How has it helped my organization?
We're in the process of a rollout right now. But from what I've seen, it will definitely be a huge benefit.
Our impression is the solution will be excellent toward meeting our meeting our existing security challenges.
Our biggest challenge right now, there is a big push towards docker containers and trying to wrap my head around how we are going to monitor and provide security for that.
What is most valuable?
The artificial intelligence engine.
What needs improvement?
Focus on open source, long sources like Linux and Docker, and those kind of things. More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it. This seems to be lacking.
It would be a huge help if there were some guidelines or some new technologies that were developed specifically for that.
What do I think about the stability of the solution?
It seems pretty stable. I'm not had any issues with it.
What do I think about the scalability of the solution?
It seems like you could grow it horizontally. The solution that we have, it is the one that can split out with a couple of different data indexers and data processors. However, we are still in the roll-out phase.
How are customer service and technical support?
They were excellent and very knowledgeable.
Which solution did I use previously and why did I switch?
No, just some open source type of things.
We searched for a security solution because it is such a huge surface area to cover for a very small security shop. It is just two of us, and we have about 5,000 servers. It is a lot.
How was the initial setup?
I was involved in the initial setup. It was somewhat straightforward, somewhat complex. There are a lot of moving parts.
If they had some type of a script, which you could run depending on the solution and what boxes you have. A script that would just go and automatically configure things and get that part of it done, then you could focus on getting the events in, things like that.
What's my experience with pricing, setup cost, and licensing?
I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway. Better to do it upfront and have that headroom.
Which other solutions did I evaluate?
We were evaluating Splunk, and also QRadar.
We chose LogRhythm because the price point was within what we were looking to pay. It seemed like a more mature solution than some of the others.
What other advice do I have?
A unified end-to-end platform solution is important but I understand that there will be different tools for different jobs. LogRhythm, that is their sweet spot and I hope they stay there because they do it really well.
Most important criteria when selecting a vendor: It is about the integrations with all the different products that we are using. LogRhythm seem to have most of those boxes checked. Therefore, it was a good fit for us.