LogRhythm NextGen SIEM Review
I am impressed with their support. We ran into issues where it was not parsing correctly.


Improvements to My Organization

  • Lower personnel requirements
  • Improved vendor support services
  • Ease of use

Key challenges are lack of personnel to manage LogRhythm. We are a small shop and we don't have a dedicated person to really manage LogRhythm, so our goal is for us to go to a level where we are doing a lot of automation.

Valuable Features

  • The SmartResponse piece of it.
  • It supports most standard log sources.

Room for Improvement

We were having some challenges initially, especially ingesting those standard log sources. We ran into issues where it was not parsing correctly. That wasn't our expectation, because we considered them standard log sources, but there was some issue with parsing our logs.

As far as adding log sources, it is not as straightforward. At the same time, granting access we have noticed it's not using AD groups. It's more of the organizational unit in AD.

It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources. The way it works right now, it looks like we have to engage LogRhythm in order for us to make adjustments on the parser.

Stability Issues

In a two month period, we had one hardware issue, which might not be LogRhythm-related. It might be on the hardware side. It's fairly new, so we were expecting that to happen, the actually failure on the platform manager (PM) side.

Scalability Issues

I think it's scalable. So far, we haven't really reached the point where we can say, "Yeah, we can definitely expand the use of it."

Customer Service and Technical Support

They're pretty good. I'm impressed with their support. It has been easy to reach the right person.

Previous Solutions

We are migrating from a different product (Curator) to this product, and we think LogRhythm is better than the older product that we were using. We were looking for a solution with scalability and ease of management. Also, Curator is more expensive.

Initial Setup

I was involved in the initial deployment and setup. I have used another SIEM solution. It's not easy, but it's not also that really complicated to setup.

Pricing, Setup Cost and Licensing

Look for whatever will give you the most value. That's the main point. It is not one size fits all.

Other Solutions Considered

Splunk. Cost is the main reason LogRhythm stood out.

Other Advice

It is important solution be a unified end-to-end platform, especially because we are a small security group. If we can have it in one place, that would be a big plus for us.

Most important criteria when selecting a vendor: support.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Add a Comment

Guest
Why do you like it?

Sign Up with Email