LogRhythm NextGen SIEM Review

Facilitates receiving alerts quickly and remediating them with partial scripts

What is most valuable?

The Web Console, and digging in through the logs.

How has it helped my organization?

We use a single appliance, around 5,000 MPS. We're a Windows shop, so mostly Windows servers, desktops, workstations, etc. Somewhat distributed as well, we have three main sites and 20 or so distributed sites as well.

Our key challenges are, mostly people, getting more resources, and the goal is just get better. Are we better today than we were yesterday?

I think it has helped immensely. I think the ability to quickly receive an alert and investigate that alert is pretty beneficial. I think it is pretty effective.

Also, the ability to remediate alerts with partial scripts is pretty good.

What needs improvement?

I would definitely like to see more things in the Web Console, in terms of the ability to run reports and generate reports out of it, and schedule those. Instead of having to go to the FAT client, you would just do it out of the Web Console.

Right now there are two brains, there are the Web Console and the FAT console so that hinders a little bit of flexibility or innovation that they can do. It is a tough spot to be in, but otherwise it is a pretty good product.

What do I think about the stability of the solution?

In terms of just stability of the product, sometimes we have run into some issues there.

What do I think about the scalability of the solution?

In our environment, we have X number of clients, so that's not extremely scalable, but I know that the solution is pretty scalable.

How is customer service and technical support?

Support has been really good.

Which solutions did we use previously?

We were using Splunk prior to this but it was too expensive and we needed a true SIEM solution.

How was the initial setup?

A little complex, but usually any SIEM is; just all the components that are in that one appliance.

What other advice do I have?

I am pretty impressed with it. I have seen a it grow, just in the short time that we have had it.

It is very important for us that a solution be a unified, end-to-end platform. That is one of the biggest driving factors, having a single place that I can do network monitoring if we wanted to. We could do log correlation out of different security tools that we have.

Make sure you give it enough resources in terms of users. Somebody to manage it, whether that be a MSSP or in-house resource.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email