We looked at Securonix, Azure Sentinel, IBM's QRoC, and QRadar on Cloud. What really won us over with LogRhythm was the ease of use of the interface and the simplicity of the underlying architecture. It really lends itself to being a low-cost solution to own over time.

We looked at four products including QRadar and Rapid7 InsightIDR. We did POCs for all four solutions, and LogRhythm was the best solution for our needs.

One of LogRhythm's distinguishing features was its AI engine which analyzed the tools and allowed it to alert for specific events, instead of me having to dig down and create all these rules. It came with pre-created rules.

Another piece that was really important was the implementation. They had a lot of pieces for third-party vendors as well. We could pull in the logs. All we had to do is just create a rule that says, "alert." It came pre-programmed with a lot of alarms that would automatically correlate with our AV, along with our firewall. We didn't have to create them because they just came in pre-made, and that was a big feature that we looked for. Just implementing it or adding to it didn't take up too much time.

We did not evaluate other options.

We are moving to Google Chronicle. We are in the transition phase now.

The solution was already in place when I arrived, so I was not involved in the decision.

I've evaluated solutions that can be deployed in the cloud and have other features or components, like the UEBA. In the case of Securonix, it is included. We need to decide if we are going to propose something that is on-prem or in the cloud, depending on the requirements of the customer. The architecture is more complicated when you deploy something on-prem, so you want to increase the number of EPS, the events per second. You need to consider the architecture.

With Securonix or Splunk, we just need to go to the partner and say, we need an increase in the number of EPS. We also don't have to provide maintenance to the solution because it is in the cloud. Our specialist is more focused on the security aspects instead of providing maintenance to the components.

We were actually dead set on using Splunk. I came from a Splunk shop at my previous job, and I am a big fan, but I had never seen the Web UI before. So, it is a combination of a few things: The web UI, price pressure from the business, and dedicated hardware, which made LogRhythm the overriding choice for us.

We went through a competitive comparison of the three leading platforms out there. It was an easy win, not only from the technology-side, but from the company with its support. That's a big thing for us, when you are small, that you count on the support team. Some of the competitors, their support is not good.

QRadar is built around Red Hat, so it's more stable. I think LogRhythm is more complicated than QRadar.

A couple of others that we've considered, IBM QRadar that's actually one that we had in house previously, and we'd had stability issues with that platform. And so it was one that we were kind of looking at the market to see what we could replace that with. And I would say again that the ease of use of LogRhythm, for new analysts as well as management people, and the licensing scheme were two things that made it pretty attractive for us

Yes we evaluated and used a few other products.

ArcSight, Solarwinds LEM, Splunk, and IQ radar. Splunk and IQ radar where the products we evaluated with LogRhythm. The other two products are products we used before.

We evaluated a few other options. Since we're a government entity, procurement rules limited us to just a handful of options, and of the options that we had, LogRhythm was clearly the better choice for us. 

We had the option to renew and get a refreshed McAfee SIEM, which we didn't feel good about. The other two options that we were able to use were IBM and Rapid7. IBM was just another vendor I've not had good luck with in the past. Rapid7 was a smaller player. We didn't feel they had the ecosystem, the robust ecosystem, to support what we were looking to implement.

Our top choices were LogRhythm and Splunk. 

Splunk is a data lake that doesn't necessarily do any analytics. Whereas, with this solution, we're looking at all the analytics. We can quantify data, we can drop data, and we can do what we need to, plus the pricing model is better.

We looked at Splunk and IBM QRadar.

Where some other engines have been touted as SIEMs, you actually have to do a whole lot of actual engineering work of your own to even get the basic functionality out of them. This is one thing LogRhythm knocks out-of-the-box. 

I worked on McAfee SIEM for six months, but that was when I was part of another team. If you compare McAfee SIEM with LogRhythm NextGen SIEM, I prefer LogRhythm NextGen SIEM because it's a user-friendly tool. It's also very easy to configure. The dashboards in LogRhythm NextGen SIEM are also very simple and very informative, and I've configured them to better understand what's happening in the organization. You can also create an alarm system in LogRhythm NextGen SIEM, that's very helpful.

I also evaluated IBM QRadar, and I found IBM QRadar to be a better tool than LogRhythm NextGen SIEM.

Initially, we tested out the QRadar, however, due to some delay and due to some market awareness tests, we did not continue.

There were multiple competitors. We almost went with Splunk, but LogRhythm ended up being the best for the price. It ended up being everything we needed in one solution.

When we went shopping for a SIEM, I had come from a Splunk shop. I was very familiar with Splunk the interface. I like the software, so Splunk was number one on my list. And who was number two? SolarWinds had a SIEM solution that we had played with a little bit at my company, so they were also in the running. And then actually one of my partners talked to me about LogRhythm because I'd never even heard with LogRhythm before and so we did a demo.

And ultimately, it was two big factors. From a Splunk perspective, cost. Cost to build it out and then cost of licensing, it's just unattainable for us. And number two, LogRhythm's WebUI and the speed with which you can run searches in it was hands down my primary reason for going with LogRhythm.

At this point, it's a pretty core platform for us, so we haven't been looking around.

We have tried many other products. But if you want to look for a mature product in the SIEM market - Gartner Quadrant, LogRhythm and Splunk are all leaders and are well placed products. The rest are yet to come up.

When I say LogRhythm is a mature product, I mean it covers all 360 degrees for SIEM requirements which is not there in the other products. Only a few products have this kind of totality of integration, especially in the reporting. It has very good machine learning and AI techniques. It is very good.

We looked at AlienVault, that was one we demo'ed. LogRhythm does seem better.

Our SIEM solutions list included several different vendors from Splunk to LogRhythm to RSA, their new product. We ended up choosing LogRhythm.

Yes we did, unfortunately I don't recall exactly which other ones we looked at, but we had a number of different demos with other vendors and, obviously, chose LogRhythm. 

LogRhythm is successfully employed in a lot of organizations. We tried using another large SIEM, I won't name it, but we weren't able to even get it deployed. It was just too complex, and this was at CenturyLink.

QRadar, it's really easy to use, but for our size organization, we only have about 270 employees. That is not a whole lot of log sources, so it seemed like LogRhythm fit into that profile a lot better for our needs.

When it comes to the SIEM, LogRhythm was pretty much our go-to. We really wanted to go with LogRhythm and we were hoping that there wasn't any reason not to. Because my manager and myself had some experience with some other SIEMs and knowing what the success rate of those, and then just knowing people who use LogRhythm and who have said good things about it. At that point it turns into, "Is the financial investment going to work out for us?" It turned out that it did. We wanted to go with LogRhythm and we're glad that we're able to make it work out.

No.

I have never used a competing product.

During the proposal, we are looking at three to four different vendors, such as LogRhythm, Splunk, and IBM QRadar, so in term of alarms and AI intelligence, we see that LogRhythm is giving more accurate and meaningful events compared to the others.

I can't remember anymore.

Though LogRhythm's involvement in providing quick answers to some of the criteria that we wanted to accomplish (5-10 things), and they were able to come up with those answers very quickly.

We evaluated six products as per our client’s requirements. They decided to go for LogRhythm, which solves business purposes and has economical pricing.

We needed to set up a new solution based on our company requirements that were being ruled out. We needed to step-up and add something. When I came on with the company, I wanted to add-on a SIEM solution immediately, I just got the funding and benefit because the company said we had to. There wasn't anything in place before hand. So it was just very much me saying this is what we need and this is how we need to roll it out. Through my research is where I fell back on to LogRhythm.

The most important criteria on a vendor is ease of use. Since I have a small team, it's pretty much me running everything, so I need to make sure that I am able to do it efficiently and be able to pass it off to somebody when I need to be able to hand it off to do. Next piece is what it can provide and the amount of tools they can provide to me in a very short order.

My short list for SIEM solutions would have been Splunk. Also looked at Spiceworks, SolarWinds, and a few other smaller ones out there. But basically Splunk and LogRhythm are my primary two.

My security program was non-existent when I started, so this was basically one of the first implementations that I did to step-up my security implementation. Before this there really wasn't anything to work with. So it's slowly building its maturity through LogRhythm and a couple of other sources.

What I find is that there are die-hard Splunkers. The problem is that Splunk is not affordable at a large scale. QRadar is not any better. It's just as bad. LogRhythm, for the price point, is the most reasonable, when you begin to compare apples to apples.

The only other SIEM tool company that was even close to LogRhythm was QRadar, IBM's SIEM solution, in performance and cost and features. Actually, not cost. I think they're very expensive, and that company makes a lot of people nervous. LogRhythm is, like I said, local, and stable, growing, aggressive, helpful. IBM is a big monolithic company, which I have a lot of respect for and they've come a long way, but they're constantly splitting off and selling pieces, and you never really know where that product's going to be in a few years. LogRhythm hasn't had that problem.

Quality, support, preciseness, and accuracy are the criteria we consider when we evaluate solutions to proceed with. 

When we looked at putting a SIEM in place, we kind of realized that we wanted somebody that was a neutral vendor, where they're not tied to specific vendors that, you know, we wanted to make sure that with the SIM we were buying would monitor all the devices that we had in place. So finding somebody that's kind of an independent, not tied to specific hardware manufacturers, really important to us to make sure that, you know, the SIEM could monitor everything that we had in place.

So I think from a security program, maturity level, logarithm really got us started in that direction. As I mentioned, you know, it was one of the first products we bought and when we first started I really started the information security program myself. So it was kind of the first product we bought that we built everything around. So it really is the kind of the central repository for everything we're doing from an information security program standpoint.

With the new organization that I've been with for three and a half years, we spent seven months looking at other solutions out there; looking at Splunk, looking at ArcSight. We did a trial, we stood them up next to each other. Straight away it was fairly evident that the LogRhythm application itself, and the agent roll-out, was straight out of the box. Like I said, it needs feeding, watering every day, but in terms of being able to take the box, put it into your datacenter, get it up and running, they're definitely light years ahead of the competition.

The SIEM solutions comparison we did included QRadar, RSA, and LogRhythm.

LogRhythm stood out due to ease of deployment, cost of ownership, and ease of use.

• QRadar
• RSA
• Tripwire

We looked at eight or nine other vendors. 

We quickly eliminated four or five of them. We ended up with a final four, which was LogRhythm, Splunk, McAfee's solution, and AlienVault. From there, for various reasons, we narrowed it down to LogRhythm and Splunk. AlienVault, we felt was a nice solution as far as being able to plug it in, get it up and running quickly, but we felt we'd outgrow it. Splunk was on the other end of the spectrum. We felt that it was very powerful, probably more powerful than any of the other solutions, but we didn't have the manpower to configure it out-of-the-box. 

From our own analysis and a lot of other customers we talked with, they confirmed the configurations on Splunk is just too top-heavy, so we felt that LogRhythm was the happy medium. A lot of customers recommended it, because of the built-in rules, and the out-of-the-box configuration is much better than Splunk, and given our team size and our internal resources, we made the decision to go with LogRhythm.

The solution remains a top choice for our customers because of its performance, indexing rate, and coalition engine speed. Customers trying to use SIEM to collect logs and identify threats require a solution that responds quickly. 

The solution's correlation engine is very important because it uses machine learning to automatically collect and analyze quite a bit of data. 

• Curator
• Splunk
• Dell SecureWorks

We chose LogRhythm because, as I said before, the user interface was really a plus for us. It was easier to understand, compared to the competition. And the ability to dig in deeper in the investigation tab, those were the two major selling points.

We reviewed several solutions including Alien Vault (not large enough for our needs), Splunk (would need a full time programmer to write queries), QRADAR (since we already had a previous version. We did a month long POC on Correlog, attempted to POC EIQ Networks.

ArcSight and Splunk, and that was it.

We went with LogRhythm because of cost, administration, and ease of use when you're in the tool. Those are the top three. The fact that it was the lowest cost one, easiest to use, and easiest to administer. It was a no-brainer for us. It wasn't even really a conversation, other than the fact that we have to shop at the three different vendors.

I would not know.

We evaluated SIEMs from AlienVault, Tripwire, and Solarwinds.

My shortlist was Rapid7 InsightIDR, LogRhythm, and Splunk

I had a live demo of InsightIDR running in my environment and I liked LogRhythm a whole lot more, a whole lot better than their solution.

We looked at IBM, and then we also looked at Splunk.

FTE cost. We're a small shop. Infrastructure team is five people, not a dedicated security professional. Cost, being a small shop, ease of maintenance, and ease of use; top four. LogRhythm came in by far the cheapest, was easiest to maintain - this was the initial thought - that's proven out that it is. Then, actually easy to just get in there and look at the logs. It's really easy to use. From not having anybody with any real SIEM experience, to get us off the ground and running was incredible.

IBM QRadar and RSA Security Analytics, but LogRhythm stood out because of their scalability and their interface and their user friendliness. Being able to easily navigate through the system.

The SIEM tool list we considered from included Splunk and SolarWinds.

For LogRhythm against Splunk, it was their pricing model. For SolarWinds, LogRhythm's reputation and scalability.

7pace and Nagios.

We chose LogRhythm due to its better interface. We had demos and felt like LogRhythm was the better solution for us. 

We went back and forth between LogRhythm, Splunk, and AlienVault. 

I liked LogRhythm mostly for how it integrated with the network infrastructure. It was my decision, and I'm not 100% sure that I picked the right one.

LogRhythm works well with our network-centric environment. However, it may not be the best for other things.

We evaluated the freeware alternatives, but we needed a turnkey solution and we just didn't have hundreds of hours to put into a starter box, so we went with a commercial buy.

We didn't perform an exhaustive search, but the result was somewhat fortuitous. I began the search and found someone at LogRhythm I felt I got along with. This person was very knowledgeable beyond the salesman-type of knowledge. He was able to relate with our needs here.

We looked at AlienVault and Qradar.

Several other solutions were considered including Q1 Labs (now IBM), EMC, and HP.

There is a different reason why you pick LogRhythm over its competitors. It is a security SIEM, where others are SIEMs but not focused on just security.

A lot of the competitors, IBM specifically, there's these WinCollector and other types of agents that you have to install and push the event data to the SIEM. 

LogRhythm is more of a collection using APIs to pull the data down, so it's much more efficient. And you don't have to get any of the other areas within infrastructure, or the application teams, to participate. You just go and point at the systems, assuming you have the correct level of authorization and credentials, and then the data is ingested naturally.

I know that it came down to LogRhythm, Splunk and ArcSight. They ideally wanted one person to administrate and run the whole system, which is why the other two got the boot and LogRhythm was chosen. That was the most important criterion in selecting a vendor.

I was not initially involved in the deployment but I read all of them on the business case at that time: Splunk and ArcSight and one other.

Splunk. Cost is the main reason LogRhythm stood out.

We were evaluating Splunk, and also QRadar.

We chose LogRhythm because the price point was within what we were looking to pay. It seemed like a more mature solution than some of the others.

We looked at RSA, we looked at Alien Vault, we looked at a vanilla ELK Stack homegrown solution. We actually evaluated that one. And we also looked at McAfee/Intel at the time, security.

We went with LogRhythm because aligning with the critical security controls, SAN security controls, was important for us. Also, the price was good, MSSP support was good. I think ultimately it was the combination of their willingness to partner with us, and the price.

Alert Logic, but the laws were going outside of the company, so we want to keep it inside for security purposes.

LogRhythm was the best solution that we could find.

I would not know. This was done before I came onboard.

• Curator Security
• Splunk
• ArcSight

We took it as far as they were able to help us with very specific things we do as a company, and LogRhythm came out on top.

We also evaluated Splunk, and we chose LogRhythm as the correlation rules performed it handled clients on DHCP better.

We did a RFP for all the major vendors, ArcSight, all the big ones. LogRhythm came out as the best SIEM tool.

QRadar and Splunk. And, for whatever reason - it is not really a truly a SIEM player - Tripwire. Management wanted us to evaluate Tripwire.

When I was looking for a solution, I looked at Splunk and LogRhythm. There was one from SolarWinds as well. Cost-wise, LogRhythm was the one that impressed me the most. Splunk was really good as well, but it was a little too costly.