LogRhythm NextGen SIEM Review

It's been really good with what we needed and it's been very stable for our implementation


What is our primary use case?

My primary use case is for log retention. I've been using it for analysis, and to troubleshoot potential issues on my network and infrastructure. To find out what I have in my network that may be causing problems.

How has it helped my organization?

We can sit and see what's going on, as well as to be able to see errors as they populate immediately since spending time looking at logs is ridiculous, trying to put all that in place.

We will be using the playbooks in the future as we get everything implemented and put in place. The idea is it's going to help automate a lot of what we're doing and make it more efficient, as well as be able to preempt, potentially, a lot of other errors.

What is most valuable?

The most valuable feature has just been the log reporting. Within three hours of installation of LogRhythm, we were pulling error reports that actually indicated we had a switch about to fail. It saved us about ten thousand dollars of a potential failed switch.

We are ramping up the analysis and the analytics part of the LogRhythm. We're in the process of building a lot of that. We're trying to build out as clean as possible, so what we have in place is a lot of the intrusion detection and basic PCI compliance.

What needs improvement?

For me it would be the efficiency and signing up and standing up systems, as well as a little bit cleaner on case management. That can be a little bit complicated to go through and actually be able to analyze it and compile the information that I have. At least that's what I've found so far. Those would be the two biggest things.

What do I think about the stability of the solution?

Stability thus far has been really good. We've had it up for about six months and I've had no failure points with it. Little bugs here and there, but that's expected as you're working through and getting everything stood up. But it's been pretty stable and pretty rock-solid.

I'm probably gonna be around seven hundred and fifty sources that I'm using right now. Somewhere in that realm. It's been robust enough to handle everything that we've been putting through it. I have about 150 to 200 more that I need to stand into it, but it's been pretty stable there.

How is customer service and technical support?

The times I've used tech support, it's been really efficient. I've gotten responses usually within 24 hours.

How was the initial setup?

The initial setup was actually me and the technician. I did 90% of the installation myself and he basically came on board and verified everything I did and gave me some pointers as I went through.

Installation was incredibly straightforward. I was able to get it set up. I said, I stood it up on my own about ninety percent of the way, without any input from anybody else and just the final pieces of staging was done with somebody else.

Which other solutions did I evaluate?

We needed to set up a new solution based on our company requirements that were being ruled out. We needed to step-up and add something. When I came on with the company, I wanted to add-on a SIEM solution immediately, I just got the funding and benefit because the company said we had to. There wasn't anything in place before hand. So it was just very much me saying this is what we need and this is how we need to roll it out. Through my research is where I fell back on to LogRhythm.

The most important criteria on a vendor is ease of use. Since I have a small team, it's pretty much me running everything, so I need to make sure that I am able to do it efficiently and be able to pass it off to somebody when I need to be able to hand it off to do. Next piece is what it can provide and the amount of tools they can provide to me in a very short order.

My short list for SIEM solutions would have been Splunk. Also looked at Spiceworks, SolarWinds, and a few other smaller ones out there. But basically Splunk and LogRhythm are my primary two.

My security program was non-existent when I started, so this was basically one of the first implementations that I did to step-up my security implementation. Before this there really wasn't anything to work with. So it's slowly building its maturity through LogRhythm and a couple of other sources.

What other advice do I have?

I would rate this product an eight out of ten, just because there's always room for improvement and there's always room we can work on. So there's always benefits, but it's been really good with what we needed and it's been very stable for our implementation.

My advice to somebody who's looking to stand-up a SIEM solution is to do your research, look at the white papers, look at their documentation they have available on how other people have responded and how many people have stood it up on their own. Get this information and then start playing with it before you start doing implementation. Gives you a lot of foundation and makes the implementation part a lot easier.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Sign Up with Email