Most Helpful Review
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The rule sets and flexibility with intelligence are considerably more dynamic and applicable to various businesses with LogRhythm. This provides the ability to tailor more in-depth and focused intelligence for a particular customer.
It has centralized monitoring for our security operations. Therefore, it improves our analysts' work.
The most valuable features would be the automation, reporting, and the support.
The Web Console is my favorite. It enables me, at a glance, to see the health of the environments.
Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice.
We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products.
We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.
It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner.
We can present to our management in real time the security of the batch management for the PCs, security regarding the network equipment. We're currently working in the Azure Cloud project, so we can send any logs from the cloud to Splunk. We can monitor them and we can present to the managers and customers. It's a very good solution for reporting. We use Splunk for reporting and monitoring of any solution in the company.
The initial setup is simple, not very complex. Initial deployment takes around 10 to 15 minutes to set up the entire base for Splunk including all three tiers.
The search function for spam is like a google search. You just enter and it will quickly show you the results.
It's very flexible. If you look from the cloud implementation it is there. Reports are made quickly. Unlike other tools, it caters to all kinds of technical information on the front very easily. There's no need to put in any technical information. You can pull on the reports very easily, take action, and notify stakeholders.
It's extremely scalable. It's a very robust solution and certainly has the capability of handling far bigger data requirements than a lot of the other tools. Generally what ends up happening with me is that my clients tend, for the most part, to be mid-tier organizations where the cost of that solutions would be accompanying requirements for people just becomes way too prohibitive. Especially considering the model that they use for costing, which is based on the volume of data. Of course, they're going to put everything including the Coke machine as the ability to collect data off of it, because of course the more they can put through the tool the more money they make.
It is quite extensible. It is a platform that we can build our use instead of each case instead of each case being limited or restricted to each capability. This is probably the best feature.
In the past we used the different application to collect logs. We used SurfWatch and VMware to do so. But, we found that the Splunk has more capacity to do more in less time. They provide a aster speed to index all the events , and this is a huge asset.
The dashboards are the most valuable feature. We like the ability to drill in and see what queries are under the dashboard, build new visualizations, edit the querying, and see the reports.
There are two interfaces for LogRhythm, cloud-based and web-based, and this need improvement. I understand why they separated the two. The web-based one is for analysts to use the product, then the management of it is done with a completely separate console. However, it would be helpful to have the two combined into one interface.
Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis.
Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution.
My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue.
My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable.
My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome.
One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there.
I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that.
The security can be improved.
Splunk does not build apps. They only go back and validate the apps that somebody has already built. They should have remote consulting support. They have a wonderful solution. They have 24/7 security. Nobody needs to depend on any third party and will therefore just buy Splunk on the cloud.
Spam has different plugins but by default, the logs are not organized, it shows that there are roll-ups that are out of the box. I saw many plugins that can help improve or extend Splunk's functionality but I haven't tried any of them.
It does not give us permission to implement on-premise so we implement them on the cloud.
The tool itself is very difficult to configure. It's great for its number of inputs, for the different types of systems devices, and things that it could collect information from. To actually make good use of it, you need a fairly dedicated team of people that have some reasonably good programming or modeling skills to be able to do the things that you need to do with it. Whereas a lot of the other tools are better packaged for that, and so require a lot less training and a lot less dedication.
I would like to see future development in terms of ML (Machine Learning).
I think the tech support response time could be a bit better. Sometimes I need to wait more than 24 hours for a response to my tickets.
Splunk is not very user-friendly. It has a complex architecture in comparison to other solutions on the market.
Pricing and Cost Advice
LogRhythm is more expensive than its competitors in SIEM because it is a market leader.
When it comes time to renew, they say, "This is what you are using. This is what we can do for you." So, they work with you on pricing.
We have seen a measurable decrease in the mean time to detect and respond to threats. As it comes out new features and new releases, the window is becoming a lot narrower because you can pivot a lot more with the data. Therefore, the new features and enhancements are reducing that.
The nice thing about LogRhythm is you can either use the agents, getting a certain number of agents with your license depending on how you want to go, and those agents do a lot of cool things, or you can use CIS Log host, then you have like an unlimited number of them.
The solution has provided us with consistency and increased staff productivity through orchestrated automated work flows by at least 20 percent.
I have seen a measurable decrease in the mean time to detect and respond to threats. We went from not detecting them to detecting them. We can actually pick up what is anomalous in our network now.
In comparison to the competition, they are more affordable. This allows us to do more with less.
I would recommend talking to the rep. That's the biggest thing because they will know what questions to ask.
Splunk's cost is very high. They need to review the pricing. They have to go back and totally readdress the market.
It's a little bit expensive for a small to medium enterprise.
I think the price could be improved.
I am not personally involved with the pricing of the solution.
Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products.
The pricing seems good relative to the other vendors that we have had here. However, they need to find ways to be more flexible with the licensing and be able to deal with situations where we start generating more logs. Maybe having some controls in the Splunk interface to turn it off, so we don't have to change anything in our application.
We have had a reduction in the time it takes to resolve issues and correlate what has failed.
It would be nice if the pricing were cheaper. However, we did purchase it.
out of 39 in Security Information and Event Management (SIEM)
out of 39 in Security Information and Event Management (SIEM)
Compared 34% of the time.
Compared 17% of the time.
Compared 8% of the time.
Compared 16% of the time.
Compared 8% of the time.
Compared 7% of the time.
Also Known As
|LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM|
LogRhythm, a leader in security intelligence and analytics, empowers organizations with it's Threat Lifecycle Management Platform, which provides a complete, end-to-end workflow for detecting, investigating and responding to cyber threats. The company’s award-winning platform unifies next-generation SIEM, log management, network/endpoint forensics, and advanced security analytics.
In addition to protecting customers from the risks associated with cyber threats, LogRhythm provides innovative compliance automation and assurance, and enhanced IT intelligence.
Splunk software has been around since 2006 and the company has since grown to become an industry leader. Splunk's vision is to make machine data accessible, usable and valuable to everybody. The company offers a wide range of products to turn machine data into valuable information by monitoring and analyzing all activities. This is known as Operational Intelligence and is the unique value proposition of Splunk.
Splunk is well-known for its Log Management capabilities and also for its Security Information and Event Management (SIEM) solutions.
Learn more about LogRhythm NextGen SIEM
Learn more about Splunk
|Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill||Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.|
Financial Services Firm28%
Marketing Services Firm15%
Financial Services Firm15%
Comms Service Provider8%
Financial Services Firm20%
Financial Services Firm17%
Comms Service Provider12%
See also LogRhythm NextGen SIEM Reviews, Splunk Reviews, and our list of Best Security Information and Event Management (SIEM) Companies.