We performed a comparison between LogRhythm SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"It has a lot of great features."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Log aggregation and data connectors are the most valuable features."
"The UI of Sentinel is very good and easy to use, even for beginners."
"It has basic out-of-the-box integrations with multiple log sources."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
"Its ability to work with all different sorts of log sources has been extremely valuable."
"It supports most standard log sources."
"Provides visibility into the network."
"The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
"The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"Compared to other solutions, the user interface is good."
"The product’s most valuable feature is log monitoring."
"McAfee as a whole is a good solution."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"The most valuable feature is the correlation rules."
"This solution integrates easily and very well with other technologies."
"It has performed well and delivered the results that I have been looking for."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"I would really like to see some type of group or global management for RIM policies,"
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"The solution is likely not the best option for a smaller organization."
"The installation was a bit complex because we are running a virtual infrastructure."
"In terms of blind spots, we are looking for more improvements since we don't have visibility over everything."
"Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."
"The user interface needs improvement. The more the user can slide around and know what's going on, the better it will be."
"The initial setup is difficult and could improve."
"The product's stability is an area of concern where improvements are required."
"We cannot add new data sources to the most recent version."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The support from McAfee ESM could improve. They could improve the speed."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"Product currently requires Flash."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. LogRhythm SIEM is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, Fortinet FortiSIEM and ManageEngine Log360, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, Trellix Helix and Cybereason Endpoint Detection & Response. See our LogRhythm SIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I cannot respond to the query as I have worked with solutions based on NetIQ and AcrSight.
1. I feel the query is very generic and can not have any tangible response other than users listing their side of the stories (experience) while tabulating Pros & Cons would be inconclusive.
2. The vendors mentioned (McAfee, Splunk, LogRhythm and IBM Q1 Labs) are from the top quadrant and are very much comparable based on evaluation parameters such as List of Features, capabilities and capacities, Integration to other corporate IT security tools etc.
3. Methodology used by Gartner for evaluation of vendors for SIEM Quadrant should also be kept in view to get a realistic comparison. I feel, its not a real Apple-to-Apple comparison nor can be used as a measure to influence the decision making for a new deployment (or migration to another vendor)
4. I also feel that vendor experiences, most of the times are dependent on how clear you are of your own Security Landscape, Compliance & Regulatory drivers and requirements.
Thanks
Rajendra Nag
Unfortunately while evaluating SIEM solutions I was unable to evaluate the IBM solution. I tried to work with IBM for two weeks to get an evaluation of the product and finally gave up.
I think Splunk is an incredibly diverse and flexible product; however, if you are just looking for a SIEM I think it's a bit overcomplicated.
Our company choose SolarWinds LEM due to it's ease of deployments for small to mid sized environments and we have a good track record working with SolarWinds as a vendor.
I asked this question in a previous discussion, what is your experience with the solutions?
I went to Infoworld and found some pretty interesting results - www.infoworld.com
It seems that based on price, GFI took the prize with $220/server $22/workstation.
But based on features and sheer capability, Arcsight took the prize there.
Additional findings bring up HP Arcsight, IBM Q1 Radar and McAfee Nitro as the industry leaders - Gartner Magic Quadrant from 2013 - infosecnirvana.com
But if you were to go to the comparison charts:
Cons
HP Arcsight - Complex, Suited for Medium to large deployments, learning curve, skilled employees
IBM Q1 Radar - Limited Customization, limited multitenancy support, limited use case configuration
McAfee Nitro - Very basic correlation capabilities, requires agent installs, no analytics capability, limited customization, limited support for multi-tier, multi-tenancy
There are others these seem to be the leaders in the industry.
So from the report from Gartner, Infoworld and Infosecnirvana.com, they all seem to think that HP Arcsight is the way to go
Todd
Hi,
I disgree for SME installation since Q1 is usually on a large scale
installation. While expertise on the product is still needed including
integration with other security platforms.
Splunk/LogRythm is good for Network correlation only not focusing much on the
security area.
McAfee is ok for both SME and Enterprise whilst expertise should also be
considered as they have an easy and available tool for integration with their
ticketing system, IPS, and AV.
Hope this helps.
Cheers,
Lilet
Its is now an easy and clear answer.
It depends on the environment, the integration needed, and the staff expertise.
IBM is usually a better solution for large/very large installations and integration.
But it requires much more staff and skills.
But for smaller environments Splunk and LogRhytm is better.
McAfee is correctly rated against others.
So the answer is YES/AGREE for large installations.
And NO/DISAGREE for smaller ones.