LogRhythm NextGen SIEM Review

It has allowed us to dive deeper into our network and figure out what is going on

What is our primary use case?

Our primary use case would be for compliance. We needed a check in the box for compliance. Right now, it's performing and doing its job, allowing us to say that we are compliant with HIPAA, PCI, etc.

How has it helped my organization?

It has improved the way our organization functions. It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days.

LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently.

Our security program is still in its infancy. There is a lot of work that needs to be done. We finally were able to get our SIEM. A few things that we need to do are data loss protection, user behavior analytics, and another feature that LogRhythm offers that we're probably going to invest in the future. The program could use some work, but it is pretty solid now.

What is most valuable?

The most valuable feature is the Threat Intelligence Services (TIS).

What needs improvement?

We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

In the three weeks that we have had it, we have had 99 percent uptime. It is a very stable platform.

What do I think about the scalability of the solution?

It is scalable. They don't charge for going over your messages per second. It does scale with the business. 

How are customer service and technical support?

Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff, but every issue that we've opened a ticket up for has been resolved.

Which solution did I use previously and why did I switch?

We did not have a previous solution that we were using.

How was the initial setup?

The initial setup is straightforward and complex as it requires a lot of work. It's very straightforward and very organized. Our consultant guided us as to what we needed to do, but the entire thing is complex. One misstep or incorrect character can bring the whole thing down.

I do all the deployment and maintenance.

What about the implementation team?

The sales engineers and salespeople who come in and scope out what you need are very knowledgeable. They are not there to upsell you. They get you what you need for what you have, so everything runs perfectly. The consultants are extremely knowledgeable. Getting LogRhythm up took less than a week. It's a very solid solution.

What's my experience with pricing, setup cost, and licensing?

When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing.

Which other solutions did I evaluate?

There were multiple competitors. We almost went with Splunk, but LogRhythm ended up being the best for the price. It ended up being everything we needed in one solution.

What other advice do I have?

Everyone needs a SIEM. Go with LogRhythm.

We are not using the full-spectrum analytic capabilities yet, as we are brand new.

We have not used any of the playbooks. We do have them. We find them to be very detailed and organized. We just need to find a way to implement them.

I run in about 45 log sources with 12 of them being domain controllers, aka DNS.

Messages per second are fluctuating between 3000 and 9000. We are still trying to figure out why. We think it is our very chatty domain controllers, as we do deal with the Hard Rock and Seminole tribe, but I would say that we average about 5000.

Most important criteria when selecting a vendor: customer service. Do they care about our business as much as we care about our business? Also know as, do they care about our data as much as we care about our data?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More LogRhythm NextGen SIEM reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Add a Comment