How has it helped my organization?
We have 10 hospitals or so throughout Minnesota, and a lot of clinics and smaller health facilities. The technology stack is mostly Microsoft based. We do about 25,000 MPS.
Key challenge is just protecting PHI, personal healthcare information, that's a challenge in our industry. Patient care comes first, even before security. Then also, healthcare is a bit behind the loop. It's a large organization, we've got over 30,000 end points.
Just like any SIEM product, LogRhythm gives you a lot of insight into your organization. The web UI has been particularly helpful for our analysts and our budding SOC program. Being able to give them a nice kind of sexy layout, dashboard. And the reporting is great for management.
Then there are all the "cobwebs" that we're discovering, that LogRhythm gives us insight into.
We can't feed it fast enough, is basically what it comes down to. It's given us a ton of insight that we didn't have before. It's been magic.
What is most valuable?
The functionality of it. It definitely does a lot of things out of the box. You don't have to do a ton of tweaking and tuning, but that's there for you if you want it. Big-time usability and implementation is easy.
What needs improvement?
Maybe it's just my lack of understanding of it, but I would like to see the web UI expanded further.
I would also like to see - and there might be some documentation around it - building your own smart response plug-ins.
I think those would be pretty nice.
What do I think about the scalability of the solution?
So far so good. No complaints.
How is customer service and technical support?
It's been very good. I've had a couple instances where it's taken a week or more to figure out the issue. But usually, when it gets to the tier-2, tier-3 guys, they get it answered really quickly. We've also had a lot of success sending logs to them so they can do RegX on those for us, some custom parsing. It's nice.
The issues we had surrounded integrating the Qualys API, and some questions that we had. It ended up taking awhile to get it figured out, that we needed to get a feature request put in.
What other advice do I have?
In terms of a solution being unified, end-to-end, for us it's huge. We have a ton of different security controls. I'm sure we're not any different than any other organization. Being able to bring it all in and put it on a single pane of glass is awesome.
My rating of eight out of 10 for LogRhythm is because, while I think the support is great, the solution is a little rough around the edges. Like I said, I'd like to see the web UI built out more, and be able to jam more data into it. The fat client console feels a little rough around the edges to me, even though I use it every day. But overall, not a ton of complaints.
Definitely check out LogRhythm. That's one of the things that I've noticed in talking to other people, it seems like people really focus on other top 10 SIEM tools like ArcSight and such. I don't hear LogRhythm talked about that much, so usually I'll bring it up and say, "Hey, go check out Logger."