How has it helped my organization?
It has improved our ability to see incidents when they occur, instead of maybe a few weeks or a few months down the road.
Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists.
Key challenges are going to be maintaining visibility as the technology changes, especially with cloud coming onboard, probably fairly soon. Also, the implementation of a SOC, which is relatively new to what we've been doing.
What is most valuable?
- The overall view of the solution: It encompasses end-to-end analysis and response.
- Log management
- Threat management: Threat hunting is going to be a large topic for us as well, which being a big data engine, will go a long way for us, too.
We have not move into cloud security so much, but eventually we will be there.
What needs improvement?
I would like to see case management become more independent from LogRhythm itself. Right now, it is very oriented to LogRhythm based events, but not manual events, such as user reported things and incidents where we might have large volumes of data that we have to store as part of the case. It works real well as a workflow device, but not real well for overall case management for an organization.
What do I think about the scalability of the solution?
It's highly scalable, though we have not really been able to take advantage of all of its scalability yet. We're moving into the new architecture as we speak with having separate data processors and indexers. I am hoping to find out how scalable that becomes.
We're currently between seven and 11,000 logs per second. By next year, we'll probably be close to 20,000 logs per second. We have 14,000 branch offices and two large data centers. We're growing rapidly and trying to improve our visibility.
How is customer service and technical support?
As far as technical support, professional support, and overall organizational support, LogRhythm has probably been one of the best companies that I have worked with since I have been in technology.
Which solutions did we use previously?
We did not have a previous solution.
When we originally put in this solution, it was for log collection and analysis of all of our branch network devices, but it has evolved over the last seven years to encompass pretty much anything that provides some kind of security visibility.
How was the initial setup?
I was involved in the initial setup. It was straightforward, but it was seven years ago. We have gotten more complex as the system's evolved.
Which other solutions did I evaluate?
The SIEM solutions comparison we did included QRadar, RSA, and LogRhythm.
LogRhythm stood out due to ease of deployment, cost of ownership, and ease of use.
What other advice do I have?
Look at all of the factors, including total cost of ownership and your roadmap of where you are going, and compare those to the needs that you have going forward. There are a lot of solutions out there that are either way too complex to manage, don't have a good roadmap, are a secondary solution in a larger company, or are going to just be astronomically expensive when they get to a useful state.
If the solution is a unified end-to-end platform, it helps with the overall management, skill set training, and retention. It does provide some long-term benefits.
Most important criteria when selecting a vendor:
- Growth potential based off of cost.
So, where could we grow the system, because a lot of systems were either too complex, too expensive, or very oriented for that particular network-based solution. I was looking for some kind of compromise in the middle.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Oct 24 2017