What is most valuable?
It is the dashboards. Up until just a couple of weeks ago, we were just using the standard dashboards. We actually had our account manager and professional services team members come out to our Security Operations Center (SOC) and essentially walked through our processes and how the SOC operates. One of the immediate improvements was using the dashboards more effectively, so we just used the standard, out-of-the-box dashboard, and it actually wasn't really telling us much.
Now, the SOC have custom dashboards, showing them a lot more useful information, puts the information in context, and they are actively using it for proactive investigations, rather than just responding to alarms.
How has it helped my organization?
It has certainly helped with the visibility. We probably don't use the platform to its full extent. We've expanded the size of our SOC and the number of people in it. We are now starting to use the features, such as SmartResponse, to help automate things. We've probably been guilty of throwing people at the problem, as opposed to leveraging the tool itself. We are now trying to change that.
We host quite a volume of sensitive, personal data. We are a credit reference agency, based in the UK, and we hold records on probably, around about 50 million adults, both personal information and financial information. Our core role is protecting the confidentiality of that, so breaches, such as the Equifax breach, that happened recently, we have absolutely got to avoid that.
We are not leveraging the tool to its fullest extent at the moment. We had a focus session with our SOC, the other week, and we've got a defined roadmap now to make things a lot better.
We are at a good place now. We have just started using things, such as case management, whereas previously we were just responding to individual alarms.We're starting to use things a little bit more intelligently now, so not just using the technology, but also helping improve our processes through the use of the technology.
What needs improvement?
There are enough features that we are not using, and not to their fullest extent, at the moment.
For how long have I used the solution?
The company has been using the platform for seven years. I joined the company three years ago.
What do I think about the stability of the solution?
We tend to struggle. We do see performance issues fairly regularly. I think part of this is the stress that we're putting it under, with the volume of events that it is receiving. When we put the new appliances in, which is imminently, we're hoping that it will solve a number of issues: the number of the performance issues that we see.
What do I think about the scalability of the solution?
It seems to be scaling well.
We have currently just got a single platform manager that's been carrying out the role of the web console and AIE server. We've probably thrown too many events at it, and we are now, effectively, putting in a DR solutions, a second platform manager, and then spinning off individual components, so appliances for the web console and AIE server.
We are effectively doubling the size of the platform, at the moment, to cope with the volume of logs that we're throwing at it.
How are customer service and technical support?
A couple of the team do tend to find that certainly the initial contact with support slows things down a little bit. I think their support has their script or their route to follow to triage the issue, whereas we've already done that because we know the platform, we've been there and we know what to do when something happens. Generally, we contact support when all else has failed. For us, we probably need to hop down the line a little bit, rather than just hit the initial support function (the first line).
When we do reach the right level, they are knowledgeable.
Which solution did I use previously and why did I switch?
The risk appetite changed. We are in quite a regulated organization, and having something like LogRhythm in place gives us the visibility and the comfort that we've got the monitoring required in place.
Which other solutions did I evaluate?
What other advice do I have?
Technology's important, but it is the support you get as well. Don't just focus on, necessarily, the features and technology, but also consider the support and the engagement you get with the organization.
Most important criteria when selecting a vendor: the relationship. I would not want to work with an organization that just sells you the technology, then disappears or only ever speak to when there is a problem. It is starting to look a little bit more like a partnership now with LogRhythm, that's exactly what we want to maintain.