How has it helped my organization?
It has helped tremendously when following up on investigations and logs. We often get bogged down with many tasks during the day. We can actually come back to a particular scenario that we are looking into, so it has been very beneficial for that.
Key challenges are our users and network. In our network, we get logs from a particular product called a NetScaler, which hides our source IPs, so that makes it a little challenging. Our goals are to tune LogRhythm further and utilize all the different modules that they do offer us. It is a challenge to get it all done.
What is most valuable?
- The web console
- The case management
What needs improvement?
I did hear about the new playbook edition coming up and I am excited about it.
What do I think about the scalability of the solution?
How is customer service and technical support?
I have used the tech support and think they are great. I have many vendors that I deal with for other tools and hands down LogRhythm has been the best SIEM solution.
What other advice do I have?
It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion. I definitely think it is worthwhile.
It is very important for me that the solution be a unified end-to-end platform.