We performed a comparison between Elastic Security and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Elastic Security is commended for its adaptability, extensive customization options, and seamless integration with the ELK Stack. Elastic Security could improve by reducing resource usage, automating threat response, and simplifying the user experience. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration. LogRhythm users requested expanded log storage, better load balancing, and streamlined search capabilities.
Service and Support: Some Elastic Security users found their support helpful, while others experienced difficulties and delays. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, but there have been occasional delays and knowledge problems.
Ease of Deployment: Elastic Security generally has a straightforward setup but may require trained specialists. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: Elastic Security is considered affordable and cost-effective, with pricing based on the size of the monitored environment. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Elastic Security has shown mixed results in terms of ROI, with some users expressing concerns about the quality of their premium support. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The product can integrate with any device."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"It's open-source and free to use."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The indexes allow you to get your results quickly. The filtering and log passing is the advantage of Logstash."
"Elastic Security is very easy to adapt."
"It is the best open-source product for people working in SO, managing and analyzing logs."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"The cost is reasonable. It's not overly pricey."
"The feature that makes it usable is the web interface."
"The most valuable feature is that we can alternate incident automations."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"In terms of security, LogRhythm NextGen SIEM is great."
"Provides visibility into the network."
"The user interface is pretty good compared to other SIEM tools."
"It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
"AXON has the ability to add and compare use cases."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The playbook is a bit difficult and could be improved."
"There is room for improvement in entity behavior and the integration site."
"We are invoiced according to the amount of data generated within each log."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Email notification should be done the same way as Logentries does it."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"The setup process is complex. You need a solid working knowledge of networking, operating systems, and a little programming."
"Authentication is not a default in Kibana. We need to have another tool to have authentication and authorization. These two should be part of Kibana."
"The biggest challenge has been related to the implementation."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"I would like to suggest that they should improve their usage of third party tools for making dashboards and reports. If they would create their own tools for dashboard and report, it would be much better in terms of security purposes."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
"It's not easy for someone new to the solution."
"I would like to see case management become more independent from LogRhythm itself."
"Better integration with different services is needed, as there are quite a few platforms that we use that don't integrate very smoothly with LogRhythm."
"It should be improved for automated setup and auto-configuration. There should be ease of integration and ease of setup."
"More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."
Elastic Security is ranked 5th in Log Management with 58 reviews while LogRhythm SIEM is ranked 7th in Log Management with 166 reviews. Elastic Security is rated 7.6, while LogRhythm SIEM is rated 8.4. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and Fortinet FortiAnalyzer, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and Fortinet FortiAnalyzer. See our Elastic Security vs. LogRhythm SIEM report.
See our list of best Log Management vendors and best Security Information and Event Management (SIEM) vendors.
We monitor all Log Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.