How has it helped my organization?
We have about 170,000 employees worldwide. We have thousands of unique log sources we're ingesting. Right now, it's kind of information overload in what we're trying to create logs off of.
Our key challenges are staffing and, right now, we're just trying to get the best bang for the buck on what we can create for alarms, so that's what we're trying to get out of being at the LogRhythm User conference.
We're about to ingest pretty much all of our log sources and write alarms based off the log sources. That's what we're working towards right now, getting valuable alarms to trigger for our SOC to action.
LogRhythm meets our problem statement, as a solution.
What is most valuable?
The UI. We can give it down to our SOC and we can train them.
What needs improvement?
The CloudAI obviously, that's going to be big for us. Hopefully that matures. I saw the problem statement video they did today at this conference, which is great. But I haven't seen anything tangible out of that yet, so looking forward to that.
I wouldn't give them a 10 out of 10 because there is definitely some room for improvement as far as in the GUI. Some of the things don't make sense. I think they need to better understand how a SOC would use that platform.
I don't think they understand that every morning we do a case review and we need a quick dashboard to go review open cases for our SOC. And that's not built into the dashboard, so we have to create that. There are some use cases that I think they should sit down a little bit more with the customer and understand how we use it.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
It was scaled inappropriately when we got it, so we had to buy a bunch of hardware after that. But, it's working now.
How is customer service and technical support?
I don't use it. My cohort, who is more of the SIEM admin, he uses it quite a bit. I think he's happy with it, as far as I know.
Which solutions did we use previously?
We used Q1 QRadar. After IBM bought it, it kind of died on a vine. They quit supporting it, so that was the main driver for getting off of that and going to LogRhythm.
How was the initial setup?
Which other solutions did I evaluate?
We did a RFP for all the major vendors, ArcSight, all the big ones. LogRhythm came out as the best SIEM tool.
What other advice do I have?
When selecting a vendor, for us, the platform has to be a unified, end-to-end solution. We've got so many unique platforms around our business that it has to be.
All SIEMs suck, but LogRhythm is the best.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nov 07 2017