LogRhythm NextGen SIEM Competitors and Alternatives

Get our free report covering Splunk, IBM, Elastic, and other competitors of LogRhythm NextGen SIEM. Updated: February 2020.
397,082 professionals have used our research since 2012.

Read reviews of LogRhythm NextGen SIEM competitors and alternatives

JayGrant
Real User
Manager of Security Services at OpenText
Jan 09 2020

What is most valuable?

The Activeboards are the most valuable feature. Given multiple different types of unstructured and structured data, we can then build Activeboards that can do queries… more»

How has it helped my organization?

Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five… more»

What needs improvement?

The only downfall that I have is it is browser based. So, when you start doing some larger searches, it will cause the browser to lock up or shut down. You have to learn… more»

What's my experience with pricing, setup cost, and licensing?

It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had… more»

Which solution did I use previously and why did I switch?

I've used a ton of other solutions: ELK Stack, Kibana, and Splunk. The cost of Devo, as it relates to Splunk, is significantly less with higher value. Its capabilities of… more»

What other advice do I have?

Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of… more»

Which other solutions did I evaluate?

We have used everything out there. We have used Splunk, ArcSight, and LogRhythm. We've used all those tools. We have leveraged them from customer environments and used… more»
JeffHaidet
Real User
Director of Application Development and Architecture at South Central Power Company
Jan 05 2020

What is most valuable?

Other than the log aggregation and alerting, their reports modules have come a long way. But for the most part, we stay right in the wheelhouse of the product to use it to… more»

How has it helped my organization?

Their run-and-watch service (now renamed SIEMphonic) has saved from having to hire at least one FTE. In addition, having an expert set of eyes on things and their… more»

What needs improvement?

In terms of advanced queries, I wouldn't say EventTracker is lagging behind its peers. The latter just make it easier to get to them. EventTracker is designed more for a… more»

What's my experience with pricing, setup cost, and licensing?

Our cost is significantly less than what it would have been for one of the competitor's products, and that includes the run-and-watch service (SIEMphonic). You can go with… more»

Which solution did I use previously and why did I switch?

We did not have a previous solution. We do annual audits, and the lack of a SIEM showed up in one of our audits as a piece that we needed to start investigating, four or… more»

What other advice do I have?

The biggest lesson really isn't an EventTracker lesson, it's more of a SIEM lesson. And that lesson is: It's a lot of data. When you have a lot of data, it's going to take… more»

Which other solutions did I evaluate?

When we acquired EventTracker, we went through an assessment process, reviewing five or six different manufacturers of SIEMs. The frontrunners were the typical players… more»
RamneshDubey
Real User
Senior Cyber Security Specialist at a software R&D company with 10,001+ employees
Jan 11 2020

What is most valuable?

The most valuable features are the packet decoder, log decoder, and concentrator. The packet decoder is capable of collecting the flow, whereas the log decoder is capable of collecting the event. NetWitness offers a hybrid solution that… more»

What needs improvement?

The alert dashboard is not reflecting events in real-time. We have to refresh in order to view an alert in real-time. Log aggregation is an issue with this solution because there are a huge number of alerts in a single instance. Compared to… more»

What's my experience with pricing, setup cost, and licensing?

Many clients are not able to purchase the packet capability because there is a huge amount of data, and the cost depends on the number of EPS (Events per second), as well as the number of gigabytes of data per day.

Which solution did I use previously and why did I switch?

We are using multiple tools including QRadar, RSA NetWitness, LogRhythm, and Micro Focus ArcSight. The QRadar setup gave us no issues, and it also works with logs and packets. LogRhythm fulfills the GDPR compliance.

What other advice do I have?

My advice to anybody who is researching this solution is to consider the differences between the hardware and the virtual solution. The hardware is okay, but if you have any issues and need to restart then it is easy to do this with the VM… more»
Jordan French
Consultant
Business Development Manager- Threat Management Services at a tech services company with 5,001-10,000 employees
Apr 25 2018

What is most valuable?

* Smart Connectors and Flex Wizard * Multi-tenant access * Customization for dashboards and reporting * Improvements made to the ADP platform

How has it helped my organization?

Without it, we would not have a managed SIEM offering to speak of. We spent over a year evaluating leading competitors and ArcSight was the clear winner. It opened up a… more»

What needs improvement?

The marketplace is a bit of a joke; steps should be taken to improve participation. Micro Focus desperately needs to improve their core offering rather than adding more… more»

What's my experience with pricing, setup cost, and licensing?

Customers without a ton of resources to dedicate to deployment may be better served by a managed ArcSight service. A lot of the complex setup and administration duties are… more»

Which solution did I use previously and why did I switch?

We have not use a previous solution past its initial evaluation period.

What other advice do I have?

It has its quirks, but ultimately, it delivers capabilities that no other SIEM could provide.

Which other solutions did I evaluate?

We evaluated Splunk, QRadar, and LogRhythm.
Michael Kaericher
Real User
Application Engineer at a financial services firm with 5,001-10,000 employees
Apr 25 2018

What is most valuable?

Low barrier to start searching with the ability to normalize data on the fly. I have also been able to take advantage of some of the more complex statistical capabilities when analyzing logs.

How has it helped my organization?

Before we analyzed required manual correlation of individual log files, and this was almost impossible to do. With Splunk, what was once almost impossible, is now unbelievably fast.

What needs improvement?

I would like to see Splunk improve its posture as a production operations tool. This means that searches, alerts, dashboards, and additional configurations that I use should have a production… more»

Which solution did I use previously and why did I switch?

I previously used LogRhythm. I found this tool particularly difficult to use. It was more rigid in its normalization of data.

What other advice do I have?

Growth in data ingested will be much larger that you anticipated. If you need to prove this first, consider using an ELK Stack Logstash type of solution before using Splunk.

Which other solutions did I evaluate?

We evaluated our existing tool, LogRhythm.
Get our free report covering Splunk, IBM, Elastic, and other competitors of LogRhythm NextGen SIEM. Updated: February 2020.
397,082 professionals have used our research since 2012.