What is most valuable?
The most valuable feature to me is certainly the CloudAI, which I have been a beta tester of, and also the SIEM capabilities and automation.
I see CloudAI expanding greatly. It's obviously a new product for them. It will be able to give contextual evidence of people's behavior which, at the moment, whilst the SIEM does that, AI actually is that specification and concentration on people's behavior, which is a huge component in cybersecurity.
How has it helped my organization?
The benefits at an organizational level would certainly be that for my company, which is in healthcare, certainly a huge compliance, but also it gives me visibility of all the departments in my company, not just the IT department. I'm able to see the actions and behaviors of the whole company, not just on my campus, but remotely as well.
What needs improvement?
What still needs improvement is automation. The SmartResponse obviously does not use open APIs at the moment, so we're having a lot of problems connecting it with things like Palo Alto Traps and some other systems, things like Cisco. I know that it's on the roadmap, but at the moment that is where the weakness lies.
For myself, I would like a HIPAA configuration out of the box where I can switch on various HIPAA rules. Obviously, HIPAA has 18 very exact identifiers and I'd like those to be already in the box ready to be switched on.
What do I think about the stability of the solution?
My impressions of stability are exceedingly, that I've not heard any down-time. We have had to contact support a few times, but just to see how to do a few configuration settings.
What do I think about the scalability of the solution?
It's actually been scaling incredibly well. We have put more memory in the box and we've taken some of the Websense traffic and put it onto VMs. We can take more hardware and daisy-chain them up, so we know that when we do need to have physical hardware scalability, that feature is there.
How is customer service and technical support?
Exceptional. One of our tickets had to go all the way to level three, but it was exceptionally covered well and the resolution was incredibly timely.
Which solutions did we use previously?
It was our very first log management solution. When I joined, we did not have a cybersecurity program. My employment was to build a cybersecurity program right from scratch, right from the start. Whilst I evaluated a couple of other programs, LogRhythm came to me, through the evaluation of those, to be the clear winner.
The criteria certainly was scalability. Our company, within a year, has gone from $600 million of revenue to $1.3 billion. At that point, I knew that we had to have that scalability function.
How was the initial setup?
I've been very lucky that some of my staff have very high technical knowledge on configuration of LogRhythm. If I didn't have those staff available to me, I would certainly recommend the Co-Pilot, which is an option that LogRhythm provides. I think that gives you the confidence that you've not only bought a product but, at that point, how to configure it and use it.
What other advice do I have?
Very happy. Yes.
As a guidance and recommendation, I would ask them, what is your level of comfort in configuring LogRhythm? If they say to me, "Not so much," I would say, "Well, then you have to budget not just for the product, but for the Co-Pilot solution as well." If, however, they say, "No, I'm very happy. I have the skills already in-house," then I would say obviously to buy the product with the Professional Service hours.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nov 22 2017