What is most valuable?
The thing that I find most valuable is that every interface is consistent. Whether you're looking at a dashboard, a drill-down, an alarm, a search, the interface is exactly the same. As you move through the experience of looking at some type of event, some type of incident, following up on a search, everything is consistent throughout the whole user experience.
How has it helped my organization?
One of the evidences we have that LogRhythm is being very successful for us is in this year's penetration test. I caught the pen-testers five times in the course of their duties. That was just great ammunition to show that this works.
What needs improvement?
The biggest thing that I think needs improvement is reporting in the Web Console. Most of our reporting is done in the thick client console. The only people that have access to that, really, are the people that work for me, the administrators of the system. So the end-users, the people whose logs we consume, we give them views to their logs but they aren't able to run reports. By moving reporting to the Web Console, that would enable all of the regular, non-administrative users to run reports as well.
For how long have I used the solution?
We've been using it for several years.
What do I think about the stability of the solution?
We just went through an upgrade just to increase our capacity, so we could bring in more log sources, and it's been a wonderful product for us.
What do I think about the scalability of the solution?
It scales great, which is one of the reasons why we went to it.
How is customer service and technical support?
Almost all the time things are handled in a proper way. We've had very good experience with technical support. On one or two occasions, a couple years ago, they were going through some growing pains because of their expansion. Our CRM, our Customer Manager, stepped in and helped us get through those hurdles.
Which solutions did we use previously?
It's actually our second SIEM tool. Our first one was not scalable. We didn't really get to pick it, it was chosen for us. We got to a certain point and we just couldn't grow it anymore.
So we did a full RFP, a bake-off so to speak, and looked at everything that was really competitive on the market. Ended up with LogRhythm. Did our initial deployment, which lasted us for about two years. Because we did our basic measurements on a tapped-out SIEM - we didn't realize how much growth we would have once we uncapped the bottlenecks - we ran into some growth issues. We just doubled our capacity three months ago with no problems at all.
How was the initial setup?
I always recommend training for everything, but that really is use, not setup. Setup is very easy. I do recommend people take advantage of the LogRhythm Professional Services. They make it very helpful, it's easy to get up and running in a day or two. Use Professional Services is my recommendation.
What other advice do I have?
In terms of the most important criteria when selecting a vendor, there isn't any single important criterion. I have a spreadsheet that I use that expresses value.
- Price is one component of value
- How many resources do I have to apply to it?
- Can I run it with one FTE? Do I need two FTEs?
- Also, its efficiency. Does it meet all of the use-cases that we're buying it for?
The first thing you do is sit down and think about, "what are going to be my first steps?" This is the kind of thing you have to phase, really, to be successful. "What are my goals out of my first year?" Plan that out, and then plan where I'm going to go from there. Then sit down with somebody that's experienced like the LogRhythm Professional Services, or your SE, or other people you know that have used LogRhythm for a while, and review that plan and make sure that you've got some specific strategic benchmarks in place so that you can guide yourself through that growth.
I would rate it a 10 out of 10. I am very happy.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Nov 22 2017