LogRhythm NextGen SIEM Competitors and Alternatives
Read reviews of LogRhythm NextGen SIEM competitors and alternatives
Senior Vice President and Chief Information Security Officer at Donnelley Financial Solutions
Real UserTop 20
Jun 14, 2020
The alert fatigue and false positive rates have just plummeted, which is really exciting.
What is our primary use case?My organization is in the financial services industry and the majority of services that we offer are financial services centric. We operate or support almost every industry in the marketplace. We restore processes and transmit highly sensitive information. Sometimes that information is premarket. Other times that information is personally identifiable information, personal health information, etc. It is dependent upon our client's requirements. Security is cornerstone in all that we do. It's in our DNA, as we would like to say internally. Being in a position to understand when we are at risk… more »
Pros and Cons
- "As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
- "Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
What other advice do I have?If I was to rate empow on a scale of one to 10, I would give them a nine and a half, probably. Why it's so high is that there's no competitors on the market in my mind that has transformed the SIEM industry as much as empow. The speed is impressive in which they continue to innovate. Every couple of months, we're excited to learn about the latest and greatest capabilities of the platform. Most of the latest innovations have been centered around their automation capabilities. It's had such a tremendous impact on my organization. They tend to focus on what matters. It has given us high…
Manager of Security Services at OpenText
Jan 9, 2020
We can build Activeboards that can do queries across multiple different types of data sources with one query
What is our primary use case?I run an incident response, digital forensics team for OpenText. We do investigations into cyber breaches, insider threats, network exploitation, etc. We leverage Devo as a central repository to bring in customer logging in a multi-tenant environment to conduct analysis and investigations. We have a continuous monitoring customer for whom we stream all of their logging in on sort of a traditional Devo setup. We build out the active boards, dashboards, and everything else. The customer has the ability to review it, but we review it as well, acting as a security managed service offering for… more »
Pros and Cons
- "Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo."
- "Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented."
What other advice do I have?Definitely get training and professional services hours with it. It is one of those tools where the more you know, the more you can do. Out-of-the-box, there is a lot of stuff that you can just do with very little training. However, to get to the really cool features and setups, you'll need the training and a bit of front-end assistance to make sure it's customized for your environment the right way. You need to have a tool of this capability in your environment, whether you're providing service for someone else or if it's your own internal environment that you're working in. It is a core…
Director of Application Development and Architecture at South Central Power Company
Real UserTop 20
Jan 5, 2020
SIEMphonic gives us an expert set of eyes on things, and assistance with rules has been a huge time saver
What is our primary use case?It's a system incident and event management platform. The typical use cases that go along with that are alerting and syslog aggregation.
Pros and Cons
- "I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
- "It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."
What other advice do I have?The biggest lesson really isn't an EventTracker lesson, it's more of a SIEM lesson. And that lesson is: It's a lot of data. When you have a lot of data, it's going to take a while to study and learn that data, so you can react appropriately. Not all data is actionable. Be prepared for the data. Be prepared to know what you didn't know before. And be prepared to weed out the noise from the actual data. That's where EventTracker's SIEMphonic becomes very helpful. My advice would be, if you're going to go with EventTracker, to go with the SIEMphonic service and leverage their support team to get…
Practice Head-CyberSecurity at a tech services company with 1,001-5,000 employees
Good support with an intuitive dashboard but the cost is too high
What is our primary use case?Since we have an IT services company, we have been using Splunk for the deployment to the customer locations as well. Sometimes the customer will come back to us and say that we need to have a SIEM tool, and when we do the benchmarking, we'll do a couple of deployments on the Splunk side and at the customer's locations as well. As an example use case, we deployed Splunk to a banking institution a few years ago. There the use case was basically this: the customer wanted to set up a security operation center, and they wanted to have a pretty large deployment in terms of the number of endpoints… more »
Pros and Cons
- "The most valuable aspect of the solution is the dashboard. It's very intuitive."
- "There are a lot of competitive products that are doing better than what Splunk is doing on the analytics side."
What other advice do I have?We're partners. We have a business relationship with Splunk. We're using the latest version of the solution. Overall, I would rate the solution at a seven out of ten. I'd advise potential new users to ensure they do proper sizing before deploying the product. If it's a very large deployment, the number of endpoints will be quite sizeable. You need to figure out the correct number of endpoints as well as endpoint devices, switches, routers, etc. It's also a good idea to look at use cases. Splunk is very strong in some use cases. It's important to look into deployment scenarios and check out the…
Co-owner and CEO at Data Security Solutions
Jan 17, 2021
Best price-performance ratio, good scalability, and easy to set up
What is our primary use case?I am a system integrator. We have installed it on-premises, on the cloud, in distributed environments, and all other environments for our clients.
Pros and Cons
- "We have worked with other solutions, such as LogRhythm and Splunk. Compared to others, IBM QRadar has the best price-performance ratio so that you are able to reserve minimum costs. It starts settling in fast and gets the first results very quickly. It is also very scalable."
- "There are a lot of things they are working on and a lot of technologies that are not yet there. They should probably work out a better reserve with their ecosystem of business partners and create wider and more in-depth qualities, third-party tools, and add-ons. These things really give immediate business value. For instance, there are many limitations in using SAP, EBS, or Micro-Dynamics. A lot of things that are happening in those platforms could also be monitored and allowed from the cybersecurity risks perspective. IBM might be leaving this gap or empty space for business partners. Some larger organizations might already be doing this. It would be very nice if IBM can make some artificial intelligence part free of charge for all current QRadar users. This would be a big advantage as compared to other competitors. There are companies that are going in different directions. Of course, you can't do everything inside QRadar. In general, it might be very good for all players to provide more use cases, especially regarding data protection and leakage prevention. There are some who are already doing some kind of file integrity or gathering some more information from all possible technologies for building anything related to the user and data analysis, content analysis, and management regarding the data protection."