LogRhythm NextGen SIEM Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Gene Cupstid
Real User
Security Engineer at a logistics company with 10,001+ employees
Nov 23 2018

What is most valuable?

Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just… more»

How has it helped my organization?

LogRhythm's improved our organization by allowing all sorts of members of the organization to be able to access this data in a much easier way than they have been able to in the past. So instead of more obscure SIEMs, or things out there… more»

What needs improvement?

I think LogRhythm definitely has some opportunity to grow in its documentation space, particularly like if I just use Splunk as an example. Splunk has amazing documentation. It's great. It's almost second to none in terms of the quality of… more»

What other advice do I have?

We do have quite a few log sources. Currently we've got around 30 or 40 completely different kinds of log sources and roughly six or 7,000 different devices currently reporting in. We set it around 20,000 events per second sustained for our… more»

Which other solutions did I evaluate?

A couple of others that we've considered, IBM QRadar that's actually one that we had in house previously, and we'd had stability issues with that platform. And so it was one that we were kind of looking at the market to see what we could… more»
JimMohr
Real User
Principal Security Analyst at a healthcare company with 10,001+ employees
Dec 06 2018

What is most valuable?

Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring… more»

How has it helped my organization?

We have a product that is a security orchestration and response tool Demisto and I think that from the standpoint of automation and response perhaps the first version of the playbooks is not going to compare to the product that we have that's a stand alone for that purpose. However from a price… more»

What needs improvement?

There's two that I can think about off the top of my head. One is service protection. So for example to compare it to the antivirus product, if I'm an admin on a server I can't uninstall the antivirus product unless I have the administrator password for the antivirus not the domain administrator… more»

What other advice do I have?

LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent… more»
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: November 2019.
378,124 professionals have used our research since 2012.
Kevin Merolla
Real User
Security Manager at a manufacturing company with 1,001-5,000 employees
Nov 23 2018

What is most valuable?

The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web… more»

How has it helped my organization?

This solution has been almost like a transformative change in how we detect and then respond to incidence. Quite honestly before, we didn't know what was going on and we couldn't detect anything other than a random virus that sent an email… more»

What needs improvement?

It honestly comes back to me for log sources. The time to get support to onboard a log source runs about 18 months, and that's just too long. Like I said, I'm a lone wolf running the system. I don't have a lot of free time to write ReGex… more»

What other advice do I have?

I'm going to give them an eight. It's a fantastic solution and I totally support what they're doing and I like where it's going. But there is room for improvement, and there are some pain points and honestly I've had a rough year. That kind… more»

Which other solutions did I evaluate?

When we went shopping for a SIEM, I had come from a Splunk shop. I was very familiar with Splunk the interface. I like the software, so Splunk was number one on my list. And who was number two? SolarWinds had a SIEM solution that we had… more»
Jeremy Alder
Real User
Security Lead at a financial services firm with 201-500 employees
Jan 01 2019

What is most valuable?

LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to… more»

How has it helped my organization?

We've seen mean time to detect and to respond go down pretty significantly. We actually recently implemented the CloudAI solution, which allowed us to look into our users' anomalous behavior. Recently, we actually had some user who's a remote user, he traveled to somewhere else in the US, and… more»

What needs improvement?

I think condensing and consolidating what a user accesses over and over again and just having CloudAI understand that that's all of the user's, and you can consider it as one thing rather than multiple things, and alarming on it, and alerting me on it, having me have a mini heart attack every time… more»

What other advice do I have?

If I had to rate LogRhythm and CloudAI out of 10, I think I'd give it an eight. There's still room for LogRhythm to improve, and they've laid out a pretty great roadmap for what they want to do in the future. I think if they continued to innovate and continue to implement the things that they've… more»
Joe Benjamin
Real User
SIEM Architect at Marsh & McLennan Companies, Inc.
Oct 31 2018

What is most valuable?

I've worked with a lot of SIEMs. It's nice that it's straightforward.

How has it helped my organization?

We use Dell SecureWorks right now for our SOC. But in a much quicker-than-expected manner - literally a few months after we started really bringing everything in, and we took over teaching them how to use LogRhythm - our SOC has fallen right into line. LogRhythm is already almost replacing Dell… more»

What needs improvement?

My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable. We're running an HA situation and we wanted to do an upgrade… more»

What other advice do I have?

My advice: * Get a SIEM. * Which SIEM I would suggest really depends on what your key use cases are. There are other SIEMs that do other things better. As an example, Splunk brings in logs wonderfully. But if you're not going to hire a Hadoop engineer who absolutely specializes in it, you're going… more»
Jim Mohr
Real User
Principal Security Analyst at a healthcare company with 501-1,000 employees
Oct 31 2018

What is most valuable?

There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through… more»

How has it helped my organization?

In terms of seeing a measurable decrease in the meantime to detect and respond to threats, we live in the Web Console and we see things when they come in right away, and then we triage.

What needs improvement?

There are two improvements we'd like to see. I mentioned these last year and they haven't implemented them yet. The first one is service protection. I have Windows administrators who will remove the agent when they think that that is what's… more»

What other advice do I have?

From a performance standpoint, I have no problems recommending LogRhythm because it allows me to get in under the hood and tweak some things. It also comes with stuff out-of-the-box that is usable. I think it's a good product. Things like… more»

Which other solutions did I evaluate?

What I find is that there are die-hard Splunkers. The problem is that Splunk is not affordable at a large scale. QRadar is not any better. It's just as bad. LogRhythm, for the price point, is the most reasonable, when you begin to compare… more»
Avraham Sonenthal
Real User
Senior Network Engineer at a government with 5,001-10,000 employees
May 11 2019

What is most valuable?

The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value… more»

What needs improvement?

The biggest complaint I have is about their support. There is no free instructional advice available on their website. An example is with their field names inside log messages, where they have one named "Common event". That is something… more»

What's my experience with pricing, setup cost, and licensing?

This is a solution for people who have cash to spend. Everything is expensive with LogRhythm, and you don't get anything for free. I suggest that everybody who uses this product receive the full training and certification, and can also… more»

What other advice do I have?

Honestly, I don't like this solution so much. I'm actually a Splunk Certified Architect and so I know Splunk pretty well, and when I compare them, I really don't like this product. The best advice that I can give is not to install this… more»

Which other solutions did I evaluate?

The solution was already in place when I arrived, so I was not involved in the decision.
Jack Callaghan
Real User
Senior Security Analyst at a financial services firm with 501-1,000 employees
Nov 21 2017

What is most valuable?

The breadth and harvesting of information the SIEM is capable of doing. I've been in this probably going on 30 years, and I've seen the growth. I found a resource that's outstanding in finding information and then the most important thing… more»

How has it helped my organization?

We're a financial service. As our title implies we deal in mortgages, which means we see a lot of personal information, credit reports, financial instruments. We're really concerned that we are able to monitor the movement of that kind of… more»

What needs improvement?

I really can't think of a particular one, I've been very satisfied with what's happening. I know they're going to get another spike in customer base, hopefully they'll have the ability to ramp up people in support along with the customer… more»

If you previously used a different solution, which one did you use and why did you switch?

I had to do a proof of concept review two years ago when we were doing a rebid, and LogRhythm was the incumbent. I looked at some other companies. The thing that was essential for me was not only that you could gather data quickly and… more»

What other advice do I have?

Things that are important: the first time you get a SIEM in your hands you think it's great to gather everything. Then you find out within a couple of days, gathering hundreds of millions of records and trying to make heads and tails… more»
See 49 More LogRhythm NextGen SIEM Reviews

Articles

User Assessments By Topic About LogRhythm NextGen SIEM

Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: November 2019.
378,124 professionals have used our research since 2012.

LogRhythm NextGen SIEM Questions

What is LogRhythm NextGen SIEM?

LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.

LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.

Also known as
LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
LogRhythm NextGen SIEM customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill

Read Archived Reviews
Sign Up with Email