What is our primary use case?
Our primary use case is for looking at daily logs, drawing conclusions, and making relationships and correlations to investigate particular event IDs, investigate particular alarms that we have, and just viewing normal data use. I'm new to the system so I'm still getting used to it.
How has it helped my organization?
From a security standpoint, it's the solution to have, in regards to LogRhythm. Just having a SIEM solution in your environment is definitely key. It's a very highly rated solution, but we may be moving away from it in the future. We're looking to see what else is out there.
What is most valuable?
The ability to investigate a particular period of time where you can analyze logs is its most valuable feature.
What needs improvement?
I would like to see more integration with more products that are out there within the same security field.
There has to be some improvement with SecondLook Wizard. It's one of the functionalities on LogRhythm where you can restore inactive logs. For instance, it's a forensic analysis point of view if something happened around a year ago that you have to look into. I wish there was a smoother, more seamless feature.
What do I think about the stability of the solution?
We have a lot of issues with stability. Sometimes it crashes and we have to rerun a scan. It also freezes. It hasn't been the best.
What do I think about the scalability of the solution?
How are customer service and technical support?
We've submitted some tickets with their technical support. My manager has had some poor experiences with them in the past.
Which other solutions did I evaluate?
Quality, support, preciseness, and accuracy are the criteria we consider when we evaluate solutions to proceed with.
What other advice do I have?
I would rate it a six and a half out of ten. Sometimes I have to rerun scans and look into why the scan didn't complete and why it crashed. All of that stuff has to do with the initial set up. For the most part, it does what we want, but there can definitely be improvement.
I would advise someone considering this solution to look beyond LogRhythm. LogRhythm is one of the top solutions. I would say Splunk is overrated. Look into IBM QRadar and then McAfee as well.