LogRhythm NextGen SIEM Pros and Cons

LogRhythm NextGen SIEM Pros

Reno Thomas
Senior Security Engineer at Augeo Marketing
Provides visibility into the network.
View full review »
Jim Mohr
Principal Security Analyst at a healthcare company with 501-1,000 employees
We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products.
View full review »
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
The feature that makes it usable is the web interface.
View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2019.
366,593 professionals have used our research since 2012.
Aaron Mueller
Security Analyst at Xanterra
The PCI compliance pieces that help us produce reports for our external auditor, and their support.
View full review »
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
The ability for me to go into the Web UI, and just learn what's going on in my environment.
View full review »
Computer0e92
Administrator Executive at a individual & family service with 10,001+ employees
It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast.
View full review »
Informat8c3b
Information Security Officer at a insurance company with 201-500 employees
LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts.
View full review »
Eric Knopp
Data Sec Program Manager at a insurance company
The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources.
View full review »
Jacob Hinkle
Security Engineer at Managed Technology Services LLC
We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program.
Their customer support is friendly and willing to help.
View full review »
SnrArchi4b5a
Senior Architect at a energy/utilities company with 201-500 employees
We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.
View full review »

LogRhythm NextGen SIEM Cons

Reno Thomas
Senior Security Engineer at Augeo Marketing
I would probably look for more things to go into the web console that is currently on the fat client.
View full review »
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue.
My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable.
View full review »
Jim Mohr
Principal Security Analyst at a healthcare company with 501-1,000 employees
I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that.
We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA.
We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes.
Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going."
View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2019.
366,593 professionals have used our research since 2012.
Avraham Sonenthal
Senior Network Engineer at a government with 5,001-10,000 employees
It is a product that is very hard to use.
View full review »
Aaron Mueller
Security Analyst at Xanterra
I would really like to see some type of group or global management for RIM policies,
View full review »
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm.
View full review »
Computer0e92
Administrator Executive at a individual & family service with 10,001+ employees
I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph.
View full review »
Informat8c3b
Information Security Officer at a insurance company with 201-500 employees
Right now there is the concern about being able to gather all of the data into the system.
View full review »
Eric Knopp
Data Sec Program Manager at a insurance company
I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason.
View full review »
Jacob Hinkle
Security Engineer at Managed Technology Services LLC
The installation was a bit complex because we are running a virtual infrastructure.
View full review »
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2019.
366,593 professionals have used our research since 2012.
Sign Up with Email