LogRhythm NextGen SIEM Review

Being able to quickly identify threats in our network is a valuable feature of the product


What is most valuable?

  • Log correlation
  • Aggregation
  • Being able to quickly identify threats in our network.

How has it helped my organization?

Key challenges, right now, are just having the resources. Whether it be humans in the seats, because, as of know, it's just me. I'm our security program. So the challenges involve just having the time and the resources to stay on top of threats.

The solution is pretty effective towards meeting these challenges. Though we don't utilize it heavily at this point in time, but we're looking to it. I think it will be a big help to us in the future.

What needs improvement?

There are a lot of pieces of it that are very complex and time consuming. If we can try somehow to just make it more simple, that would be better.

I would like to see more pre-integrated SmartResponses. Right now, I'm on 7.1.10, so I'm not even to the current version. If there were more pre-integrated SmartResponses, that would be really cool.

For how long have I used the solution?

We are in our infancy stage right now.

What was my experience with deployment of the solution?

It was deployed before I was there.

What do I think about the stability of the solution?

It's very scalable. Right now, we have the XML appliance cell all-in-one, but I am looking to move the web platform off to another server. Clustering has really been impressive to me with the product.

How is customer service and technical support?

It is really good. I've had a few interactions with them. The first was really good. The second one, he was good, but I could tell he was new, which isn't a problem. Overall, I've been really satisfied with it.

What other advice do I have?

Really understand what's important to you as far as what are you hoping to gain out of the product, what threats are you looking at, and what are your critical logs sources. Just have a fundamental foundation before you start looking into it.

Having a unified end-to-end platform is really important to me, because I am the only security professional at the college. If I can avoid having systems all over the place, that is only going to be beneficial.

Most important criteria when selecting a vendor:

  • It is the problem that they are solving and solving effectively.
  • Being able to rely on really good support.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email