We performed a comparison between Cybereason Endpoint Detection & Response and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The price is low and quite competitive with others."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"NGAV and EDR features are outstanding."
"The product detects and blocks threats and is more proactive than firewalls."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Ability to get forensics details and also memory exfiltration."
"Immediately we can pick up the computers in the network if any malicious operation that is triggered."
"Cybereason's threat hunting and investigation are the most valuable features. Threat hunting is a user-friendly feature that keeps you safe. Investigation offers an added value that I haven't seen with other EDR services. It allows you to find specific policy problems within your environment."
"Cybereason absolutely enables us to mitigate and isolate on the fly. Our managed detection response telemetry has dropped dramatically since we began using it. It's very top-of-mind. We were running some tabletop exercises and none of the detections were getting triggered by the managed security services provider. So we needed to find a solution that would trigger high-fidelity alerts. That was Cybereason and it dramatically changed our landscape from the detection and response perspective."
"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
"We didn't have the visibility that we now have. It has increased our visibility by a lot. So, we put a lot more time into really looking at our environment and what is happening throughout our different networks. It has increased our visibility by around fivefold."
"Their EDR solution, the ability to mitigate issues through their command line, is probably the best feature that we've had. We use that all the time. It's very useful for doing investigations."
"The dashboard is very good and you can consider it as an interactive UI."
"The initial setup is not overly complicated."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable."
"In terms of security, LogRhythm NextGen SIEM is great."
"The artificial intelligence engine."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"The user interface is pretty good compared to other SIEM tools."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The dashboard isn't easy to access and manage."
"The support needs improvement."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"Detections could be improved."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"I haven't seen the use of AI in the solution."
"What needs to improve in Cybereason Endpoint Detection & Response and what I'd like to see in its next release is a centralized dashboard that allows you to view what is there, similar to what's on Symantec Endpoint Protection Manager: a beautiful display and reporting. Cybereason Endpoint Detection & Response has to start with the compliance, the homepage, etc. Everything should be there and should be customizable. The options should be there. The tool is very good currently, but visibility for IT administrators is lacking and needs to be worked on."
"Its Microsoft PowerShell protections still need some compatibility improvements. We have run across just a few. It is compatible with 90% of what we have in our network, but there is that 10% that we are still struggling with as far as compatibility with the type of PowerShell scripts needed to run our day-to-day business."
"Reporting could be a bit more granular so that we had the ability to check regions and countries. I just noticed that, for instance, if I look at our servers, it's either "contained" or it's "not contained". I don't have the option, for instance, to look at countries. It only allows me to look at users as one big group."
"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."
"While the product is very good, there are still some areas for improvement. The initial triage area could be a bit simpler. They get into the weeds real fast; it gets very detailed very fast. I am still looking for an easier triage layer on top with the ability to dig deeper."
"It should be more stable, and the sensor needs improvement in terms of connectivity."
"The integration with Microsoft solutions and Microsoft capabilities needs to be improved."
"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"I would like to see support added for Exchange 2016, and CheckPoint OPSec Lea."
"The log storage capacity should be increased."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
"NextGen SIEM's integration with other software is good but could be improved."
"Sometimes, the tool fails to get the correlated events that triggered the alerts."
"I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."
More Cybereason Endpoint Detection & Response Pricing and Cost Advice →
Cybereason Endpoint Detection & Response is ranked 37th in Endpoint Detection and Response (EDR) with 19 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Cybereason Endpoint Detection & Response is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of Cybereason Endpoint Detection & Response writes "It has helped us become more knowledgeable about our environment and aware of threats". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Cybereason Endpoint Detection & Response is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, Darktrace and SentinelOne Singularity Complete, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, Wazuh and Fortinet FortiSIEM.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.