LogRhythm NextGen SIEM Review

The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.


Valuable Features

The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.

Improvements to My Organization

I work in the IT Security channel, reselling LogRhythm and associated consultancy services. The improvements from implementation of LogRhythm are to my clients' organizations.

Room for Improvement

The reporting engine is poor in comparison to other areas. It should be moved to the web interface to improve its functionality and usability.

Use of Solution

I've been using it for over four years, since v3.

Deployment Issues

We have had no issues with the deployment.

Stability Issues

We have had no issues with the stability. We haven't experienced instability.

Scalability Issues

The scalability before v7 was sometimes difficult due to the hardware performance required. Since v7 was released, the clustering and scalability options have improved significantly.

Customer Service and Technical Support

The UK-based technical support is good, and the engineering and lab teams based in the US are great.

Previous Solutions

I have experience with Splunk and ArcSight. LogRhythm's correlation capabilities (part of the AIE component) is much better than Splunk's, and the solution as a whole is generally cheaper and easier to implement than ArcSight.

Initial Setup

The initial setup is straightforward. Follow the initial setup guide and the solution works within hours. Easy to use configuration tools are included.

Implementation Team

I work for a reseller and consultancy firm in the IT security channel. I would recommend using a vendor or reseller to assist in the deployment, as although the basic build and set up is easy, on-boarding log sources and setting up the system to report and alarm on events requires experience and expertise.

Other Advice

As part of your plan for SIEM, identify what you expect the SIEM to be able to do for you / your organization. SIEM is not a silver bullet. SIEM will take a considerable amount of use by a security analyst or similar to get the best out of it. SIEM managed services offered by resellers or system integrators may be good value and should be seriously considered to ensure the best outcomes from the SIEM.

Disclosure: My company has a business relationship with this vendor other than being a customer: I work for an independent IT Security Consultancy firm, and work with LogRhythm and their partners in the UK IT Security Channel. I have previously worked for a LogRhythm partner.
Add a Comment
Guest
Sign Up with Email