LogRhythm NextGen SIEM Reviews
- Highest Rating
- Lowest Rating
- Review Length
Nov 23 2018
New functionality like playbooks are exactly how we're going to raise the maturity level of our team
What is most valuable?Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just… more»
How has it helped my organization?LogRhythm's improved our organization by allowing all sorts of members of the organization to be able to access this data in a much easier way than they have been able to in the past. So instead of more obscure SIEMs, or things out there… more»
What needs improvement?I think LogRhythm definitely has some opportunity to grow in its documentation space, particularly like if I just use Splunk as an example. Splunk has amazing documentation. It's great. It's almost second to none in terms of the quality of… more»
What other advice do I have?We do have quite a few log sources. Currently we've got around 30 or 40 completely different kinds of log sources and roughly six or 7,000 different devices currently reporting in. We set it around 20,000 events per second sustained for our… more»
Which other solutions did I evaluate?A couple of others that we've considered, IBM QRadar that's actually one that we had in house previously, and we'd had stability issues with that platform. And so it was one that we were kind of looking at the market to see what we could… more»
Dec 06 2018
Our ability to respond quickly or the time to detect has dropped significantly. There's some things that we see now that we would have never seen
What is most valuable?Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring… more»
How has it helped my organization?We have a product that is a security orchestration and response tool Demisto and I think that from the standpoint of automation and response perhaps the first version of the playbooks is not going to compare to the product that we have that's a stand alone for that purpose. However from a price… more»
What needs improvement?There's two that I can think about off the top of my head. One is service protection. So for example to compare it to the antivirus product, if I'm an admin on a server I can't uninstall the antivirus product unless I have the administrator password for the antivirus not the domain administrator… more»
What other advice do I have?LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent… more»
Find out what your peers are saying about LogRhythm, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: February 2020.
397,983 professionals have used our research since 2012.
Nov 23 2018
What is most valuable?The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web… more»
How has it helped my organization?This solution has been almost like a transformative change in how we detect and then respond to incidence. Quite honestly before, we didn't know what was going on and we couldn't detect anything other than a random virus that sent an email… more»
What needs improvement?It honestly comes back to me for log sources. The time to get support to onboard a log source runs about 18 months, and that's just too long. Like I said, I'm a lone wolf running the system. I don't have a lot of free time to write ReGex… more»
What other advice do I have?I'm going to give them an eight. It's a fantastic solution and I totally support what they're doing and I like where it's going. But there is room for improvement, and there are some pain points and honestly I've had a rough year. That kind… more»
Which other solutions did I evaluate?When we went shopping for a SIEM, I had come from a Splunk shop. I was very familiar with Splunk the interface. I like the software, so Splunk was number one on my list. And who was number two? SolarWinds had a SIEM solution that we had… more»
Jan 01 2019
What is most valuable?LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to… more»
How has it helped my organization?We've seen mean time to detect and to respond go down pretty significantly. We actually recently implemented the CloudAI solution, which allowed us to look into our users' anomalous behavior. Recently, we actually had some user who's a remote user, he traveled to somewhere else in the US, and… more»
What needs improvement?I think condensing and consolidating what a user accesses over and over again and just having CloudAI understand that that's all of the user's, and you can consider it as one thing rather than multiple things, and alarming on it, and alerting me on it, having me have a mini heart attack every time… more»
What other advice do I have?If I had to rate LogRhythm and CloudAI out of 10, I think I'd give it an eight. There's still room for LogRhythm to improve, and they've laid out a pretty great roadmap for what they want to do in the future. I think if they continued to innovate and continue to implement the things that they've… more»
Oct 31 2018
Enables our SOC and IR teams to do their jobs, but our environment has yet to stabilize over the last 18 months
What is most valuable?I've worked with a lot of SIEMs. It's nice that it's straightforward.
How has it helped my organization?We use Dell SecureWorks right now for our SOC. But in a much quicker-than-expected manner - literally a few months after we started really bringing everything in, and we took over teaching them how to use LogRhythm - our SOC has fallen right into line. LogRhythm is already almost replacing Dell… more»
What needs improvement?My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable. We're running an HA situation and we wanted to do an upgrade… more»
What other advice do I have?My advice: * Get a SIEM. * Which SIEM I would suggest really depends on what your key use cases are. There are other SIEMs that do other things better. As an example, Splunk brings in logs wonderfully. But if you're not going to hire a Hadoop engineer who absolutely specializes in it, you're going… more»
Oct 31 2018
What is most valuable?There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through… more»
How has it helped my organization?In terms of seeing a measurable decrease in the meantime to detect and respond to threats, we live in the Web Console and we see things when they come in right away, and then we triage.
What needs improvement?There are two improvements we'd like to see. I mentioned these last year and they haven't implemented them yet. The first one is service protection. I have Windows administrators who will remove the agent when they think that that is what's… more»
What other advice do I have?From a performance standpoint, I have no problems recommending LogRhythm because it allows me to get in under the hood and tweak some things. It also comes with stuff out-of-the-box that is usable. I think it's a good product. Things like… more»
Which other solutions did I evaluate?What I find is that there are die-hard Splunkers. The problem is that Splunk is not affordable at a large scale. QRadar is not any better. It's just as bad. LogRhythm, for the price point, is the most reasonable, when you begin to compare… more»
May 11 2019
What is most valuable?The feature that makes it usable is the web interface. One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value… more»
What needs improvement?The biggest complaint I have is about their support. There is no free instructional advice available on their website. An example is with their field names inside log messages, where they have one named "Common event". That is something… more»
What's my experience with pricing, setup cost, and licensing?This is a solution for people who have cash to spend. Everything is expensive with LogRhythm, and you don't get anything for free. I suggest that everybody who uses this product receive the full training and certification, and can also… more»
What other advice do I have?Honestly, I don't like this solution so much. I'm actually a Splunk Certified Architect and so I know Splunk pretty well, and when I compare them, I really don't like this product. The best advice that I can give is not to install this… more»
Which other solutions did I evaluate?The solution was already in place when I arrived, so I was not involved in the decision.
Nov 23 2018
CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks
What is most valuable?The most valuable features for me are the customization features. I can build it out to do whatever I want. I've created rules in there for Crypto mining and Crypto jacking. The compliance aspect is… more»
How has it helped my organization?The SIEM and the CloudAI has improved our organization by helping us track down errors in our network. It has helped out our IT services team, and it's also helped out our database team in trying to… more»
What needs improvement?I have over 3,300 log sources. The support for log sources is pretty good, unless you want to go to the cloud where I've had some rough spots with that. I had a hard time integrating with Office 365… more»
Which solution did I use previously and why did I switch?I knew that we needed a SIEM solution because we had no visibility We didn't have any SIEM monitoring tools up until I showed up at the company. We didn't have any visibility into what was going on on… more»
What other advice do I have?On average, I process around 1200 messages per second. So measurable results for mean time to detect and mean time to respond. I don't have measurable results because there wasn't anything there… more»
Which other solutions did I evaluate?My shortlist was Rapid7 InsightIDR, LogRhythm, and Splunk I had a live demo of InsightIDR running in my environment and I liked LogRhythm a whole lot more, a whole lot better than their solution.
See 32 More LogRhythm NextGen SIEM Reviews
User Assessments By Topic About LogRhythm NextGen SIEM
LogRhythm NextGen SIEM Questions
Read Archived Reviews
What is LogRhythm NextGen SIEM?
LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.
LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.
Also known asLogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
LogRhythm NextGen SIEM customers
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill