How has it helped my organization?
It helps by collecting logs from a lot of different security items, like firewalls and IPSs. It helps to give us alerts to let us know if something is happening on our network. It has really good log collection and event and alerting capabilities, so we have used those alerts to help us mitigate issues more rapidly.
We have been able to stop ransomware by being alerted through LogRhythm. That was probably one of the biggest things. Also, malware events and things like that.
What is most valuable?
Using the web console to get a quick look at what's happening on the network, so the different dashboards that are available. Those are probably the things I look at first. Probably very useful at really analyzing what's going on.
What do I think about the stability of the solution?
We haven't seen issues with the product itself. There are updates which are now automatic through the knowledge-base. So, I'd say it's a stable product.
What do I think about the scalability of the solution?
We have not had issues with scalability as far as LogRhythm's concerned. We're not big enough to have issues of scalability with it. It is a much bigger product than that. We're not a huge global organization, so it's more than enough for a company our size.
Our environment is about a 1000 users, about 900 workstations, and a couple 100 servers. It is a Windows and Cisco shop.
How are customer service and technical support?
They are really good. Whenever I've needed their help, opened up a ticket, I haven't had any issues getting help from them. We have a guy right now who is really excellent, and will go out of his way to help us with making sure we are getting things setup properly, so that's really been a big help. They have really smart people there. When you work with them over the course of a number of years, you see how bright these guys are, so it's nice.
Which solution did I use previously and why did I switch?
We're fairly close to Boulder, so buying something that was local, I like to do that, and it is a great product. We're happy with it. I think it is one of the best SIEM tools out there. So, no regrets about going local, and it's nice to have them down the road if we need to get to them.
What other advice do I have?
It is a great product. We brought it in initially as a central event log for PCI compliance. It's been really good for PCI compliance, but then we leveraged it for security across the network, so it has been really good that way. It really requires somebody to be able to dedicate a lot of time to getting sources into it. It's hard if you're a partial user of it. It takes a lot longer to really understand the product, because it's big. There's a lot to it.