Improvements to My Organization
- Lower personnel requirements
- Improved vendor support services
- Ease of use
Key challenges are lack of personnel to manage LogRhythm. We are a small shop and we don't have a dedicated person to really manage LogRhythm, so our goal is for us to go to a level where we are doing a lot of automation.
- The SmartResponse piece of it.
- It supports most standard log sources.
Room for Improvement
We were having some challenges initially, especially ingesting those standard log sources. We ran into issues where it was not parsing correctly. That wasn't our expectation, because we considered them standard log sources, but there was some issue with parsing our logs.
As far as adding log sources, it is not as straightforward. At the same time, granting access we have noticed it's not using AD groups. It's more of the organizational unit in AD.
It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources. The way it works right now, it looks like we have to engage LogRhythm in order for us to make adjustments on the parser.
In a two month period, we had one hardware issue, which might not be LogRhythm-related. It might be on the hardware side. It's fairly new, so we were expecting that to happen, the actually failure on the platform manager (PM) side.
I think it's scalable. So far, we haven't really reached the point where we can say, "Yeah, we can definitely expand the use of it."
Customer Service and Technical Support
They're pretty good. I'm impressed with their support. It has been easy to reach the right person.
We are migrating from a different product (Curator) to this product, and we think LogRhythm is better than the older product that we were using. We were looking for a solution with scalability and ease of management. Also, Curator is more expensive.
I was involved in the initial deployment and setup. I have used another SIEM solution. It's not easy, but it's not also that really complicated to setup.
Pricing, Setup Cost and Licensing
Look for whatever will give you the most value. That's the main point. It is not one size fits all.
Other Solutions Considered
Splunk. Cost is the main reason LogRhythm stood out.
It is important solution be a unified end-to-end platform, especially because we are a small security group. If we can have it in one place, that would be a big plus for us.
Most important criteria when selecting a vendor: support.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Oct 25 2017