stability of the solution?

We have had no issues with the stability. We haven't experienced instability.

What do I think about the scalability of the solution?

The scalability before v7 was sometimes difficult due to the hardware performance required. Since v7 was released, the clustering and scalability options have improved significantly.

How are customer service and technical support?

The UK-based technical support is good, and the engineering and lab teams based in the US are great.

Which solution did I use previously and why did I switch?

I have experience with Splunk and ArcSight. LogRhythm's correlation capabilities (part of the AIE component) is much better than Splunk's, and the solution as a whole is generally cheaper and easier to implement than ArcSight.

How was the initial setup?

The initial setup is straightforward. Follow the initial setup guide and the solution works within hours. Easy to use configuration tools are included.

What about the implementation team?

I work for a reseller and consultancy firm in the IT security channel. I would recommend using a vendor or reseller to assist in the deployment, as although the basic build and set up is easy, on-boarding log sources and setting up the system to report and alarm on events requires experience and expertise.

What other advice do I have?

As part of your plan for SIEM, identify what you expect the SIEM to be able to do for you / your organization. SIEM is not a silver bullet. SIEM will take a considerable amount of use by a security analyst or similar to get the best out of it. SIEM managed services offered by resellers or system integrators may be good value and should be seriously considered to ensure the best outcomes from the SIEM.

**Disclosure: My company has a business relationship with this vendor other than being a customer: I work for an independent IT Security Consultancy firm, and work with LogRhythm and their partners in the UK IT Security Channel. I have previously worked for a LogRhythm partner.
Add a Comment
Guest