What is our primary use case?
The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.
How has it helped my organization?
I think the biggest way that it's improved us from an organizational standpoint is giving us a single view into all of our log sources and all of our infrastructure devices. Whereas before we didn't ever have that. It was always a hodgepodge of stuff put together, so I think it's the best thing is that it brings everything together so that we can all one view of it.
The playbooks are definitely something I see a lot of value and so look forward to when we do get upgraded to be able to using those playbooks. I think that's a way of automating and making sure that we're standardized in the way that me and my team or are utilizing the LogRhythm. I think playbooks are very valuable.
We really aren't tracking our mean time to respond or mean time to detect as of now, that's kind of something that I want to get better at, to kind of formalize that process. So as of now, it's hard to say how much it has, but I know just from an anecdotal standpoint, I can guarantee that we're doing a lot better in responding now than we did before, before we had the SIEM in place.
What is most valuable?
I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment.
As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so.
What needs improvement?
I would say the thing that I'd like to see the LogRhythm do a better job of is staying ahead of the curve as it relates to like things like cloud. It seems like from that standpoint that maybe the cloud stuff was a little bit of an afterthought or wasn't done kind of as people started to move to cloud quicker. It's one of those things of where we kind of are doing it now, but it seems like some of the cloud connections are still buying, kind of being created as we go. So I think that's one area I think they could improve in.
What do I think about the stability of the solution?
Stability has been great. We have not had any unplanned outages, all the upgrades that we have done have gone as expected. So from that standpoint, stability's been great.
What do I think about the scalability of the solution?
Scalability's been great as well. We've got a very disparate environment and the original servers that we have are from three years ago, are still in place. We haven't had any performance issues at all, so it scales to our solution, understanding that as we bring on additional devices, we know that it will scale up to be even bigger than where we're at right now.
How is customer service and technical support?
Tech support's been great. Every time we work with them on any upgrades or any questions about any of the anything we want to add a new log source or whatever, they've been excellent on that and they're always right on top of it and always get us to where we need to go.
How was the initial setup?
I was involved, actually one of the first. It was one of the first products involved when I started with the company. We didn't have a SIEM, didn't have any really from a monitoring standpoint, didn't have anything. So LogRhythm was really the first major product that we bought and the installation was awesome. I mean it went as expected, moved it along quickly, and it provided value as soon as we were done with the installation. So the install was amazing.
We're about 20 different log source types. I mean all total log sources, we're probably in the 400-500 range, so I mean it has a log source, there are log source types for everything that we have right now. One of the challenges we have had is adding all of our cloud infrastructure in there as well. So I know that's something that logarithm was working on.
We're doing about 2000 messages per second.
Which other solutions did I evaluate?
When we looked at putting a SIEM in place, we kind of realized that we wanted somebody that was a neutral vendor, where they're not tied to specific vendors that, you know, we wanted to make sure that with the SIM we were buying would monitor all the devices that we had in place. So finding somebody that's kind of an independent, not tied to specific hardware manufacturers, really important to us to make sure that, you know, the SIEM could monitor everything that we had in place.
So I think from a security program, maturity level, logarithm really got us started in that direction. As I mentioned, you know, it was one of the first products we bought and when we first started I really started the information security program myself. So it was kind of the first product we bought that we built everything around. So it really is the kind of the central repository for everything we're doing from an information security program standpoint.
What other advice do I have?
I would say LogRhythm, on a scale of 1 to 10, it'd be a nine. I think it's a really solid solution. I think one of the things that they could probably improve on, as I mentioned, was being kind of a little more proactive when it comes to things like cloud and things like that, so I think that they are getting better, but I'd say a nine right now.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Dec 06 2018