- The user interface (UI)
- Ease of use, especially if you are starting off
- The AI
Key challenges and goals: Anytime you are building a program from the ground up, there is a lot of legwork to be done to get things tuned to the point where they are usable.
Effectiveness of solution in meeting security challenges and goals: It is very effective. It is a single pane of glass for all of the logs, that not just myself, but anybody who is looking for information about how the network is behaving can use. So, not just primarily a security tool, it is a tool for everybody if it is set up that way.
We run across the odd vendor which we are using that we think are large players in their environment, but there is not necessarily a native support for their log ingestion per se, where it requires customization in order to be able to parse and accept their logs. I would also like to see them expand on some of the ability to interact with other technologies in real time via the programming platforms.
It pre-existed before I got there. Once it was deployed, I have been responsible for most of the log ingestion and the tuning efforts.
It seems scalable so far. I have not had to add more devices to our deployment yet, but it has yet to be discovered.
We have used LogRhythm tech support and they are excellent. They have been very helpful.
This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.
It pre-existed before I got there.
I am very happy with the solution right now. I would absolutely recommend it and have.
Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them.
The most important criteria when selecting a vendor: It is very important for it to be unified.