What is most valuable?
The recognition of many device types, log message formats, and the most common device types out there. Then, the ability to quickly display data, and do the classification on it. That is the big value.
I have used it a lot. I have used it against other SIEMs. I have used it in conjunction with other SIEMs, and it is the easiest to use and makes the most sense to me.
How has it helped my organization?
- Being able to gather the data into one central location.
- Being able to leverage alarm and case management features through there on that centralized single pane of glass. That lets us work through those issues that we find from all those disparate device types, fairly quickly and efficiently using that stuff.
Key challenges and goals are retaining talent. Guys tend to do really well in this field, oftentimes monetize those skills pretty quickly. So, there is always someone willing to pay a premium out there for those skills and that talent. Therefore, you find a lot of churn from that.
What needs improvement?
I would like to see additional features around alarm management. We are producing alarms right now, and we are able to change statuses on them. But, I would like to see more details around having timers on those alarms. So, if I have a new alarm that has been sitting there for 15 minutes and no one has gotten to it, I would want some sort of alert to tell me that or a threshold I can set.
What was my experience with deployment of the solution?
I was not involved in this particular deployment, but have deployed about 25 LogRhythm deployments previously.
It is straightforward. Not too bad.
What do I think about the scalability of the solution?
It scales well. It can go from 1,000 messages per second to 50,000 messages per second fairly easily.
How is customer service and technical support?
I have used a lot of tech support, and I think it's the best out of other SIEMs that I have worked with: McAfee ESM and IBM QRadar. LogRhythm definitely has the best support.
What other advice do I have?
Go ahead and do the evaluation with their other competitors out there. Understand each of the SIEMs capabilities by sitting down with them. I think you will find that LogRhythm will win out.
A unified end-to-end platform is extremely important, because as we get going to this more holistic security model, we will be looking at minimizing the number of tools that we have to have in our environment, and trying to centralize a lot of that work into one platform, which LogRhythm is definitely one of those platforms that does that.
Most important criteria when selecting a vendor: Selecting a vendor is pretty important. We go through a lot of things, a lot of due diligence. We like to put them up against their main competitors in the market. That is generally a step we take when evaluating different vendors for a solution.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Oct 26 2017