LogRhythm NextGen SIEM Review

It has centralized monitoring for our security operations

What is our primary use case?

The primary use case is to monitor for compliance and the behavioral analytics of our users, tracking for potential threats to the company's infrastructure.

We are using both products. We are using NetMon integrated with the LogRhythm platform.

How has it helped my organization?

It has centralized monitoring for our security operations. Therefore, it improves our analysts' work. 

Our security program's maturity has been transformational for my staff. First from an educational standpoint, all the staff has started to go through either admin or analyst tracks and education. This definitely organizes my security operations to the point that it makes it easy for me to do security operations. It facilitates it throughout the organization.

What is most valuable?

Out-of-the-box, it already has a knowledge base solution. Therefore, if you do a little bit of work, such as configure the lists and log sources, you can have use cases implemented quickly.

What needs improvement?

Their current roadmap is what I want to see implemented. I want to be able to upgrade to 7.4 and have the playbooks implemented as fast as possible. 

What do I think about the stability of the solution?

Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis.

What do I think about the scalability of the solution?

Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution. 

LogRhythm is looking at elasticity and trying to make the product more scalable.

How is customer service and technical support?

We use the tech support on a daily basis. They are very easy to reach. There is always a person whom you can talk to and is focused on my issue at hand. They really pay attention to me, and that's worth it in my book.

What about the implementation team?

I maintain the solution. Right now, I have two dedicated engineers and two analysts. However, we need more staff and are looking to hire more because we want to grow this solution to suit our needs.

What was our ROI?

It improves our mean time to be able to respond and remediate issues that we come across.

Which other solutions did I evaluate?

There is a different reason why you pick LogRhythm over its competitors. It is a security SIEM, where others are SIEMs but not focused on just security.

What other advice do I have?

The capabilities of playbooks is in 7.4, which we are not able to utilize yet. Therefore, we have built outside of the solution playbooks. However, we are looking forward to the integration of playbooks in 7.4, or even version 8. 

We were shown today a couple of things where playbooks will be enhanced, even having SMARTResponse coming right out of the playbooks, so hopefully advanced SOAR capabilities.

We run two independent LogRhythms. On one, we have about 33,000 different log sources, which include endpoints and now IoT devices. On the other, we have a very small footprint. It somewhere around 3000 log sources.

On one of my LogRhythms, I have a message per second around 2400 to 2500. That spikes depending on the time of day. Sometimes, it goes up to 17,000. On average, it comes back down to about 2300. On the other LogRhythm, there are very few messages per second. It is around 600. 

Do your homework first. See what pie in the sky solution is supposed to be for your SIEM. Do not just check a box. LogRhythm will more than likely suit your needs.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email