How has it helped my organization?
- Lower personnel requirements
- Improved vendor support services
- Ease of use
Key challenges are lack of personnel to manage LogRhythm. We are a small shop and we don't have a dedicated person to really manage LogRhythm, so our goal is for us to go to a level where we are doing a lot of automation.
What is most valuable?
- The SmartResponse piece of it.
- It supports most standard log sources.
What needs improvement?
We were having some challenges initially, especially ingesting those standard log sources. We ran into issues where it was not parsing correctly. That wasn't our expectation, because we considered them standard log sources, but there was some issue with parsing our logs.
As far as adding log sources, it is not as straightforward. At the same time, granting access we have noticed it's not using AD groups. It's more of the organizational unit in AD.
It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources. The way it works right now, it looks like we have to engage LogRhythm in order for us to make adjustments on the parser.
What do I think about the stability of the solution?
In a two month period, we had one hardware issue, which might not be LogRhythm-related. It might be on the hardware side. It's fairly new, so we were expecting that to happen, the actually failure on the platform manager (PM) side.
What do I think about the scalability of the solution?
I think it's scalable. So far, we haven't really reached the point where we can say, "Yeah, we can definitely expand the use of it."
How are customer service and technical support?
They're pretty good. I'm impressed with their support. It has been easy to reach the right person.
Which solution did I use previously and why did I switch?
We are migrating from a different product (Curator) to this product, and we think LogRhythm is better than the older product that we were using. We were looking for a solution with scalability and ease of management. Also, Curator is more expensive.
How was the initial setup?
I was involved in the initial deployment and setup. I have used another SIEM solution. It's not easy, but it's not also that really complicated to setup.
What's my experience with pricing, setup cost, and licensing?
Look for whatever will give you the most value. That's the main point. It is not one size fits all.
Which other solutions did I evaluate?
Splunk. Cost is the main reason LogRhythm stood out.
What other advice do I have?
It is important solution be a unified end-to-end platform, especially because we are a small security group. If we can have it in one place, that would be a big plus for us.
Most important criteria when selecting a vendor: support.