How has it helped my organization?
It's all in one solution since we bought the network monitor along with it. It has made finding issues or threats on our networks a lot faster and easier. Something that would have taken our team and multiple IT people 5-6 hrs to resolve before, can now be done by one person in 1-2 hrs. Plus with built in case tracking it makes it easy to track what is going on and what has been reported.
With built in reporting it makes change tracking and compliance reporting a lot easier. WE use to have to update the documents by pulling in data from multiple sources and having to wait to get data from other departments.
What is most valuable?
My favorite part of LogRhythm is its ease of use. Everything I have used is designed very well, and makes sense after little time on the system. The new web interface is very fast and easy to use and see what is going on in a glance.
The AIE rule set is easy to setup and use. They have a lot of built in modules that have the rules already created for you. The deployment guides are easy to follow for setting up the modules. Personally I love the UBA or threat modules. These will first do a system baseline then start flagging events outside your normal operations. Creating new rules is very easy with the GUI.
Compliance reporting is another great feature of this product. It has built in reports right out of the box. Plus it was one of the few products with FIPS 140-2 encryption for the data base.
What needs improvement?
Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it.
What do I think about the stability of the solution?
We have a HA setup and have had zero down time so far.
What do I think about the scalability of the solution?
Haven't had to scale it up yet.
How is customer service and technical support?
10 out of 10. They are fast to answer any tickets or questions I have had.
10 out of 10. They have had a fix or answer for every question or problem I have had
Which solutions did we use previously?
Yes we did. It just wouldn't handle our environment all. It was going down all the time. One update caused it to delete all of our logs over a month old.
How was the initial setup?
The setup was easy and straightforward. Even the HA setup was simple.
What about the implementation team?
The first network was done by a team from LogRhythm, the other networks where handled in-house. The team from LogRhythm was very good at the setup and deployment.
What was our ROI?
The calculated ROI around 90-100% for the first year because of our implementation and design of this solution allows me to cut my team in half. This includes the costs of setup and training. We will how this plays out in the years to come.
What's my experience with pricing, setup cost, and licensing?
Look closely at the cost of licensing of other products. This should include setups and the need for support services. I did a RFQ to 2 other vendors before choosing this product.
One major issue for me was a product that you can't use if you go over on logs collected. Where I work it can take forever to get funding to fix a overage issue. This is one product that use a true up at the end of the year to address this issue.
Which other solutions did I evaluate?
Yes we evaluated and used a few other products.
ArcSight, Solarwinds LEM, Splunk, and IQ radar. Splunk and IQ radar where the products we evaluated with LogRhythm. The other two products are products we used before.
What other advice do I have?
Work closely with your sales and engineering team for your setup and give them all your requirements and use cases.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jul 30 2017