LogRhythm NextGen SIEM Review

Improves our organization by giving us insight into user activity and potential security threats


Video:

What is our primary use case?

Our primary use case for LogRhythm is using the log ingestion and analytic features.

How has it helped my organization?

LogRhythm improves our organization by giving us insight into user activity and potential security threats.

Our mean time to detect and respond has really improved with LogRhythm. We've got more people, more visibility, and on our team, looking at security incidents, and we're able to act on things more quickly.

I see room for improvement in the log ingestion. Customizing a log source is very technical, probably more technical than it has to be.

Our security program's maturity is, I would say, fairly advanced. LogRhythm uses a maturity model of crawl, walk, run, and I think we're just about to move from walking to running.

What is most valuable?

The most valuable features, for me as user, is probably the AI engine rules and dashboards, which give us a lot more insight into our security.

The playbooks functionality will be valuable down the road, but right now my team is too small to really take advantage of it.

Our messages per second right now is probably about 4,500.

What needs improvement?

I see room for improvement in the log ingestion. Customizing a log source is very technical, probably more technical than it has to be.

What do I think about the stability of the solution?

Stability of the products is mostly pretty good. Like anything else, there are incidents that we have to respond to. Some very small amount of downtime, some system administration that goes along with any implementation like that.

What do I think about the scalability of the solution?

Scalability, for us, has been very good. We've had two appliances in five years. We've been able to upgrade without too much of a problem.

How is customer service and technical support?

We have to use tech support pretty regularly and it is sometimes not very good. We've had issues where we can't get immediate responses that we need, and cases are open for far too long.

How was the initial setup?

I was not involved in the initial setup. I inherited it from a previous admin.

We probably had close to 2,000 log sources at this time. Setup for them is variable. Some are straightforward, supported out of the box, some take a little more technical expertise.

What other advice do I have?

If I had to rate LogRhythm on a scale of one to 10, I would probably give it a solid eight.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email