LogRhythm NextGen SIEM Review

We have seen a massive increase in the amount of data that we can collect


What is our primary use case?

We use it for all of our log correlations and event management. We try to do some external troubleshooting for other groups, like WebOps, but it's primarily our security and event manager.

How has it helped my organization?

For the same price, we have been able to go from a SIEM that could only manage about 20 percent of our environment to a full 100 percent coverage of all the devices on our network. Thus, we have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment.

What is most valuable?

We find the user interface and the ability to pivot near search from one particular item to the next part item to be highly valuable. 

Its ability to work with all different sorts of log sources has been extremely valuable. 

What needs improvement?

The reporting could be improved. 

There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is stable. We haven't had any major problems. We had a slight hiccup when we went through our upgrade procedure, but it wasn't anything overly complex, and support was there to help us. Therefore, we had it back up and running very quickly.

What do I think about the scalability of the solution?

It should meet our needs going forward. The way we have it designed right now, we should be able to bring in single boxes and multi boxes to increase storage capacity performance whenever we need it. It's well-designed in that sense, allowing us to grow as needed.

How is customer service and technical support?

Everything experience I have had with them has been awesome. I have had no issues going to them. They are willing to get on the phone with you. They will get on Webex with you and control the system to see what's going on, getting their hands deep in to it, then resolving the issue.

In previous and other support departments, they will just email you some suggestions and then leave you to take care of it yourself. That is not really what LogRhythm is about.

Which solutions did we use previously?

It is more intuitive than the previous solution (IBM QRadar) that we had in the environment.

How was the initial setup?

We definitely had to get some assistance, because we didn't have the expertise. Once we got the product in place, it's good at maintaining itself, along with the support. 

If you're going anything more than the single box solution, I would not try to set it up by yourself. I would get the expertise to help you get it right.

What's my experience with pricing, setup cost, and licensing?

In comparison to the competition, they are more affordable. This allows us to do more with less.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email