LogRhythm NextGen SIEM Reviews

Filter by:Reset all filters
industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
rating
Loading...
Filter Unavailable
Gene Cupstid
Real User
Security Engineer at a logistics company with 10,001+ employees
Nov 23 2018

What is most valuable?

Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just… more»

How has it helped my organization?

LogRhythm's improved our organization by allowing all sorts of members of the organization to be able to access this data in a much easier way than they have been able to in the past. So instead of more obscure SIEMs, or things out there… more»

What needs improvement?

I think LogRhythm definitely has some opportunity to grow in its documentation space, particularly like if I just use Splunk as an example. Splunk has amazing documentation. It's great. It's almost second to none in terms of the quality of… more»

What other advice do I have?

We do have quite a few log sources. Currently we've got around 30 or 40 completely different kinds of log sources and roughly six or 7,000 different devices currently reporting in. We set it around 20,000 events per second sustained for our… more»

Which other solutions did I evaluate?

A couple of others that we've considered, IBM QRadar that's actually one that we had in house previously, and we'd had stability issues with that platform. And so it was one that we were kind of looking at the market to see what we could… more»
JimMohr
Real User
Principal Security Analyst at a healthcare company with 10,001+ employees
Dec 06 2018

What is most valuable?

Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring… more»

How has it helped my organization?

We have a product that is a security orchestration and response tool Demisto and I think that from the standpoint of automation and response perhaps the first version of the playbooks is not going to compare to the product that we have that's a stand alone for that purpose. However from a price… more»

What needs improvement?

There's two that I can think about off the top of my head. One is service protection. So for example to compare it to the antivirus product, if I'm an admin on a server I can't uninstall the antivirus product unless I have the administrator password for the antivirus not the domain administrator… more»

What other advice do I have?

LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent… more»
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2019.
370,827 professionals have used our research since 2012.
Reno Thomas
Real User
Senior Security Engineer at Augeo Marketing
Oct 26 2017

What is most valuable?

Provides visibility into the network. We got it for PCI compliance for the most part, and we also do SOC 1 and SOC 2 compliance, so we can show that we're secure to our clients. We have a lot of… more»

How has it helped my organization?

It takes good log sources. We have investments in endpoint protection and Mail Gateway, and our firewalls are going to be catching up soon. To have all the logs centralized, we haven't had that before… more»

What needs improvement?

Our key challenge is working with disparate IT groups. We are a brand new security team within our organization. It's a pretty small company. They have grown their infrastructure by acquisitions, so… more»

If you previously used a different solution, which one did you use and why did you switch?

I had a little bit of experience with QRadar and a customized SIEM solution at my last job where we had used an MSSP environment, so really a lot different scenario, and you didn't really get to work… more»

What other advice do I have?

Smaller, medium-sized companies, I would actually steer them towards LogRhythm and have them look into it, then I would share my lessons learned. It is important to have a unified end-to-end platform… more»

Which other solutions did I evaluate?

LogRhythm is successfully employed in a lot of organizations. We tried using another large SIEM, I won't name it, but we weren't able to even get it deployed. It was just too complex, and this was at… more»
Kevin Merolla
Real User
Security Manager at a manufacturing company with 1,001-5,000 employees
Nov 23 2018

What is most valuable?

The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web… more»

How has it helped my organization?

This solution has been almost like a transformative change in how we detect and then respond to incidence. Quite honestly before, we didn't know what was going on and we couldn't detect anything other than a random virus that sent an email… more»

What needs improvement?

It honestly comes back to me for log sources. The time to get support to onboard a log source runs about 18 months, and that's just too long. Like I said, I'm a lone wolf running the system. I don't have a lot of free time to write ReGex… more»

What other advice do I have?

I'm going to give them an eight. It's a fantastic solution and I totally support what they're doing and I like where it's going. But there is room for improvement, and there are some pain points and honestly I've had a rough year. That kind… more»

Which other solutions did I evaluate?

When we went shopping for a SIEM, I had come from a Splunk shop. I was very familiar with Splunk the interface. I like the software, so Splunk was number one on my list. And who was number two? SolarWinds had a SIEM solution that we had… more»
Jeremy Alder
Real User
Security Lead at a financial services firm with 201-500 employees
Jan 01 2019

What is most valuable?

LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to… more»

How has it helped my organization?

We've seen mean time to detect and to respond go down pretty significantly. We actually recently implemented the CloudAI solution, which allowed us to look into our users' anomalous behavior. Recently, we actually had some user who's a remote user, he traveled to somewhere else in the US, and… more»

What needs improvement?

I think condensing and consolidating what a user accesses over and over again and just having CloudAI understand that that's all of the user's, and you can consider it as one thing rather than multiple things, and alarming on it, and alerting me on it, having me have a mini heart attack every time… more»

What other advice do I have?

If I had to rate LogRhythm and CloudAI out of 10, I think I'd give it an eight. There's still room for LogRhythm to improve, and they've laid out a pretty great roadmap for what they want to do in the future. I think if they continued to innovate and continue to implement the things that they've… more»
Joe Benjamin
Real User
SIEM Architect at Marsh & McLennan Companies, Inc.
Oct 31 2018

What is most valuable?

I've worked with a lot of SIEMs. It's nice that it's straightforward.

How has it helped my organization?

We use Dell SecureWorks right now for our SOC. But in a much quicker-than-expected manner - literally a few months after we started really bringing everything in, and we took over teaching them how to use LogRhythm - our SOC has fallen right into line. LogRhythm is already almost replacing Dell… more»

What needs improvement?

My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable. We're running an HA situation and we wanted to do an upgrade… more»

What other advice do I have?

My advice: * Get a SIEM. * Which SIEM I would suggest really depends on what your key use cases are. There are other SIEMs that do other things better. As an example, Splunk brings in logs wonderfully. But if you're not going to hire a Hadoop engineer who absolutely specializes in it, you're going… more»
Jim Mohr
Real User
Principal Security Analyst at a healthcare company with 501-1,000 employees
Oct 31 2018

What is most valuable?

There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through… more»

How has it helped my organization?

In terms of seeing a measurable decrease in the meantime to detect and respond to threats, we live in the Web Console and we see things when they come in right away, and then we triage.

What needs improvement?

There are two improvements we'd like to see. I mentioned these last year and they haven't implemented them yet. The first one is service protection. I have Windows administrators who will remove the agent when they think that that is what's… more»

What other advice do I have?

From a performance standpoint, I have no problems recommending LogRhythm because it allows me to get in under the hood and tweak some things. It also comes with stuff out-of-the-box that is usable. I think it's a good product. Things like… more»

Which other solutions did I evaluate?

What I find is that there are die-hard Splunkers. The problem is that Splunk is not affordable at a large scale. QRadar is not any better. It's just as bad. LogRhythm, for the price point, is the most reasonable, when you begin to compare… more»
Avraham Sonenthal
Real User
Senior Network Engineer at a government with 5,001-10,000 employees
May 11 2019

What is most valuable?

The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value… more»

What needs improvement?

The biggest complaint I have is about their support. There is no free instructional advice available on their website. An example is with their field names inside log messages, where they have one named "Common event". That is something… more»

What's my experience with pricing, setup cost, and licensing?

This is a solution for people who have cash to spend. Everything is expensive with LogRhythm, and you don't get anything for free. I suggest that everybody who uses this product receive the full training and certification, and can also… more»

What other advice do I have?

Honestly, I don't like this solution so much. I'm actually a Splunk Certified Architect and so I know Splunk pretty well, and when I compare them, I really don't like this product. The best advice that I can give is not to install this… more»

Which other solutions did I evaluate?

The solution was already in place when I arrived, so I was not involved in the decision.
See 97 More LogRhythm NextGen SIEM Reviews

Articles

User Assessments By Topic About LogRhythm NextGen SIEM

Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: September 2019.
370,827 professionals have used our research since 2012.

LogRhythm NextGen SIEM Questions

What is LogRhythm NextGen SIEM?

LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.

LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.

Also known as
LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
LogRhythm NextGen SIEM customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill

Read Archived Reviews
Sign Up with Email