We performed a comparison between CrowdStrike Falcon and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."The most valuable feature is the analysis, because of the beta structure."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"This is stable and scalable."
"The product's initial setup phase is very easy."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The solution is silent and sits on your system as one single agent."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"The stability is very good."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"Because it is security product and acts like an AIML smart product, not merely based on daily/weekly updates and signatures."
"This solution has made the lives of the IT staff much easier, compared to the previous one."
"It helps us to identify the threats according to the behavior of any process that is running on any particular system. It helps immensely to identify any malicious behavior on any endpoints."
"The most valuable features of CrowdStrike Falcon are the AI in detecting and real-time detections."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
"LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases."
"The log analysis feature is valuable."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The SIEM could be improved."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The solution should address emerging threats like SQL injection."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The ability to receive text alerts natively in the console would be kind of cool."
"CS Falcon sensing capabilities for non-domain machines should be enhanced since the agent doesn't detect the neighbor's IP Address and/or any anomaly which was identified in the network for the non-domain machine."
"The management reporting functionality needs to be improved."
"Too many false positives."
"The overall cost of CrowdStrike Falcon could be reduced."
"In a future release, I would like to see more integrations for data breaches and security features."
"Forensic controls have room for improvement."
"CrowdStrike Falcon by itself does not supply in-depth reporting."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"It should have some more message monitoring features. It can also have some free message monitoring tools."
"I would like to see case management become more independent from LogRhythm itself."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"I would really like to see some type of group or global management for RIM policies,"
"The customer support system is time-consuming."
"My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
"I would like to see more integration with more products that are out there within the same security field."
CrowdStrike Falcon is ranked 3rd in Endpoint Detection and Response (EDR) with 105 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. CrowdStrike Falcon is rated 8.8, while LogRhythm SIEM is rated 8.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and VMware Carbon Black Endpoint, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Rapid7 InsightIDR.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.