LogRhythm is the first SIEM I have used and the only SIEM I have a lot of experience with. I've demoed other SIEMs and we've gone to market twice to look at whether LogRhythm was still the right decision. Both times we concluded that it was.

We didn't have a designated security person on staff, and our auditors came in and said that we should be doing this. As a help desk person, I looked for something specific that was going to give me the flexibility I need but also allow me to spin up and run while doing the rest of my duties, and LogRhythm was the best one that I found that could do that.

We did not use another product prior to this one.

Splunk is a great product, but it's complex and requires a highly educated and professional team to manage it. Plus, the change in licensing subscriptions from perpetual to subscription-based resulted in a significant price increase compared to what we had with LogRhythm.

I've also used with QRadar, which is easier, for example, to set up and is more user-friendly. 

We used FireEye two years ago. The management decided to move to LogRhythm SIEM because FireEye was going through a transition, and we wanted a stable product.

LogRhythm is the first SIEM that my company has ever owned. They never owned one before, and it took a lot of convincing to get them to buy it in the first place.

I used QRadar before. I prefer QRadar over LogRhythm.

Yes we did. It just wouldn't handle our environment all. It was going down all the time. One update caused it to delete all of our logs over a month old.

The previous SIEM we have was McAfee Nitro. There were a couple of reasons why we switched. We switched due to the fact that it wasn't easy to just stumble into finding things. You had to know what you're looking for and we didn't like that aspect of it. Also, we had a really bad support case that was the catalyst for making the move to a different SIEM.

I wasn't part of the evaluation at this location, I actually took the job because I knew they had selected LogRhythm and I had the experience there. I know they did some SIEM tools comparisons with Rapid7, Splunk and QRadar which was the incumbent when evaluating LogRhythm as a replacement SIEM solution.

We were using another product before, McAfee Nitro SIEM, and that product was just getting too hard to maintain. We had other people on the team and within the organization who had used LogRhythm in the past, so it came highly recommended. We checked into it, checked reviews on some of the different vendors, and LogRhythm is the one that came out on top.

We did not have a previous solution that we were using.

We were working on RSA. We switched due to the cost and the lack of local support. The RSA cost is a little bit too high.

We were using McAfee Nitro. The administration of the application was very cumbersome, and trying to get reports, customizing the analytics on there, is a bit difficult. We looked at LogRhythm, and LogRhythm seemed to have a lot of the stuff built in, canned already.

This is our first SIEM. My biggest driving factor was something that we could run with a small team. Like most, we have a very limited set of people to do this.

I previously used McAfee ESM, QRadar, and ArcSight. McAfee is by far my favorite SIEM to utilize. It is very robust, very quick. The ability to query is much faster than all other popular SIEM tools. Now that it requires a lot more hardware investment, it almost requires a developer mentality to massage the tool to make it do exactly what you want. This is where LogRhythm really outshines McAfee.

We moved away from Splunk because we were not happy with it. Workstation monitoring seemed a little more complex than it is with LogRhythm. It's much simpler to search for issues and get alerts through it.

I had to do a proof of concept review two years ago when we were doing a rebid, and LogRhythm was the incumbent. I looked at some other companies. The thing that was essential for me was not only that you could gather data quickly and efficiently, but how you harvested it and how you maintained it. A lot of the other vendors had different ways of doing it, nothing I considered reliable and I was worried about the fact that, as their volume increased, the performance of their appliances would decrease.

What I found with LogRhythm, especially since I picked up one of the newer XMs, is that it has the capability to handle the volume I'm looking at but also, if I want to separate certain parts off onto certain systems, to basically spread those elements out. That was a feature that became really critical for me. Without that I'd be stuck with the pressure of one box, if it fails it takes all my operation out. So I get both, strength and diversity, because I can use multiple systems, they have that flexibility, the others didn't show me that. 

Those were some of the things that were important. 

Also, being able to handle tens of millions, and hundreds of millions of records from a wide variety of resources. They have something called log source types. Log source types let you ingest data from Palo Alto firewall, Cisco firewalls, big F5s, all sorts of environments, draw the data in and make it relevant. 

The other environments - whenever I hear an engineering environment tell me, "Its just a simple matter of programming." It's not. 

When somebody says, "Here's the log source type, and this will do this with your data," and you draw in 10 million records from the firewall, and that afternoon you can make sense of it. That was another reason why.

We had come from two other SIEM products that were going end-of-life. The original one was the Cisco Security Manager, and then the latest one was RSA enVision. Because that was going to end-of-life, we needed to find a replacement product.

The big thing was the PoC was a great tool to get a great overview of what the product was going to be like. We also worked with an SE that helped deploy the product. Then we also were able to talk to support. So we got a good feeling to how the product was going to operate, not only from our operational standpoint, but also from a support standpoint, and also from help from our local support engineer.

We just had a great experience all round, and when comparing feature sets, the web interface to the alarm drill downs, the AI Engine drill downs, to the network monitor product, it was definitely on the top of the list.

The other big thing that we really liked about LogRhythm - we had a unique requirement - was that we had to have appliances, we didn't want virtual devices. Just from the security side of things, we wanted to be able to manage those devices ourselves, rather than having our infrastructure group manage those. LogRhythm also provided us the appliance base versus Splunk which is all virtual base.

We were using a different SIEM tool before. It's probably not really fair to call it a SIEM. It just really wasn't quite robust, it was more of a log collection tool. The system worked fine, we could create some basic events from a single log: "You see this log, fire an alarm off of it," or something like that; not really correlation per se. 

We had issues with scalability with it. We could stand it up for about a month, and then after about a month, as the database started getting full, then trying to do searches and things like that, it was too slow. So you would have to clear out the database, start again, and again it would work for about a month.

I had a little bit of experience with QRadar and a customized SIEM solution at my last job where we had used an MSSP environment, so really a lot different scenario, and you didn't really get to work with the clients directly upfront and control the log sources. Now, I work an enterprise that is slowly gaining control of everything, and that is a lot better.

We chose LogRhythm because in the Minneapolis area, the security community is pretty close and there are a lot of other customers and associates, like my manager and myself, who know a lot of people using LogRhythm. So, we got a lot of good feedback.

No. We have always done our homework and we believe that LogRhythm continues to be our solution.

We were using another product called AlienVault. The main driving factor behind looking for this solution was our PCI compliance requirement. We switched from AlienVault due to a lack of parsing rules providing by them, and LogRhythm provided those parsing rules for various devices we were collecting information from.

We used SolarWinds before. We switched to LogRhythm because of specific requirements regarding log information and SOC activities, particularly for government contracts. In comparison to products like IBM and HP, LogRhythm is a cost-effective alternative.

I have used previously ELK Logstash. In my country, LogRhythm NextGen SIEM is used more than ELK Logstash.

It is more intuitive than the previous solution (IBM QRadar) that we had in the environment.

It was due to compliance that they decided to get a product.

We used AlienVault, and before that Splunk, but neither one of them worked, and even their pro-services people couldn't get the products to really perform well in our environment. I understand the LogRhythm sales engineer who came out the first time to demo or do a proof of concept, was doing things in minutes that the other folks were trying to do in weeks, and my boss said, "That's what we want. I want that."

We need stability, ease of use, ease of investigation, so we had looked at a number of products in the past. Again, that was mostly before I came on board, but I understand the challenges with them included having to write a lot of custom parsing, and you either had to have Linux gurus on staff, coding gurus on staff, to make those products sing. LogRhythm has all that built in, and you just need to let them know what you want to turn on. They have all the features and policies and alerts that you could ever hope for, so you just have to know what you want to do.

Compared to other solutions, an advantage of LogRhythm is that it still works on a lot of the old platforms. As mentioned, it is based on the Windows platform, and I think that it wins out due to the straightforward pricing and how easy it is to calculate for the sizing and critical add-ons such as UEBA and SOAR.

Because the platform is always the same, it's just easier to extend it as needed. For example, it's not technically dependent on another solution that's been acquired by themselves or another company like IBM.

The main difference boils down to the question: for add-ons and such, do you need to seek out a different service from a different vendor rather than adding to the same solution by the same company? I believe they do it all from the same R&D teams and it shows.

We had IBM QRadar for what seemed to be almost a decade. So, we just needed something different. There was a loss of knowledge transfer, as you can imagine, over a decade with different people coming in and out of security teams, and the transfer of knowledge was very limited. At the time I got on board, I had to figure out how to use it and how to maintain it and keep it going. We had some difficulties or challenges with IBM in getting a grasp on how we can keep getting support. It was a challenge just figuring out who our account rep was. After I figured that out, it was somewhat smooth sailing, and then we just decided it was time for something different, just a break-off because products change in ten years. You can either stay with it and deal with issues, or you do a break-off and get what's best for the organization.

If we go back nine to 10 years, we had the advent of PCI. The standards council says you needed to use file integrity. The only real solution at the time was Tripwire. That's when I got introduced to Ross Brewer (Vice President and Managing Director of EMEA for LogRhythm). From that point, we knew this was the right solution. We wanted to gather the logs into a central place.

We did not have a previous solution.

When we originally put in this solution, it was for log collection and analysis of all of our branch network devices, but it has evolved over the last seven years to encompass pretty much anything that provides some kind of security visibility.

I have experience with Splunk and ArcSight. LogRhythm's correlation capabilities (part of the AIE component) is much better than Splunk's, and the solution as a whole is generally cheaper and easier to implement than ArcSight.

We had Tripwire, but we needed logging and SIEM, not just logging.

I previously used IBM Security QRadar and switched to LogRhythm SIEM because it is the best in the market.

When compared to other SIEM solutions, LogRhythm is very easy to use, and I like the correlation rule building.

It's actually our second SIEM tool. Our first one was not scalable. We didn't really get to pick it, it was chosen for us. We got to a certain point and we just couldn't grow it anymore. 

So we did a full RFP, a bake-off so to speak, and looked at everything that was really competitive on the market. Ended up with LogRhythm. Did our initial deployment, which lasted us for about two years. Because we did our basic measurements on a tapped-out SIEM - we didn't realize how much growth we would have once we uncapped the bottlenecks - we ran into some growth issues. We just doubled our capacity three months ago with no problems at all.

We had some other vendors at the time, but LogRhythm beat them out. We had RSA, I don't remember what the name of their product was, and LogLogic.

We were a RSA Envision customer. Our platform was going away, so that’s one of the reasons we switched. We weren’t really impressed with the security analytics platform that they wanted us to move to. We didn’t want to make the investment they wanted. For our industry they were lacking.

I had seen LogRhythm before, and back then a few years ago, they weren’t a player in the market. Since then they have moved to a much better security analytics platform. For what we need, LogRhythm is a perfect fit.

We were previously using SolarWinds and we outgrew it. It wasn't scalable. We needed to find a solution that would scale as we grew it.

Because the organization wanted to have an in-house solution, when we looked at what was out there, we thought that LogRhythm, based on the user interface that was somewhat easier to follow compared to the competition, was a must for our security analysts.

And the additional features within the investigation side of it, to dig deeper into what's going on out there. Those were two big selling factors for us.

We previously used Juniper STRM, rebranded QRadar. We faced 1. Log processing could not keep up with collection, so events were being dropped. 2. Support was poor. 3. When a ($45 at Bestbuy) disk drive went out, we were sent an entirely new system. 4. When faced with upgrading to support our log collection demands, the estimated cost was several times greater than the LR deployment.

I also work with Oracle. 

This is our first adoption of a proper SIEM product, so there is really nothing to compare it to with respect to the job that I am in right now.

This is our first iteration of SIEM at my organization. At the time, my superior had used Splunk previously, and that was what he was a fan of. But LogRhythm is one of the emerging leaders, price point was very important, and also to be with a company that's on the cutting edge of technology.

The risk appetite changed. We are in quite a regulated organization, and having something like LogRhythm in place gives us the visibility and the comfort that we've got the monitoring required in place.

This is our first SIEM.

We were using an MSP and were dissatisfied with its performance. What we started to do was figure out what we could bring in-house and what we needed from a security standpoint, and this SIEM kept coming up as something we should look at.

It was our very first log management solution. When I joined, we did not have a cybersecurity program. My employment was to build a cybersecurity program right from scratch, right from the start. Whilst I evaluated a couple of other programs, LogRhythm came to me, through the evaluation of those, to be the clear winner.

The criteria certainly was scalability. Our company, within a year, has gone from $600 million of revenue to $1.3 billion. At that point, I knew that we had to have that scalability function.

I knew that we needed a SIEM solution because we had no visibility

We didn't have any SIEM monitoring tools up until I showed up at the company. We didn't have any visibility into what was going on on our networks or on our systems. So that was one of the first steps that I took when I came on with the company.

The general SIEM was brought in, like a lot of SEIMs are brought in, is to solve a compliance issue. To check a box. That's initially what it was brought in for. Now, I'm investigating where we're going to grow this tool. Because apparently, it's sitting in a state that's getting a little stale.

At this LogRhythm User conference I'm looking to see what additional benefits it can provide. LogRhythm can do a lot. It's just a matter of making the right choices to gradually get yourself going down the path of developing it, because it can get overwhelming, like any SIEM. 

But LogRhythm's got a nice online community to shape your decision making, like, "Here is where you should start." They've got actual tips and tricks every month that you can get on, really easy things to digest over lunch hour. You've got to dedicate the time.

We did not have a SIEM solution in place at all. I was told to go out and look for one, so I did, and LogRhythm definitely came out on top for what we needed it for.

We did have a previous SIEM solution, which was IBM QRadar. One of the biggest reasons we decided to move on from that was cost. The renewal costs from IBM were extraordinarily high. We had already talked to LogRhythm for a different use case, with compliance. We already knew what LogRhythm had to offer.

We were using RSA Security Analytics and, before that, we were using RSA enVision. The challenges behind them were that they were very clunky, not very user-friendly, and you had to know coding, and you had to know command-line interfaces to even use them. Even on their GUI side. With LogRhythm we don't have to.

We did not have a previous solution.

As a healthcare organization, we obviously have to have HIPAA compliance. This was the main driver for purchasing the solution.

We have come from a separate SIEM, SolarWinds, and just purchased LogRhythm within the past couple of months. 

They switched because they flat out didn't like SolarWinds and their interface or anything like that.

We've had, in the past in our company, ransom attacks. Prior to me being, there there was one that they paid out, and obviously, that is a painful way to go about doing business. We want to secure our data. We want to make sure that does not happen again.

The reason we switched to LogRhythm, one of the core reasons, was the case management, and, as well as the Netmon. We liked having the integrated Netmon, and the case management, again, gave us a single pane of glass for our analysts to view the data, import the relevant data into the cases without having to use separate systems.

LogRhythm is definitely influencing. Since investing in LogRhythm, we've seen a lot more visibility into our product, into LogRhythm. We have a lot of non-security operations teams that are using the SIEM tools, just to view logs, Windows logs, troubleshooting issues, troubleshooting security events, so we're getting a lot of by-in from other teams into the program, which has accelerated the maturity of our program.

We didn’t have a solution before. It's usable out-of-the-box and it covers a lot of holes. It's done its job.

No previous solution was in place.

We were a QRadar shop for five years prior. To be honest, the product was great initially, when it was a Q1 Labs product. Things started to change a bit after IBM's acquisition of it. So we were looking to see if there were better alternatives. The top-two were LogRhythm and Splunk. 

We did a several week SIEM solutions comparison between the two of them. Splunk is a great product in and of itself, but it was too massive for us, for our size of organization. As well, it looked like it would require a little bit too much of an analytical programming background for my engineers and analysts, which they don't have. So they were really most satisfied with the LogRhythm platform, its capabilities, the ease of use. And then, from my perspective, from the company's checkbook, the sustainability of it, the upfront cost, and the long-term ownership of it.

We actually weren't using anything before. It was a conglomerate of a firewall and the Windows logs. But we had an IT architect that was more into security.

We were using Splunk prior to this but it was too expensive and we needed a true SIEM solution.

We are migrating from a different product (Curator) to this product, and we think LogRhythm is better than the older product that we were using. We were looking for a solution with scalability and ease of management. Also, Curator is more expensive.

No, just some open source type of things.

We searched for a security solution because it is such a huge surface area to cover for a very small security shop. It is just two of us, and we have about 5,000 servers. It is a lot.

We used EiQ. It was terrible. Just straight up, they didn't fulfill support promises. They pivoted from being a self-hosted company to hosting in the cloud and offshore, using offshore analysts. So, it just wasn't a fit anymore. And their product didn't scale.

We needed something that would give us a single pane of glass, that visibility over our whole organization - and correlate all the data - without too much staffing needs.

I have used Tripwire, which was a poor SIEM solution.

I've used Symantec SIM, which wasn't so great. This is a real breath refresher, because it's more scalable, and I feel it's a better product overall.

We had a previous solution, but I don't know who they were. I don't know why we switched. Compliance was our biggest driving factor to why we purchased LogRhythm.

We're fairly close to Boulder, so buying something that was local, I like to do that, and it is a great product. We're happy with it. I think it is one of the best SIEM tools out there. So, no regrets about going local, and it's nice to have them down the road if we need to get to them.

We were using a third party, Dell SecureWorks. We wanted to go away from that and go into more of a centralized system in-house. We went through a bunch of factors and LogRhythm came out on the top.

We used Q1 QRadar. After IBM bought it, it kind of died on a vine. They quit supporting it, so that was the main driver for getting off of that and going to LogRhythm.

We were using a different vendor and we decided to go against it. We wanted to bring this in, in-house. We were using Dell SecureWorks, and we were just not satisfied with their ability to give us reporting and information on a timely manner.

As I said, it was ArcSight at my previous company. I was lucky enough to try to build the security practice where I'm at now. LogRhythm was one of three that we evaluated.

I didn't use any other solution previously.

The scalability was the main reason for switching. You never know how much you may need and the ability to quickly adapt is great.

The ability to add something quickly is very important. It's more complete than a lot of products, such as Splunk, but you have to put in a lot of work.

With LogRhythm, security feeds and security alerts are just built in.

I previously used QRadar SIEM.

We also use Splunk, but in terms of security, we always recommend LogRhythm NextGen SIEM.

I've also used QRadar.