LogRhythm NextGen SIEM Overview

LogRhythm NextGen SIEM is the #9 ranked solution in our list of Log Management Software. It is most often compared to Splunk: LogRhythm NextGen SIEM vs Splunk

What is LogRhythm NextGen SIEM?

LogRhythm is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm NextGen SIEM Platform combines advanced security analytics; user and entity behavior analytics (UEBA); network detection and response (NDR); and security orchestration, automation, and response (SOAR) in a single end- to-end solution.

LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades. For more information, visit logrhythm.com.

LogRhythm NextGen SIEM is also known as LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM.

LogRhythm NextGen SIEM Buyer's Guide

Download the LogRhythm NextGen SIEM Buyer's Guide including reviews and more. Updated: February 2021

LogRhythm NextGen SIEM Customers

Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill

LogRhythm NextGen SIEM Video

LogRhythm NextGen SIEM Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Jeremy Alder
Security Lead at a financial services firm with 201-500 employees
Video Review
Real User
Jan 1, 2019
It has really improved my personal sense of security as far as our organization

What is our primary use case?

We utilize the LogRhythm solution to monitor most of our servers and our users to make sure that nothing anomalous is happening. What I really love about the LogRhythm platform is the fact that when something anomalous happens, I can see it almost immediately through the ability to collect a massive amount of logs in a very small footprint as far as hardware goes. We do utilize everything. I think one of the most recent things that I've really enjoyed about LogRhythm is the ability to utilize smart responses published by LogRhythm. For example, one of our use cases is that when we have a… more »

What other advice do I have?

If I had to rate LogRhythm and CloudAI out of 10, I think I'd give it an eight. There's still room for LogRhythm to improve, and they've laid out a pretty great roadmap for what they want to do in the future. I think if they continued to innovate and continue to implement the things that they've talked about, that they'll continue to grow in my eyes. There is some room for improvement, but overall, if you want a very solid platform with stability and scalability, LogRhythm is definitely the way to go.
Steve Bonek
Information Security Manager at a healthcare company with 1,001-5,000 employees
Video Review
Real User
Top 20
Dec 6, 2018
We find the single pane of glass and the ability see everything that's going on in the environment a valuable feature

What is our primary use case?

The primary use case is tying all of our log sources together between all of our Windows servers, network devices, and we've recently added all of our cloud infrastructure as well. So it's really tying all those together, correlating all those logs and getting us one central pane of glass really as it relates to all of our logging activities.

What other advice do I have?

I would say LogRhythm, on a scale of 1 to 10, it'd be a nine. I think it's a really solid solution. I think one of the things that they could probably improve on, as I mentioned, was being kind of a little more proactive when it comes to things like cloud and things like that, so I think that they are getting better, but I'd say a nine right now.
Learn what your peers think about LogRhythm NextGen SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
466,017 professionals have used our research since 2012.
JimMohr
Principal Security Analyst at a healthcare company with 10,001+ employees
Video Review
Real User
Top 20
Dec 6, 2018
Our ability to respond quickly or the time to detect has dropped significantly. There's some things that we see now that we would have never seen

What is our primary use case?

My primary use case is to alert to any anomalies that may have security relevance as far as some of the industry regulations that apply to our health care, as well as payment card industry.

What other advice do I have?

LogRhythm gives us the ability to automate. We do have some smart response plugins that we're using. Unfortunately with healthcare you end up using more contextual smart response plugins then you do actionable ones. I can't go and shut down a system 'cause unless I have absolute 100 percent confidence in the fact that it's not actually touching a person because a biomed is a computerized medical device that connects to a person. So in our environment with a half dozen hospitals, 130 clinics. We can't just go around shutting things down or even necessarily quarantining them because it might be…
James Whistler
Security Administrator at a non-profit with 501-1,000 employees
Video Review
Real User
Dec 6, 2018
It's been really good with what we needed and it's been very stable for our implementation

What is our primary use case?

My primary use case is for log retention. I've been using it for analysis, and to troubleshoot potential issues on my network and infrastructure. To find out what I have in my network that may be causing problems.

What other advice do I have?

I would rate this product an eight out of ten, just because there's always room for improvement and there's always room we can work on. So there's always benefits, but it's been really good with what we needed and it's been very stable for our implementation. My advice to somebody who's looking to stand-up a SIEM solution is to do your research, look at the white papers, look at their documentation they have available on how other people have responded and how many people have stood it up on their own. Get this information and then start playing with it before you start doing implementation…
David Schell
IT Security Analyst
Video Review
Real User
Top 20
Nov 23, 2018
The product is improving our organization, giving us a lot more visibility. It also gives a lot of our smaller different IT organizations a better understanding of their environment

What is our primary use case?

The primary use case for our LogRhythm product is to maintain PCI compliance across all of our environment. We also use it to monitor authentication and monitor our perimeter for security threats.

What other advice do I have?

I'd give LogRhythm a nine out of ten because of the ease of use, especially as an analyst, being able to twist and turn all that data, drill down on it, really get an easy understand of what's going on in the environment. From the administration side as well, it's a lot easier to use than other products that I've had and it has all the built in knowledge, whereas with some tools you dump all your data into it and it's up to you to do that classification and indexing and understanding of that data, where the value that LogRhythm's gonna provide for you is that prebuilt classification for all…
Timothy Sueck
Security Analyst at a financial services firm with 501-1,000 employees
Video Review
Real User
Top 20
Nov 23, 2018
Improves our organization by giving us insight into user activity and potential security threats

What is our primary use case?

Our primary use case for LogRhythm is using the log ingestion and analytic features.

What other advice do I have?

If I had to rate LogRhythm on a scale of one to 10, I would probably give it a solid eight.
Security7ef8
Security Admin with 1,001-5,000 employees
Video Review
Real User
Nov 23, 2018
I would say we have seen a decrease in mean time to detect and respond over our previous SIEM

What is our primary use case?

My primary use case is threat detection.

What other advice do I have?

I would probably rate it as an eight or a nine, currently, mainly, probably due to the complexity of importing log sources that aren't natively supported.
reviewer748821
Information Security Analyst at a non-profit with 1,001-5,000 employees
Video Review
Real User
Nov 23, 2018
The most valuable features for me is just to be able know who's in the network, being able to drill down on the alarms and being able to look at the different rules

What is our primary use case?

My primary use case for this solution is to basically monitor the network to make sure that we don't have unknown users or individuals that should not be in our network. So we use it basically to aggregate our logs within our system and to watch it for possible threats.

What other advice do I have?

On a scale of one to ten, I rate LogRhythm as a nine because it is a wonderful tool that definitely helps with identifying different threats within the organization. I would definitely recommend this tool. It's a very, I would say beasty application, you always will be on top of things when it comes to LogRhythm because it's always changing, but that's a good thing because the environment, the threat environment is always changing. So I'd definitely highly recommend it. The target I would give to an individual that's looking for the best SIEM tools to put in their environment would be…
Eric Hart
Senior Security Engineer at a healthcare company with 1,001-5,000 employees
Video Review
Real User
Top 20
Nov 23, 2018
Our mean time to detect threats has been going down, which is a good thing

What is our primary use case?

Our primary use case for using the LogRhythm SIEM product is reviewing alarms, events, and managing our cases for forensic investigation.

What other advice do I have?

I would rate LogRhythm a nine out of 10, primarily because of the current functionality within the system and the direction that the company is going. I feel it's appropriately aligned with security today and being prepared for tomorrow.
Gene Cupstid
Security Engineer at a logistics company with 10,001+ employees
Video Review
Real User
Nov 23, 2018
New functionality like playbooks are exactly how we're going to raise the maturity level of our team

What is our primary use case?

The primary use case is to provide security analytics for the SOC and empowering all of our SOC operations for day to day business.

What other advice do I have?

We do have quite a few log sources. Currently we've got around 30 or 40 completely different kinds of log sources and roughly six or 7,000 different devices currently reporting in. We set it around 20,000 events per second sustained for our new infrastructure. That's kind of a lot for us. We've gotten that up relatively quick, up and running. So the stability for that has been great. And as far as parsing goes, we have generally stuck to platforms that we know would parse out of the box. And now, we're just starting to get our feet wet with, okay, what are some platforms where maybe it doesn't…
Kevin Merolla
Security Manager at a manufacturing company with 1,001-5,000 employees
Video Review
Real User
Top 20
Nov 23, 2018
We bought it simply because it is awesome, it is fast and less expensive than Splunk

What is our primary use case?

Our primary use case for bringing on a SIEM in general was the need to correlate our data across dozens of different solutions that were spitting out logs. We got to a level of complexity where it became mandatory.

What other advice do I have?

I'm going to give them an eight. It's a fantastic solution and I totally support what they're doing and I like where it's going. But there is room for improvement, and there are some pain points and honestly I've had a rough year. That kind of influences it too. It's been a lot of time on the phone with support this year. I will tell them what I wished I have known the day I started onboarding logs, and that is when you're looking for a SIEM, put all the features and everything to the side. Go talk to your business people and find out what's important to them because that's how you're going to…
Punit Patel
Senior SIEM Engineer at a financial services firm with 501-1,000 employees
Video Review
Real User
Nov 23, 2018
We've reduced mean time to detect and respond to threats by 24 hours

What is our primary use case?

Our primary use case is for fraud detection and infrastructure, so we use the SIEM to detect frauds in the banking side of the house as well as infrastructure. I use it for security and UEBA purposes.

What other advice do I have?

So, we are in the current five-year security maturity program. We're on year one, and LogRhythm is gonna be the center point for the first two years in terms of aggregating all the different log source types within the organization. We still find that there are log source types that are not coming in, which we plan to integrate within LogRhythm and use its analytics tools to help us get more mature and establish us forward in maturity of our security for the industry. I rate LogRhythm 10. It's very easy to use. It's very user friendly. The product is very innovative with SmartResponse and AI…
David Kehoe
Information Security Analyst at a pharma/biotech company with 51-200 employees
Video Review
Real User
Top 20
Nov 23, 2018
CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks

What is our primary use case?

The primary use case for this solution is to monitor our environment and ensure that we are not having any breaches. In addition, this solution allows us to maintain compliance with HIPAA .

What other advice do I have?

On average, I process around 1200 messages per second. So measurable results for mean time to detect and mean time to respond. I don't have measurable results because there wasn't anything there beforehand. But now, we've responded within hours to events that could have been breach incidents, or in some cases within minutes and stopping attacks in their tracks. My security program's maturity is still in its infancy. I'm basically starting it from scratch. LogRhythm has been a major step with giving me file integrity monitoring, the SIEM capabilities, log collection, a lot of things that we…
ITSecuri3467
IT Security Architect at a construction company with 10,001+ employees
Real User
Oct 31, 2018
It has centralized monitoring for our security operations

What is our primary use case?

The primary use case is to monitor for compliance and the behavioral analytics of our users, tracking for potential threats to the company's infrastructure. We are using both products. We are using NetMon integrated with the LogRhythm platform.

Pros and Cons

  • "It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
  • "Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
  • "Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."

What other advice do I have?

The capabilities of playbooks is in 7.4, which we are not able to utilize yet. Therefore, we have built outside of the solution playbooks. However, we are looking forward to the integration of playbooks in 7.4, or even version 8. We were shown today a couple of things where playbooks will be enhanced, even having SMARTResponse coming right out of the playbooks, so hopefully advanced SOAR capabilities. We run two independent LogRhythms. On one, we have about 33,000 different log sources, which include endpoints and now IoT devices. On the other, we have a very small footprint. It somewhere…
Joe Benjamin
SIEM Architect at Marsh & McLennan Companies, Inc.
Real User
Oct 31, 2018
Enables our SOC and IR teams to do their jobs, but our environment has yet to stabilize over the last 18 months

What is our primary use case?

We have been using LogRhythm for the last seven to eight years. About a year-and-a-half ago we made a push, which is why I was brought on, to go global with it. The global use case is security only, we're not getting back to the business. It's the first time I've done SIEM that works that way. It's all about feeding the SOC and IR teams and letting them do their job.

Pros and Cons

    • "My biggest issue - I know that they say they're doing it - is that the API-building is extremely important. They keep saying it's coming, it's coming. It's not coming fast enough. I don't care if they need to double their team size to get it out there quicker, the world is already in the cloud and we can't monitor it. That's a big problem for us. My boss keeps coming to me about it. That's an issue."
    • "My biggest complaint is documentation. Everyone tells me, "We have documentation on the Community site." I have searched for different types of documentation on numerous occasions, and it might be there, but it's not easily findable."

    What other advice do I have?

    My advice: * Get a SIEM. * Which SIEM I would suggest really depends on what your key use cases are. There are other SIEMs that do other things better. As an example, Splunk brings in logs wonderfully. But if you're not going to hire a Hadoop engineer who absolutely specializes in it, you're going to bring in a lot of logs that you're not going to be able to do anything with. You really have to look at everything that every piece does. In terms of the full-spectrum analytics capabilities, we're not using NetMon, we're not using FIM. We're just collecting logs from every device that we can…
    Anthony Workman
    Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees
    Real User
    Oct 31, 2018
    The most valuable features would be the automation, reporting, and the support. There are some compatibility issues with different browsers.

    What is our primary use case?

    The primary use case is compliance requirements. It is performing at the moment, but we are still in the process of implementing it.

    Pros and Cons

    • "The most valuable features would be the automation, reporting, and the support."
    • "My big thing is the easability. I don't like to go to two different systems. The fat client that you have to install to configure it, then the web console which is just for reporting and analysis. These features need to collapse, and it needs to be in a single solution. Going through the web solution in the future is the way to do it, because right now, it is a bit cumbersome."

    What other advice do I have?

    While we are aware of the playbooks, we still need to look into them. We are close to a gig of messages a second, so quite a bit of data. To capture your use cases, understand exactly what you are looking at ingesting. Do the research as far as what the company has done. For example: * What have they provided at organizations of similar size? * At peer organizations, how have they implemented the solution and what are some of their pain points? Understand what everybody else has done previously with the solution.
    Security9162
    Security Engineer at a financial services firm with 1,001-5,000 employees
    Real User
    Oct 31, 2018
    Web Console allows me to see the health of our environments, but support needs work

    What is our primary use case?

    I'm an admin and analyst, so use cases cover a lot of log sources for applications, mostly.

    Pros and Cons

    • "The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."

      What other advice do I have?

      I would definitely recommend LogRhythm. Work with the LogRhythm team to help learn how your environment works. Use as much help as LogRhythm can provide in your initial setup, so you can understand your environment best. We have more than 20 log sources. We average around 3,000 messages per second. We have hit 8,000 in the past, but not since the new upgrade in which we got more room. In terms of staff for deployment and maintenance, there are just two of us who share it. But when we're on-call, all of us use it. There are nine of us who use it every day when on-call. I rate the solution at…
      Briane Harris
      SOC Analyst at a financial services firm with 1,001-5,000 employees
      Real User
      Top 20
      Oct 31, 2018
      Enables us to find everything in one place and even feed alerts from other products into it

      What is our primary use case?

      We use it for centralized log management and for alerting. It's been working pretty well. We're on the beta program so what we're on right now has not been working quite as well lately. We're helping them find the bugs, but before this we didn't have any really major issues with it.

      Pros and Cons

      • "Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
      • "One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."

      What other advice do I have?

      Figure out what you need it for before just getting everything you can into it. That's probably the main thing. We recently brought in an external firewall and it has everything enabled. So make sure it can do what you want and don't try to do more than what you need. We have made a few playbooks, but we haven't done too much with them yet. For deployment and maintenance of the solution, it's just me doing the administration. We're at 60 or 70 log sources right now. With some of the newer ones, we've had to open up tickets for them, like the newer Cisco Wireless. We've had issues with Windows…
      Jim Mohr
      Principal Security Analyst at a healthcare company with 501-1,000 employees
      Real User
      Oct 31, 2018
      Centralizes our logs from multiple sources, enabling us to triage and react much more quickly

      What is our primary use case?

      We collect from our primary devices and our endpoints and we look to identify any concerns around regulatory requirements in business use. We have payment card industry regulations that we are monitoring, to make sure everything's going the way it's supposed to, as well as for HIPAA, HITECH, and general security practices.

      Pros and Cons

      • "We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man that many interfaces that come with the products."
      • "I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
      • "We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
      • "We had a little bit of difficulty implementing a disaster recovery situation because it was leveraging only Microsoft native DNS and it wouldn't work with our Infoblox DNS deployment that we use in our environment. They've been working on that behind the scenes."
      • "Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""

      What other advice do I have?

      From a performance standpoint, I have no problems recommending LogRhythm because it allows me to get in under the hood and tweak some things. It also comes with stuff out-of-the-box that is usable. I think it's a good product. Things like this RhythmWorld 2018 User Conference help me understand the company's philosophy and intentions and its roadmap, which gives me a little more confidence in the product as well. Regarding playbooks, we have Demisto which is a security orchestration automation tool, and we're on LogRhythm 7.3. Version 7.4 is not available yet because of the Microsoft patch…
      SnrArchi4b5a
      Senior Architect at a energy/utilities company with 201-500 employees
      Real User
      Oct 31, 2018
      We use it to examine traffic patterns and anomalies, but have a hard time visually sifting through the noise

      What is our primary use case?

      We have a small population of users, but we are large physically and geographically spread out with a lot of devices on our network. We need all that login capability going into one spot where we can see it and correlate events across all our infrastructure with a small staff.

      Pros and Cons

      • "We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot."
      • "We're still struggling to get a real return on it and finding something that isn't false noise."

      What other advice do I have?

      I am rating the solution a six out of ten, because we have not gotten it to work yet. With all its components, there is such a learning curve. I haven't gotten far enough along in the process to know if the solution has a shortcoming or if it is our shortcoming with somehow getting it dialed in.
      SeniorSe307d
      Senior Security Analyst at a consultancy with 1,001-5,000 employees
      Real User
      Oct 29, 2018
      It has helped us centralize and have better visibility into devices on our network, but there has been instability in a previous version

      What is our primary use case?

      It is for security monitoring.

      Pros and Cons

      • "It has helped us centralize and have better visibility into devices on our network. We are better able to respond to threats in a timely manner."
      • "The content in the community is very helpful and useful for new users."
      • "When we had version 7.2.6, there were a lot of issues deploying that version and with the indexing. The indexer was unstable. So, we were not able to use the platform when we were on that version until we were able to upgrade to 7.3.4."

      What other advice do I have?

      Definitely consider LogRhythm. There are a lot of players in the market, but LogRhythm is a solid solution. We don't have the playbooks. They are on version 7.4. We just upgraded to version 7.3.4. We are going to wait before we upgrade again due to performance issues. We have around 22,000 log sources and average 5000 messages per second.
      Wadson Fleurigene
      Information Security Engineer at Seminole Tribe of Florida
      Real User
      Oct 29, 2018
      It has allowed us to dive deeper into our network and figure out what is going on

      What is our primary use case?

      Our primary use case would be for compliance. We needed a check in the box for compliance. Right now, it's performing and doing its job, allowing us to say that we are compliant with HIPAA, PCI, etc.

      Pros and Cons

      • "It has allowed us to dive deeper into our network and figure out what is going on by parsing logs properly and being able to reduce the time it takes to work cases down from seven days to approximately two days."
      • "LogRhythm has increased productivity because all the tools that we need are in the web UI, allowing us to find threats on our network fast and efficiently."
      • "Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
      • "We would like to see more things out of the console into the web UI. I guess this is what they are doing in 7.4."

      What other advice do I have?

      Everyone needs a SIEM. Go with LogRhythm. We are not using the full-spectrum analytic capabilities yet, as we are brand new. We have not used any of the playbooks. We do have them. We find them to be very detailed and organized. We just need to find a way to implement them. I run in about 45 log sources with 12 of them being domain controllers, aka DNS. Messages per second are fluctuating between 3000 and 9000. We are still trying to figure out why. We think it is our very chatty domain controllers, as we do deal with the Hard Rock and Seminole tribe, but I would say that we average about…
      MarkSemkiw
      Senior Network Engineer with 201-500 employees
      Real User
      Oct 29, 2018
      Allows us to automate a lot of things with a smaller team

      What is our primary use case?

      We use it to alarm our help desk. We staring to use it for SMART Response. We have been using SMART Response for about a year. Now, we are starting to push that towards the help desk, so the junior analysts can do more.

      Pros and Cons

      • "It allows us to automate a lot of things with a smaller team."
      • "Move it to Linux. I would like to see it get off the SQL Server."

      What other advice do I have?

      Make sure you size the appliance correctly. We use Ansible and Terraform for infrastructure, so the same concept as the playbooks. We are looking to use the playbooks going forward. We have about 1500 log sources. We do about a 25 million logs a day. Obviously, they're not all events.
      Ashlish Baria
      Manager of Information Security at a real estate/law firm with 51-200 employees
      Real User
      Oct 29, 2018
      It has given us visibility into log information that we did not have before

      What is our primary use case?

      The biggest use case is visibility. Because we have a lot of flaws, if you don't have a tool that can bring it all in and give you that visibility, then all that log information is useless. Thus, LogRhythm helps us keep that visibility.

      Pros and Cons

      • "The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market."
      • "We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."

      What other advice do I have?

      I just found out about the playbooks at the conference. I plan on using them as soon as I get back. We have about 2500 messages per second coming in.
      Security40a8
      Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees
      Real User
      Oct 29, 2018
      The dashboard puts things at our fingertips, but it's a challenge to pull out all the info we need

      What is our primary use case?

      The primary use is monitoring logs, to see what's going on.

      Pros and Cons

      • "Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
      • "Granted, we haven't enabled the UEBA module, but we're forwarding all our proxy logs to LogRhythm and we have a really hard time pulling those proxy logs back out of LogRhythm. However, when we take LogRhythm and forward the same logs into somebody else's user-based analytics software, we get the majority of what we were missing... If we've got all our proxy logs and I go out to Google or Facebook or the like, we should be able to go in and pull that information out ten minutes later, but it's a big challenge to do that."

      What other advice do I have?

      My advice would be to definitely look into it. I've used other SIEMs that were a whole lot easier to program and I've used other SIEMs that were vastly oversold and cost way too much money. LogRhythm is a good product for what it is. We have more than 500 and less than 1,000 log sources. In terms of messages per second, therein lies the rub. We bounce anywhere from 2,500 to, on certain days, a peak of over 12,000. We are not using the full-spectrum analytics features. We don't use any automated playbooks. In terms of the number of staff for deployment and maintenance, the latter is me. I've…
      Jason Gagnon
      Senior Cyber Security Engineer at a individual & family service with 10,001+ employees
      Real User
      Top 20
      Oct 29, 2018
      AI Engine rules help us detect changes through privileged-user actions

      What is our primary use case?

      We work on a dark site. It's the next generation ground station for the Air Force's GPS system. Our use cases are based mostly on an insider-threat perspective. We utilize a lot of AI Engine rules within the LogRhythm SIEM to detect different types of privileged-user actions, whether it be escalation of privileges, creation of user accounts, or modification of user accounts. We also use it for IDS rules and firewall rules that are met, in terms of the IDS finding signature attacks.

      What other advice do I have?

      I would definitely recommend LogRhythm, based on my experience with it. LogRhythm is always trying to change and improve its product which is always a good thing. Other SIEMS are in development to upgrade and better their SIEMs but LogRhythm, across the board, has a great team. They look an inch deep but a mile wide, whereas other companies will look a mile deep and an inch wide. I think it's a lot better to do "across the horizon," instead of a small, six-foot-deep hole. We are not using the full-spectrum analytics capabilities at this time. We are thinking about it, but there's a process for…
      Mike Natale
      Information Security Analyst at Endicott College
      Real User
      Oct 29, 2018
      We now have a central point of monitoring for all potential threats

      What is our primary use case?

      It monitors any potential security threats within any of our important network security appliances, like our firewall, or any of our important databases. The idea being that you can't look at all the logs at once, so we now have a central point of monitoring for all potential threats.

      Pros and Cons

      • "When it comes to dealing with support, all my interactions have been great. Everyone has known what they're doing and have been quick to respond. They seem to always know the answer. I haven't stumped anybody yet."
      • "We now have a central point of monitoring for all potential threats."
      • "I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."

      What other advice do I have?

      I love the potential of this solution. It sounds like a "set it and forget" type of solution. Let it deal with all the problems. It is good at doing that. On the day-to-day, I haven't had a huge amount of time to work with the full-spectrum analytics. I have been focusing on getting it updated and up-and-running. Currently, we have a Windows agent. Therefore, we technically have just two log sources, because the Windows agent is picking up all the domain logs onto one box and forwarding them on. It is taking all the Windows Servers and single-sourcing them. Then, currently, the only other…
      Mark Baksh
      IT Specialist at a healthcare company with 51-200 employees
      Real User
      Oct 29, 2018
      It should scale easily with the way our environment is set up

      What is our primary use case?

      We have a lot of distributed offices and no visibility into any of them. The use case for this product is to collect and integrate logs from all the machines at all the different sites and get better insight into the security areas that we need to tighten up.

      Pros and Cons

      • "It seems like it will scale easily with the way our environment is set up."
      • "We should be able to response to threats and gain visibility into our environment that we don't currently have."
      • "The initial setup is complex. We are using a LogRhythm partner, at least for the first three years, to help with the monitoring and the deployment of it. We are not a big enough environment where we have people that we can dedicate to it right now."
      • "I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."

      What other advice do I have?

      I would recommend LogRhythm. I am really impressed with it, though we haven't start using it yet. We are just in the middle of deployment of the full-spectrum analytics capabilities. We haven't finished the configuration of the product yet. We do plan to use the built-in playbooks. We have approximately 931 log sources at this point. Most important criteria when selecting a vendor: * The reputation of the vendor. * The quality of the product. * The integration into the environment that we have right now.
      Kurt Schroeder
      Senior Security Engineer at a manufacturing company with 5,001-10,000 employees
      Real User
      Top 20
      Oct 29, 2018
      The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on

      What is our primary use case?

      It came in as a compliance package. Now, it is more of a security analytics platform for us, so we try to route relevant security and computer logs. We also have some use cases that we came up with and some of the stuff that LogRhythm provided, which has been the basis of our use of this security platform. The company is dedicating me to working on this solution exclusively, so it has been great.

      Pros and Cons

      • "The AI Engine can take an event and correlate it into something else giving us meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system."
      • "I would like a more fuller implementation of STIX/TAXII so I can pull in some of the government lists without having to go implement a whole new STIX/TAXII platform."

      What other advice do I have?

      Our security program is not real mature. The security group just got a CISO within the last year or two, so that has been the focus. The company is bringing up that side of the business. They recognize that it is something that needs to be invested in, along with their investment in LogRhythm. I don't have playbooks right now. We are still on 7.2. I don't think playbooks are in there yet. It makes sense that we use that functionality, and we're looking to go to 7.4 as soon as the .3 release comes out. We have about 1800 log sources. We are right at 5000 messages per second, and the system is…
      Jacob Hinkle
      Security Engineer at Managed Technology Services LLC
      Real User
      Oct 28, 2018
      The customer support is friendly, attentive, and willing to help

      What is our primary use case?

      We primarily use the LogRhythm SIEM for the law collection aggregation for all of our Windows machines. We have all our firewalls sending logs to it. We have it hooked into Office 365 with the API to manage our cloud environment, and it's performed phenomenally.

      Pros and Cons

      • "We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program."
      • "Their customer support is friendly and willing to help."
      • "The installation was a bit complex because we are running a virtual infrastructure."

      What other advice do I have?

      It helps that the product is fully realized and ready to go as soon as you get it installed. You can immediately see results and immediately see the data coming in. You're able to collate and correlate it, obtaining your data in a quick and easy manner. Do a demo. See what they're offering. Just know that their support is the best. I haven't used any of the automated playbooks yet. Our engineers are leery about having the automatic stuff go off, which I can understand. We also have separation of duties. I don't have a lot of their credentials to work with it on my own, so we would have to go…
      SeniorSe0355
      Senior Security Analyst at a leisure / travel company with 10,001+ employees
      Real User
      Oct 28, 2018
      Enabled us to build alarms that allow us to react to issues quickly

      What is our primary use case?

      Our primary use case is incident response and alerting. In terms of performance, it's pretty awesome.

      What other advice do I have?

      It's been pretty great. For us, the use case is all about generating actionable alerts and alarms and seeing how much we can reduce manual operations, so that's what I would compare: time saved. We don't use the full-spectrum analytics capabilities. In terms of playbooks, we're still on 7.26 so we don't have the playbooks yet, but we're upgrading as a high priority right now. For deployment and maintenance of the solution, we use two staff members. In terms of log sources, we have a couple of thousand and our MPS is 3,800. When selecting a vendor, what's important for us is support. Support is…
      Gordon Wallum
      IT Security Administrator at a energy/utilities company with 1,001-5,000 employees
      Real User
      Oct 28, 2018
      We integrated Azure logs with it, allowing us to compare that with our Windows and host logs

      What is our primary use case?

      We've been working with LogRhythm for a few weeks. We had Splunk and we're replacing it LogRhythm. It's a general SIEM system for us, gathering the logs into one area.

      Pros and Cons

      • "We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
      • "We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."

      What other advice do I have?

      I'm not sure that we're hands-on yet with the full-spectrum analytics capabilities and we don't use any of the built-in playbooks. We have plans to use them in the future. We want to integrate everything into it and make it more automated. We're at about 6,000 logs per second. In terms of a measurable decrease in the meantime to detect and respond to threats, we haven't gotten there yet. We are still implementing, still learning. We have to get to all our logs correlated. So far we're pretty happy with the overall functionality of the system. It's going to meet everything we're looking for.
      Rob Haller
      Security Engineer at US Acute Care Solutions
      Real User
      Oct 28, 2018
      We can now pick up what is anomalous in our network

      What is our primary use case?

      Primary use case for the SIEM would be for log collection and threat identification. We're still in the beginning stages of our security solution, as far as maturity. Two years ago, this security program didn't exist.

      Pros and Cons

      • "Its benefits are broad. The solution isn't necessarily made to do any one thing, but it can do anything you tell it to. It is able to tackle any different type or size of job."
      • "I would like to see APIs well-documented and public facing, so we can get to them all."

      What other advice do I have?

      Know what you want it to do. If you buy a SIEM because its called a SIEM or someone says it's a SIEM, you're gonna end up with what someone else believes they need. Figure out what you need beforehand and make sure that those bullet points are covered because there are a lot of options. We're currently using the built-in manual playbooks. So far, the features are very good. They are growing. I am looking forward to seeing how they expand upon it. The automation is coming. The API access and everything else we're looking for to be able to deeply automate a lot of common tasks is still being…
      Alex Wood
      Systems CSO at a manufacturing company with 1,001-5,000 employees
      Real User
      Top 20
      Oct 28, 2018
      Case Management allows us to track what we see in the incidents that arise

      What is our primary use case?

      It's our central security monitoring platform. It's where we bring all of our events together so we can monitor our network.

      Pros and Cons

      • "The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
      • "We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."

      What other advice do I have?

      We do not use any of the playbooks currently. We'd definitely like to. It's a feature that we're planning to implement pretty soon. Regarding our log sources, it's in the high hundreds, probably not in the thousands. When it comes to messages per second that we are processing, looking at the average, we're at about 1,000, but we peak somewhere north of 1,500. I rate the solution an eight out of ten. It's a great platform, but I don't want to give them too much confidence, there's always room to improve.
      SecEng3904
      Senior Security Engineer at a healthcare company with 10,001+ employees
      Real User
      Top 5Leaderboard
      Oct 28, 2018
      Deeper look into our applications helps us see configuration errors, enhancing security

      What is our primary use case?

      The primary use case is looking at our security as a whole, as an organization, trying to get all the logs collected, see how things can be integrated or what's happening through the different products. We also use it to see how people are trying to potentially circumvent security and what we can do to prevent people from doing that. Finally, we use it to get training out to end-users for certain things that they may be doing inaccurately. We don't currently use the full-spectrum analytics or the built-in playbooks.

      What other advice do I have?

      I'd highly recommend going with the product. Our security program is pretty much in its infancy. We're always looking to improve things. Just as IT, in general, constantly changes on a daily basis, LogRhythm is always evolving and coming out with different things, helping with innovation. It's been great. Right now we have roughly 70 to 80 different log sources. We have about 5,000 to 6,000 events per second, and we're looking at expanding that. I rate it at eight out of ten. It's up there, top-of-the-line, but just like with any other application or program, as you grow, there are going to be…
      it_user545001
      Security Operations Center Manager at a financial services firm with 1,001-5,000 employees
      Real User
      Oct 28, 2018
      We have seen a massive increase in the amount of data that we can collect

      What is our primary use case?

      We use it for all of our log correlations and event management. We try to do some external troubleshooting for other groups, like WebOps, but it's primarily our security and event manager.

      Pros and Cons

      • "Its ability to work with all different sorts of log sources has been extremely valuable."
      • "We have seen a massive increase in the amount of data that we can collect, the type of things that we can see, the way we can look at logs, the way we can get alerts, and the way can create our own customer roles, which has allowed us to customize the work in our environment."
      • "There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
      Lindsay Mieth
      CISO at Regnum Christi
      User
      Top 20
      May 13, 2018
      Daily alerts allow me to quickly find security and operational issues

      What is our primary use case?

      The primary use case is an analysis of server logs with some deeper analysis done on searches. Reports help ensure various departments have daily notices of any activity that they should be reviewing.

      How has it helped my organization?

      Alerts to account usage errors. Reports of malware from the antivirus. Reports application errors presented in logs.

      What is most valuable?

      Daily alerts: These allow me to quickly find security and operational issues which need to be addressed.

      What needs improvement?

      More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced.

      For how long have I used the solution?

      One to three years.
      it_user756381
      Manager Of Cyber Security at a healthcare company
      Video Review
      Vendor
      Nov 22, 2017
      I'm able to see the actions and behaviors of the whole company, including remotely

      What other advice do I have?

      Very happy. Yes. As a guidance and recommendation, I would ask them, what is your level of comfort in configuring LogRhythm? If they say to me, "Not so much," I would say, "Well, then you have to budget not just for the product, but for the Co-Pilot solution as well." If, however, they say, "No, I'm very happy. I have the skills already in-house," then I would say obviously to buy the product with the Professional Service hours.
      it_user756336
      Deputy Ciso at Temple University
      Vendor
      Nov 22, 2017
      Consistent user experience; I was able to catch multiple pen-testers in this year's test

      What other advice do I have?

      In terms of the most important criteria when selecting a vendor, there isn't any single important criterion. I have a spreadsheet that I use that expresses value. * Price is one component of value * Usability * Manageability * How many resources do I have to apply to it? * Can I run it with one FTE? Do I need two FTEs? * Also, its efficiency. Does it meet all of the use-cases that we're buying it for? The first thing you do is sit down and think about, "what are going to be my first steps?" This is the kind of thing you have to phase, really, to be successful. "What are my goals out of my…
      Jorge Trujillo
      Information Security Engineer at a financial services firm with 501-1,000 employees
      Video Review
      Real User
      Nov 21, 2017
      Great having the data available; support walked us through everything we had to do

      What other advice do I have?

      It's one of the top 10 SIEM solutions. What I really like about LogRhythm is that they're always innovating, new ideas. They're consistently trying to improve. I think that's really great about them.
      Jack Callaghan
      Senior Security Analyst at a financial services firm with 501-1,000 employees
      Video Review
      Real User
      Nov 21, 2017
      Give us the insight needed to understand when threats are recon or an attack

      What other advice do I have?

      Things that are important: the first time you get a SIEM in your hands you think it's great to gather everything. Then you find out within a couple of days, gathering hundreds of millions of records and trying to make heads and tails... Begin slowly, focus on various systems, understand what they mean. A lot of people go, show me the perimeters, show me the firewall, show me the network. Pull that data in and when you've got it then turn around, look at all of your Windows servers, your domains, those environments. Moving slowly and classifying your data, so you can make the rules you design…
      it_user769674
      Sec And Risk Lead at Baker Tilly Virchow Krause, LLP
      Video Review
      Real User
      Nov 21, 2017
      Easily percolates critical information to the dashboard for drill-down

      What other advice do I have?

      Just from the simplicity standpoint, it's met all of our expectations now. Like I said, you always have that little thing here and there that you still have to tweak, but other than that, we've really liked the product. The biggest thing in this product is not everybody on our security team is well versed in SIEM or analytics, but we found that LogRhythm - the Web Console UI - really simplified, especially with the metadata parsing out. It allowed those people to read those type of events much quicker, because it was right there, and it was pretty easily translated. So "user" is username…
      it_user769680
      Sec Eng at a financial services firm
      Video Review
      Vendor
      Nov 21, 2017
      I don't have to log in to six or seven different appliances and hunt for data
      it_user576042
      Senior IT Security Analyst at a retailer with 1,001-5,000 employees
      Vendor
      Nov 21, 2017
      AI Engine rule set significantly changes how we notify users about our network
      it_user769683
      Cyber Security Operations Manager at Old National Bancorp
      Video Review
      Vendor
      Nov 21, 2017
      We've got so many sources in it, we can easily investigate the logs on any system we have

      What other advice do I have?

      It's just amazing, that you can get the information, especially the AIE information, where it correlates different logs together. It's just incredible. It's something that in the old days, that you had to use grep and go to multiple servers, versus now you just tap in and drill-down and, bam, you've got all the logs that you need. It's just amazing, the process.
      Shane Addison
      Information Security Officer at First Mid-Illinois Bank And Trust
      Video Review
      Real User
      Nov 21, 2017
      Enables our IT staff to be more proactive, fix problems, instead of waiting for end user calls

      What other advice do I have?

      We are really happy with the product. We've been a customer for a number of years now and really haven't had any issues. It's done just about everything we ask it to do.
      it_user769689
      Technical Systems Analyst
      Video Review
      Vendor
      Nov 21, 2017
      At setup we turned on 14 AI rules and have found them to be really advantageous for us

      What other advice do I have?

      We're really happy with it.
      it_user769665
      Chief Security Officer at Optomany
      Video Review
      Real User
      Nov 20, 2017
      A single pane of glass for my analysts, gives us complete eyes and ears into our environment

      What other advice do I have?

      In terms of the criteria for selecting a vendor, it always comes down to cost. And usability. I like to make sure that my analysts are hands-on when we look at these tools. What's the interface like? How easy is it to use? What's the after-sales like? What's their tech support like? These are all things we need to look at. Also, which operating systems do the agents run on? Can you integrate into all the hardware that you've got? What syslog feeds can it take? Can it take SNMP as well? If colleagues were looking to purchase a similar solution, the guidance that I'd give them is make sure that…
      it_user756366
      Senior Network Systems Engineer at a non-profit
      Video Review
      Vendor
      Nov 20, 2017
      Ease of administration means we don't need a FTE just to admin the product

      What other advice do I have?

      From how we use it, I would rate it a 10 out of 10; not knowing exactly where we could go with it, I'd have to give it a nine, because I don't know if there are any challenges inside it. What we're doing is very limited. I would like to, as we continue to grow with the product, see if there are any ceilings on that. I would highly recommend taking a look at the FTE requirements. They're not all the same. That's huge, depending on the size of your staff, and budget constraints too. There are other SIEM software solutions that have a lot of add-ons that continue to add cost. You need to look at…
      NetworkS5932
      Network Security at a energy/utilities company
      Video Review
      Real User
      Nov 20, 2017
      Brings all my logs together to produce evidence in my compliance role for NERC

      What other advice do I have?

      I gave it an eight out of 10 because of the ease of use, and the support really deserves high marks. I would definitely tell colleagues to look into it. Again, the support that they provide, they’re there to hold your hand if you need it, or just give you guidance and let you go. They really do take care of their customers.
      it_user769692
      Information Security Officer at a insurance company with 201-500 employees
      Video Review
      Vendor
      Nov 20, 2017
      Delivers actionable intelligence to our security engineers but we need it to ingest more sources

      Pros and Cons

      • "LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts."
      • "Right now there is the concern about being able to gather all of the data into the system."

      What other advice do I have?

      The solution, one to 10 at this time, would probably be a strong seven. Right now there is the concern about being able to gather all of the data into the system. That's key. It's one of those things, pre-sales versus post-sales, what is said can be done, and then what actually is fruition. There is only so much you can do in a proof of value, or what they sometimes call proof of concepts - in those bake-offs - because you only have a limited amount of time with it to do that connectivity, and analyze. It really is that integration and some of the customization that we've had to do from…
      it_user769662
      Operations Team Lead at Mary Kay Inc
      Video Review
      Vendor
      Nov 20, 2017
      Facilitates visibility into our infrastructure, identifies things we can trigger on and alert

      What other advice do I have?

      I don't think any application can truly be a 10 out of 10, especially one of LogRhythm's size; that would be very difficult to achieve. But an eight, in my mind, is perfect. That means there is room for improvement, there is room for me to work with the vendor, and talk back and forth about what my needs are specifically so they can work that into a feature request down the line.
      it_user769659
      Data Sec Program Manager at a insurance company
      Video Review
      Vendor
      Nov 20, 2017
      Streamlines correlating logs from many sources; enables alarms / reporting from them

      Pros and Cons

      • "The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources."
      • "I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."

      What other advice do I have?

      In terms of criteria for choosing a vendor, when you go through an RFP process there are always weighted criteria. We went through that whole process and started out with eight vendors, got it down to two and then selected LogRhythm. For me it's relationship, I want to feel that the product that we're buying is going to be supported, and that we have almost a team behind us that is there. When we did purchase LogRhythm we felt that. We bought a lot of Professional Services time to help us implement. It's not like the sales guy says, "Okay bye," and never talks to you again, and just takes in…
      it_user769656
      Information Security Architect at a healthcare company with 1,001-5,000 employees
      Video Review
      Vendor
      Nov 20, 2017
      We can constantly add logs into our system without any issues; find and fix problems fast

      What other advice do I have?

      Really figure out what you want it to do for you, because it is very flexible and can be used for many different purposes. Determine what you want to use it for, and then get the assistance from LogRhythm to help implement it in that way. Then you can always expand it and take in other areas. But your primary goals need to be met right up front. We are very happy with it.
      it_user756408
      Information Security Analyst 2 at a non-profit with 1,001-5,000 employees
      Vendor
      Nov 7, 2017
      Gives us visibility into areas we wouldn't have seen, such as code execution; allows us to drill down on servers

      What other advice do I have?

      It's very important for a solution to be a unified, end-to-end platform for us. It's a really good solution. It's been very stable. At the same time, we have had some issues, some false positives. And that issue I told you with tech support, there have been some challenges getting it to be where we wanted it to be, for a solution, like LogRhythm, that is supposedly best in the industry. I just thought it was kind of poor that they would take a common exploit that's been in use for years and say we can't get it to work when, obviously, they could get it work. It was kind of lazy. Still, I would…
      it_user756417
      Information Security Engineer at Lancaster General Health
      Vendor
      Nov 7, 2017
      it's the center of our SOC but we are starting to use it for operational things as well

      What other advice do I have?

      It's not perfect, but no solution is going to be perfect. If you have one person that you can dedicate forty hours a week to the SIEM it will be fine.
      it_user756420
      Security Advisor at a manufacturing company
      Vendor
      Nov 7, 2017
      The UI allows us to hand it off to our SOC and train them

      What other advice do I have?

      When selecting a vendor, for us, the platform has to be a unified, end-to-end solution. We've got so many unique platforms around our business that it has to be. All SIEMs suck, but LogRhythm is the best.
      it_user756411
      Security Analyst at a financial services firm
      Vendor
      Nov 7, 2017
      Makes log information available on demand for investigation but generates a lot of alarms we have to overlook

      What other advice do I have?

      Being at this conference I learned a lot. For example, I haven't been using the Web Console to the extent that I should be using it, and I think going back I'll be using that a lot more. It's extremely important for a solution to be a unified, end-to-end platform. In terms of criteria when selecting a vendor, we look at it as a relationship between our organization and LogRhythm. We want them to work with us and we're willing to work with them to fit what's best for our environment. I gave it seven out of 10 because we've only used the product for about a year and a half and it's still a…
      it_user756405
      Principal Security Specialist at University Of Massachusetts
      Vendor
      Nov 7, 2017
      We have been able to find out what is wrong, and suggest how to remediate

      What other advice do I have?

      The driving factor in searching for a security solution would be, in this day and age, the threats that are out there are incredible. I think LogRhythm addresses a lot of the issues that are out there. Again, it's on us to make sure LogRhythm is a solution. It's a tool. If we don't use it properly it's pretty useless at that point. It's on us. I would say it's very important that a solution be a unified, end-to-end platform, especially in a higher-end environment. My nine out of 10 rating is based on what they offer, and what I saw yesterday at the conference, what they're coming out with…
      SecSMgr739
      Sr. Systems Support Analyst at a manufacturing company with 10,001+ employees
      Real User
      Nov 7, 2017
      Ease of use has helped us uncover a lot of information and protect our data

      What other advice do I have?

      The unified, end-to-end solution is very key here. We have a lot of various tools, and trying to get them all into one is very key. Be sure to size it properly. Don't try to boil the ocean. Get your key log sources and let it start paying for itself immediately; it will.
      it_user756393
      Junior Information Security Analyst at a financial services firm with 51-200 employees
      Vendor
      Nov 7, 2017
      All logs in one place; we can quickly determine if there is a threat actor, from internal to external​

      What other advice do I have?

      It's fairly important that a solution be end-to-end unified. The fact that LogRhythm is, is working out very well for us. I gave it eight out of 10 because of some of the issues we've had with the system actually going down but, again, that might be entirely on us. We're still in the defining phase of that. One thing that surprised me over the course of our deployment is the amount of logs that I didn't realize we had, different log sources that we're seeing pop up, pending, being brought into the system and we haven't even seen them before. People are standing them up left and right and I'm…
      it_user756387
      IT Security Administrator at a financial services firm
      Vendor
      Nov 6, 2017
      Facilitates receiving alerts quickly and remediating them with partial scripts

      What other advice do I have?

      I am pretty impressed with it. I have seen a it grow, just in the short time that we have had it. It is very important for us that a solution be a unified, end-to-end platform. That is one of the biggest driving factors, having a single place that I can do network monitoring if we wanted to. We could do log correlation out of different security tools that we have. Make sure you give it enough resources in terms of users. Somebody to manage it, whether that be a MSSP or in-house resource.
      Chris Goff
      Senior Security Engineer at a healthcare company with 10,001+ employees
      Real User
      Nov 6, 2017
      We can't feed it fast enough, gives us a ton of insights into our organization

      What other advice do I have?

      In terms of a solution being unified, end-to-end, for us it's huge. We have a ton of different security controls. I'm sure we're not any different than any other organization. Being able to bring it all in and put it on a single pane of glass is awesome. My rating of eight out of 10 for LogRhythm is because, while I think the support is great, the solution is a little rough around the edges. Like I said, I'd like to see the web UI built out more, and be able to jam more data into it. The fat client console feels a little rough around the edges to me, even though I use it every day. But…
      it_user756369
      Senior Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
      Vendor
      Nov 6, 2017
      Enables pivoting through the data in real-time; we can detect and remediate issues more quickly

      What other advice do I have?

      When selecting a vendor, one of the biggest things for us is ease of use. The second is how are they going to be a partner with us? In terms of advice to someone who is looking into this kind of solution, I would say to look at the long-term costs of any solution that you're looking at.
      it_user756363
      IT Analyst at a energy/utilities company with 501-1,000 employees
      Vendor
      Nov 6, 2017
      Visibility into all log sources in one place, and alerting are key advantages; helped us find misconfigurations

      What other advice do I have?

      We're about 1200 seats, 10 locations roughly, totally a Cisco shop, from perimeter ASAs to IDS, Sourcefire, to web filtering, it's a big Cisco shop that I stepped into. Our key security goals revolve around maturation and pulling more information into the SIEM. We started off with the low hanging fruit, the Active Directory, the SOCKS servers, things like that. But now we need to get more - all our security controls as well - security systems. We need more from executive PCs, from application servers, we need more visibility I think. In terms of meeting these goals, this solution, on a scale…
      NetworkS5932
      Network Security at a energy/utilities company
      Real User
      Nov 6, 2017
      Provides an eagle-eye view and enables you to delve down granularly and easily

      What other advice do I have?

      I gave it an eight out of 10 because you can kind of dig around and find what you need, so it's fairly user friendly. And the support that you get from their tech teams is pretty phenomenal. I'd say definitely give it a look, and talk with them. I would definitely say that the support that you're going to get is well worth it.
      it_user756348
      IT Security Analyst at a financial services firm with 201-500 employees
      Real User
      Oct 31, 2017
      It has helped tremendously when following up on investigations and logs

      What other advice do I have?

      It is a big project, but very worthwhile, and LogRhythm has plenty of documentation, support people, professional services, and classes that can help get a business implemented and push them all the way to completion. I definitely think it is worthwhile. It is very important for me that the solution be a unified end-to-end platform.
      it_user756336
      Deputy Ciso at Temple University
      Vendor
      Oct 29, 2017
      Generates real insight into the security posture of my organization and scales very easily

      What other advice do I have?

      We're a big university. We're the 26th largest university. I've got 45,000 students, 10,000 researchers and faculty members, plus staff. Main campus is in Philadelphia, Pennsylvania. A mile down the road we have a Health Science campus that has a medical school, a dental school, a pharmacy school, and it's kind of attached to the hospital, which is separate from us. We also have campuses in Harrisburg and Center City that are small adjunct campuses. We also have a campus in Japan and a campus in Rome. We have a big international presence, that's the size and the scope. Our key challenge is…
      it_user756354
      Security Analyst 3 at a comms service provider with 1,001-5,000 employees
      MSP
      Oct 29, 2017
      It is a single pane of glass for all of the logs

      What other advice do I have?

      I am very happy with the solution right now. I would absolutely recommend it and have. Most of the basics have been tended to, and as we discover other things that we need to get more data on, and they are brought up, the company addresses them. The most important criteria when selecting a vendor: It is very important for it to be unified.
      it_user756360
      Director Information Security at Vail Resorts
      Vendor
      Oct 26, 2017
      An easy, centralized view of our environment

      What other advice do I have?

      It is extremely important for our solution to be a unified internal platform. I would recommend looking into it.
      it_user756357
      Senior Security Analyst at a energy/utilities company with 1,001-5,000 employees
      Vendor
      Oct 26, 2017
      The ability to leverage alarm and case management features through a centralized location

      What other advice do I have?

      Go ahead and do the evaluation with their other competitors out there. Understand each of the SIEMs capabilities by sitting down with them. I think you will find that LogRhythm will win out. A unified end-to-end platform is extremely important, because as we get going to this more holistic security model, we will be looking at minimizing the number of tools that we have to have in our environment, and trying to centralize a lot of that work into one platform, which LogRhythm is definitely one of those platforms that does that. Most important criteria when selecting a vendor: Selecting a vendor…
      Kevin Merolla
      Security Manager at a manufacturing company with 1,001-5,000 employees
      Real User
      Top 20
      Oct 26, 2017
      The scalability is near infinite. It goes both vertically and horizontally.

      Pros and Cons

      • "The ability for me to go into the Web UI, and just learn what's going on in my environment."
      • "I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."

      What other advice do I have?

      I have seen the features that are coming in 7.3, and they look incredible. It has far exceeded what I thought it was going to do for me in my job role. With the Web UI, over like a Splunk solution, it has actually become a tool that is used outside of security. I do not have to have people who have Lucene SQL Query Syntax memorized in order to get a value out of the system. They can jump in, log in as themselves, point and click, build themselves a query, and everything's great, then they love it.
      it_user756339
      Information Security Analyst at a legal firm
      Vendor
      Oct 26, 2017
      Produces visibility into all of our data at once, allows me to see everything in one place

      What other advice do I have?

      In terms of a solution being a unified, end-to-end platform, that would be nice. It's not something that I think about. I just use what's there. I would tell a colleague at another company who is researching this or a similar solution to try it out. That's the only way you're going to know whether you like it. Don't trust the marketing materials. Ever. I like the direction they're going with the AICloud stuff. They're talking about the playbooks. LogRhythm seems to be on top of things and always looking to improve, I like that.
      it_user756330
      Senior Network Engineer at a transportation company
      Vendor
      Oct 26, 2017
      SmartResponse, alarming, and being able to write our own rule set allow us to delegate alarm monitoring

      What other advice do I have?

      Regarding a solution being a unified, end-to-end platfrom, it helps, but it's not completely necessary. For what it does, LogRhythm works pretty well. If I were to advise a colleague who is looking into a this solution, I would say train someone, as their full-time, job to use it. It's not an easy product to get around.
      it_user756426
      SOC Manager at a energy/utilities company with 10,001+ employees
      Vendor
      Oct 26, 2017
      The event correlation has helped us to mitigate the security threats in our environment

      What other advice do I have?

      My advice, when they first implement the solution, they should make sure that they know what data source or log sources that they want to give to LogRhythm to do the correlations, because they cannot just simply dump all the log sources to LogRhythm. It will impact performance, so they will need to carefully choose the log sources first. Then, after that, they can move away to the correlation, the engine rules, and so on. It is important for us to have a unified internal platform. The most important criteria when selecting a vendor: The most critical thing for us is in term of the…
      it_user756324
      Senior Manager IT Security at Virginia Premier Health
      Vendor
      Oct 26, 2017
      Allows us to be more defensive, have a better security posture, and be more prepared for anything that occurs

      What other advice do I have?

      It's very important to our organization that the solution be a unified end-to-end solution. I don't think any company is perfect, but I know that they're striving, and that's why I give them such a high score. I understand that whatever you're buying with LogRhythm, it is not going to be static. It's a very dynamic company and a lot of new technologies emerge, so ensuring that you get the proper level of training upfront, as well as continued training for your staff, is important for being able to wrap your hands around what LogRhythm is actually doing and where they're going. You start to…
      Timothy Sueck
      Security Analyst at a financial services firm with 501-1,000 employees
      Real User
      Top 20
      Oct 26, 2017
      Dashboards and AI Engine are key features giving us more insight into the traffic patterns we see

      What other advice do I have?

      The criteria that we look when selecting a vendor are usually support, and being and end-to-end solution, that is very important too. I gave it a nine out of 10 overall because we have had some support issues that haven't been resolved quickly enough but, other than that, I've been very happy with the product. If a colleague was researching this and other popular SIEM tools, I would say for the most part I'm very happy with it. I would advise them to schedule a demo and see if it meets their needs.
      it_user756315
      Security Analyst at Guitar Center
      Vendor
      Oct 26, 2017
      Enables us to feed in logs from other solutions and build dashboards to show us what we need to see

      What other advice do I have?

      The most important factor, for me, when selecting a solution is that it needs to be lightweight. Advice I would give to a colleague at another company who is researching this sort of solution: Talk to me first.
      Computer0e92
      Administrator Executive at a individual & family service with 10,001+ employees
      Real User
      Oct 26, 2017
      I have done a lot of good work with the account reps and engineers. It feels like we are on the same team.

      Pros and Cons

      • "It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast."
      • "I would really love to be able to take some of the data and not have to export it to a CSV file, so I can pull it into Excel to turn it into some other kind of graph."

      What other advice do I have?

      It does what we want, but there is so much you can do with it. It is like buying the biggest tool set you can find, then you are trying to find out, "Okay, what am I going to do with all of these tools?" Trying to tune your system with the tools that you have available is a little daunting. It was for me because I did not have the security background. If you are new, it will be a little bit daunting. The training is a big help, though. Understand what your scope is. What are you really trying to do with this tool? If all you want to do is collect logs and pile them up somewhere on a server…
      SecEng3904
      Senior Security Engineer at a healthcare company with 10,001+ employees
      Real User
      Top 5Leaderboard
      Oct 26, 2017
      AI Engine, alarm rules correlation, and drill-down are key; we're able to find more with less effort

      What other advice do I have?

      It was pretty significant for our solution to be a unified end-to-end platform because we did have a wide range of systems out there; trying to make sure that it was able to bring in the sources and correlate the events. The only thing that surprised me was the logs filling up for some of the indexing jobs. Other than that, there was nothing that support wasn't able to go ahead and help us with and get resolved. My advice to a colleague at another company who is researching a similar solution would be: Make sure you do your research. Understand what it is you're looking for in a SIEM. Have a…
      it_user756303
      SYM Engineer Specialist at FIS
      Consultant
      Oct 26, 2017
      Provides huge visibility into your network, you see everything and you see it easily

      What other advice do I have?

      It is very important that our solution to be a unified end-to-end platform. Very important. We wanted a one-stop shop with LogRhythm. We didn't want to use anything else to record our logs and stop threats. I would give LogRythm a 10 out of 10 just purely on the fact they are very helpful, very knowledgeable. The software is very easy to use. Easy to learn. I came into security with no knowledge of security or how to do anything, and within a year I'm an administer of the software. So it's pretty good. I would say go with it. Hands down, one of the best security platforms I've seen. Easy to…
      it_user756429
      Senior Security Engineer at Augeo Marketing
      Real User
      Oct 26, 2017
      It takes good log sources. Needs more integration between the web console and the thick client.

      Pros and Cons

      • "Provides visibility into the network."
      • "I would probably look for more things to go into the web console that is currently on the fat client."

      What other advice do I have?

      Smaller, medium-sized companies, I would actually steer them towards LogRhythm and have them look into it, then I would share my lessons learned. It is important to have a unified end-to-end platform, but you also do not want to get vendor locked in. Its from a value perspective and a productivity perspective, that is where it is very important. You do not want to be stuck with one product that then changes course or evolves. You always want to be with the leader in the market that is innovating. You want to be able to maintain that flexibility and be nimble to switch up when needed but having…
      it_user756402
      Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
      Vendor
      Oct 25, 2017
      I am impressed with their support. We ran into issues where it was not parsing correctly.

      Pros and Cons

      • "It supports most standard log sources."
      • "It will definitely help if the parsing side would be much easier, meaning it would be better if we could easily make adjustments on the parser, both on standard and non-standard log sources."

      What other advice do I have?

      It is important solution be a unified end-to-end platform, especially because we are a small security group. If we can have it in one place, that would be a big plus for us. Most important criteria when selecting a vendor: support.
      it_user756366
      Senior Network Systems Engineer at a non-profit
      Vendor
      Oct 25, 2017
      Enables us to threat-hunt, be in compliance, and obtain effective analytics without a lot of administration

      What other advice do I have?

      Right now our focus is on user behavior, and that's part of why we joined the cloud Beta, they are our biggest risk. We don't know what they're going to do when and why, and so we've rolled out some security awareness training, we've rolled out some phishing exercises, and really trying to figure out how we can stop them being their biggest risks. Learning about what we learned today at the conference, with LogRhythm doing their phishing intelligence engine, it's going to be nice to see how we can implement that into the SIEM as well. Security solution, number one is FTE; being a small shop…
      it_user756399
      EMS-Scada Infrastructure Engineer at a energy/utilities company
      Vendor
      Oct 25, 2017
      It is very stable once it is configured. We have not had any downtime.

      What other advice do I have?

      We have LogRhythm in place and it's been working well for us. It's a great solution but training will be a big key on the implementation. We can troubleshoot it and get the technical support, but it always being very good to have technical training on LogRhythm.
      it_user576042
      Senior IT Security Analyst at a retailer with 1,001-5,000 employees
      Vendor
      Oct 25, 2017
      Provides a single point of log management, has become an operational tool as well as a security solution

      What other advice do I have?

      The driving factor for our company is compliance. And next, for our security team to make sure that there's no occurrence of anything that we don't know about, besides operational issues. My key challenge is to make sure that LogRhythm stays relevant on our day-to-day stuff, making sure that we can have a quick analysis of what's happening in our network, what's going on, and what our security posture is at a given time. For my needs, I'm looking more for it to bring a more comprehensive picture of our security, for the whole network, since I'm routing all the logs to it. The most important…
      it_user756372
      Security Analyst at a tech services company
      Consultant
      Oct 25, 2017
      Before we were compartmentalized, now we we have a central point with more integration between different departments

      What other advice do I have?

      It is a really good product with good support. If someone is reaching the solution, I would advise them to reach out to users and try to visit LogRhythm's online presence to see what they have. The LogRhythm community has been a pretty good resource. Having a unified end-to-end platform is very important. Most important criteria when selecting a vendor: support for the product.
      it_user756378
      Information Security Analyst at Aims Community College
      Vendor
      Oct 25, 2017
      Being able to quickly identify threats in our network is a valuable feature of the product

      What other advice do I have?

      Really understand what's important to you as far as what are you hoping to gain out of the product, what threats are you looking at, and what are your critical logs sources. Just have a fundamental foundation before you start looking into it. Having a unified end-to-end platform is really important to me, because I am the only security professional at the college. If I can avoid having systems all over the place, that is only going to be beneficial. Most important criteria when selecting a vendor: * It is the problem that they are solving and solving effectively. * Being able to rely on really…
      it_user756381
      Manager Of Cyber Security at a healthcare company
      Vendor
      Oct 25, 2017
      It gives us advanced knowledge of malware presence and persistent threats

      Pros and Cons

      • "As a healthcare company, what we use it for is compliance, then to protect our data from exaltation."
      • "In the next release, I would certainly like to see more HIPAA compliance. I would also like to see more integration with Palo Alto Networks, particularly their Traps, which is their endpoint solution."

      What other advice do I have?

      It is highly important for our solution to be a unified end-to-end platform. Most important criteria when selecting a vendor: * Scalability * The ability to have support. LogRhythm has their co-pilot, which is absolutely essential, and whilst we do not use co-pilot in our organization, knowing it is there is certainly absolutely valuable.
      it_user756333
      Security Analyst at Xanterra
      Vendor
      Oct 25, 2017
      PCI compliance pieces help produce reports for our external auditor, and support is best I've encountered

      Pros and Cons

      • "The PCI compliance pieces that help us produce reports for our external auditor, and their support."
      • "I would really like to see some type of group or global management for RIM policies,"

      What other advice do I have?

      It's effective, it's like a Ferrari. You have to have a lot of mechanics, and you have to fine tune it, and when it's running well it runs very well, but there are a lot of things that can go wrong too. I'm pretty much a one-man shop, and it's difficult for me, but that goes back to having good support and good communication with them. It's a struggle, but the product is strong and we just need to continue growing with it, in our understanding, in our use of it, so we'll get where we want to go. But it's a partnership, so we appreciate that. I already mentioned some of the most important…
      it_user756384
      Systems Administrator at a construction company
      Vendor
      Oct 25, 2017
      Our security analytics have clearly improved

      What other advice do I have?

      Take advantage of the feature set that LogRhythm has to offer. It has more features than a lot of their competitors. You will be further in the end.
      it_user756327
      Senior IT Security Analyst at a financial services firm
      Vendor
      Oct 25, 2017
      Helps us in visualization, in monitoring of our different log sources, and with auditing compliance

      What other advice do I have?

      We've got around 2500 logs per second, and primarily a Windows-based environment. We have around 300 Windows-based servers, and we are also collecting a lot of logs from the end-user devices, which are primarily on the Windows base. We also have some Lynux-based servers and also some network component firewall proxies. Over a period of time, LogRythm has improved a lot and the future, the road map of the product, really looks nice. The most important criteria when selecting a vendor is the scope you have defined for the business objective you want to solve, whether it will meet that objective…
      it_user756390
      IT Infrastructure Manager at Jeunesse Global
      Vendor
      Oct 25, 2017
      We have to protect our eCommerce site and it's helping us do that. It needs ​better knowledge transfer during implementation.

      What other advice do I have?

      Do your due diligence. For the most part, you're dealing with the same data depending on who your SIEM is. It is still the same data that's being returned or that you can pull. Definitely do your research because your SIEM itself may not get you what you need out of that data. A unified end-to-end platform is very important to us. We don't want to go to 12 different user portals. We want to know in a quick way what we're dealing with. We want to be able to see the data without having to jump all over the place to get it. Most important criteria when selecting a vendor: * We are buying a…
      it_user756396
      Security Administrator at a tech services company
      Consultant
      Oct 25, 2017
      The artificial intelligence engine is its most valuable feature

      Pros and Cons

      • "The artificial intelligence engine."
      • "More help and assistance with some of the open source products, everything seems to be focused on Windows versus giving some guidance and some documentation on how to use it."

      What other advice do I have?

      A unified end-to-end platform solution is important but I understand that there will be different tools for different jobs. LogRhythm, that is their sweet spot and I hope they stay there because they do it really well. Most important criteria when selecting a vendor: It is about the integrations with all the different products that we are using. LogRhythm seem to have most of those boxes checked. Therefore, it was a good fit for us.
      it_user256056
      Director Of Infrastructure And Security
      Vendor
      Oct 24, 2017
      It has helped to give us visibility into our point of sale applications

      What other advice do I have?

      Make sure that what data you are collecting is usable. That is probably the biggest advice. Because the first product we used, we had problems just understanding the data presented in the SIEM console. It's nice if the solution is a unified end-to-end platform, but it is not a deal breaker. Most important criteria when selecting a vendor: Support after implementation is probably the biggest.
      it_user756342
      Technical Architect at a financial services firm with 10,001+ employees
      Vendor
      Oct 24, 2017
      It has improved our ability to see incidents when they occur

      Pros and Cons

      • "Overall effectiveness is very good. I like how it is oriented to both analysts and technical support people. It's easily adopted by end users as much as by technologists."
      • "I would like to see case management become more independent from LogRhythm itself."

      What other advice do I have?

      Look at all of the factors, including total cost of ownership and your roadmap of where you are going, and compare those to the needs that you have going forward. There are a lot of solutions out there that are either way too complex to manage, don't have a good roadmap, are a secondary solution in a larger company, or are going to just be astronomically expensive when they get to a useful state. If the solution is a unified end-to-end platform, it helps with the overall management, skill set training, and retention. It does provide some long-term benefits. Most important criteria when…
      it_user756435
      Threat And Awareness Manager at a tech services company with 1,001-5,000 employees
      Consultant
      Oct 24, 2017
      We are using the custom dashboard and actively using it towards proactive investigations

      What other advice do I have?

      Technology's important, but it is the support you get as well. Don't just focus on, necessarily, the features and technology, but also consider the support and the engagement you get with the organization. Most important criteria when selecting a vendor: the relationship. I would not want to work with an organization that just sells you the technology, then disappears or only ever speak to when there is a problem. It is starting to look a little bit more like a partnership now with LogRhythm, that's exactly what we want to maintain.
      it_user756312
      Systems Architect at a university with 10,001+ employees
      Vendor
      Oct 24, 2017
      Parsing and its integrated nature are valuable but needs complete horizontal scalability and better analytics

      What other advice do I have?

      I would say for us, being an MSSB, when selecting a vendor, scalability is paramount. And the support ability. If we're going to drop a lot of money on a solution, it needs to be easy for our analysts to get up to speed with it. That's worth a little bit extra, versus going with something that requires months of training just to do the basic running of the system. If I were to advise a colleague looking at this or a similar solution, I would say take a look at all the options, figure out what you need out of a solution first, and then just make sure you evaluate it. If possible, test drive it…
      it_user709467
      Cyber Security Architect at a energy/utilities company with 1,001-5,000 employees
      Vendor
      Oct 24, 2017
      The initial​ configuration was easy
      it_user756306
      Manager Security Operations Center at a leisure / travel company
      Real User
      Oct 24, 2017
      Investigation tab allows us to dig deeper into the alerts that we receive; the UI is easier than other solutions

      What other advice do I have?

      The most important criterion, when selecting a vendor, is how easy it is to adapt to the solutions we have in house. Every organization, I understand, is different, but based on what we required, for the most part I'd say about 85% of our needs were met with LogRhythm, compared to all other competitors. It's very important for our solution to be a unified, end-to-end platform because the organization might adapt new technologies. Our security architect needs to have the ability to integrate them. If it's a challenge then, definitely, that's going to be a downside for us. If a colleague at…
      it_user756414
      Lead Info Security Architect with 501-1,000 employees
      Vendor
      Oct 24, 2017
      We have used its alert capabilities to help us mitigate issues more rapidly

      What other advice do I have?

      It is a great product. We brought it in initially as a central event log for PCI compliance. It's been really good for PCI compliance, but then we leveraged it for security across the network, so it has been really good that way. It really requires somebody to be able to dedicate a lot of time to getting sources into it. It's hard if you're a partial user of it. It takes a lot longer to really understand the product, because it's big. There's a lot to it.
      it_user756300
      Security Architect at a leisure / travel company
      Vendor
      Oct 24, 2017
      Facilitates aggregating all the logs into a single platform, and then doing real-time monitoring

      What other advice do I have?

      We're migrating to a dumb-terminal type of environment. That's the end goal that we have, because we have noticed that there's no way for us to secure everything. There's really no way. So having the users centralized into one location, it makes a big, big difference. So far it's working fine. Like I said, we had some little things here and there but we've revised the architecture and now it's good. For selecting a vendor we had a matrix. There were a bunch of points that we were trying to cover. How easy is it to use? For Roger's group, for example, to see how easy it was to adapt from the…
      it_user711480
      User at a aerospace/defense firm with 1,001-5,000 employees
      Vendor
      Jul 30, 2017
      Everything I have used is designed very well, and makes sense after a little time on the system.

      Pros and Cons

      • "Compliance reporting is another great feature of this product. It has built in reports right out of the box."
      • "Only area I can think of to improve on is the proof reading and using the guides before releasing them. Out the the 20+ guides I used one had issues with wrong information in it."

      What other advice do I have?

      Work closely with your sales and engineering team for your setup and give them all your requirements and use cases.
      it_user418188
      IT Security Manager at a financial services firm with 501-1,000 employees
      Vendor
      Apr 24, 2016
      We used it primarily for security logging of events. We created reports based on traffic awareness for security.

      What is most valuable?

      The reporting feature is valuable.

      How has it helped my organization?

      We used it primarily for security logging of events. We created reports based on traffic awareness for security.

      What needs improvement?

      We would like to see a better base templates for reporting.

      For how long have I used the solution?

      I've used it for six months.

      What was my experience with deployment of the solution?

      The only issue we had was getting the Net Flow incorporated. However, that was issue was because of our implementation. Once we made a change it worked.

      What do I think about the stability of the solution?

      There were no issues with the stability.

      What do I think about the scalability of the solution?

      We had no issues scaling it for our needs.

      How are

      it_user347160
      Security Consultant and Co-Founder at a tech consulting company with 51-200 employees
      Consultant
      Mar 28, 2016
      The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.

      What other advice do I have?

      As part of your plan for SIEM, identify what you expect the SIEM to be able to do for you / your organization. SIEM is not a silver bullet. SIEM will take a considerable amount of use by a security analyst or similar to get the best out of it. SIEM managed services offered by resellers or system integrators may be good value and should be seriously considered to ensure the best outcomes from the SIEM.
      it_user386685
      Director of Information Technology at a university with 1,001-5,000 employees
      Vendor
      Feb 16, 2016
      I like that it allows me to get a quick scan of what happened in the last 24 hours. We also use it for compliance reasons since we are audited frequently by our state.

      What other advice do I have?

      I would recommend them. I think that their product has evolved over time. I think there were a couple of years in the very beginning when I was a little frustrated with them, but now, and especially, we just bought a new box last year, the newer version, it seems to have a lot of the kinks worked out, and so I wouldn't have any problem recommending them.
      it_user375531
      Information Security Analyst at a financial services firm with 1,001-5,000 employees
      Vendor
      Feb 1, 2016
      The most valuable feature is the AI engine and we're able to have all of our logs in one place.

      What other advice do I have?

      Definitely do a test run, a proof of concept, so it’s understood how it’s going to work in your environment. Also, take the training that they provide; i t's super valuable.
      it_user338868
      VP, Information Systems Security Officer at a financial services firm with 501-1,000 employees
      Vendor
      Jan 12, 2016
      The AI engine correlates the events that it is receiving, taking a lot of guesswork away from the analyst. I’d prefer that it didn’t use the Microsoft Windows platform.
      it_user341256
      Lead Specialist - Information Security at a hospitality company with 1,001-5,000 employees
      Vendor
      Nov 25, 2015
      It quickly allows me to get into forensic data, but while I have some of the beefiest data that they provide, I can still overrun the system.

      What other advice do I have?

      I’m in contact with them on a very frequent basis. I work with my contact a few times per month. I can’t complain about them at all.
      it_user341232
      IT Security Specialist at a manufacturing company with 1,001-5,000 employees
      Vendor
      Nov 25, 2015
      Security management is what it's best at, but it's generally for medium-sized companies.

      What other advice do I have?

      I have been invited to user group meetings and we have had good conversations. They have been very helpful and they understand my needs. They listen to our input and really take it seriously. They really work with us on different issues. Everything is fantastic.
      it_user341220
      Systems Administrator at a financial services firm with 501-1,000 employees
      Vendor
      Nov 25, 2015
      We selected it based on the ability to comply with regulations and its advanced features, but support needs to be improved.
      it_user341262
      Security Analyst at a retailer with 1,001-5,000 employees
      Vendor
      Nov 25, 2015
      We are able to manage the items we have coming in with one product; however, if the client doesn't have a customer in their system, they can’t use it.

      What other advice do I have?

      My relationship has been very good. When we updated our software we set up weekly meetings which really helped us with reporting. We don’t directly get in touch with support but when we do they solve our problems.
      it_user331482
      Senior Manager, Distributed Systems at a insurance company with 501-1,000 employees
      Vendor
      Oct 31, 2015
      It's reduced the time and effort necessary to manage and review logs and produce reports for regulatory compliance, though their professional services hourly rate is above average.

      What other advice do I have?

      There were two primary reasons we selected LogRhythm. First was the ease of implementation, which was extremely simple and straight forward. Second, was the integration of file integrity monitoring. LogRhythm at the time, and I believe still today, was the only vendor that provided a solution that included integrated SIEM and FIM.
      it_user331431
      Senior Information Systems Specialist at a manufacturing company with 1,001-5,000 employees
      Vendor
      Oct 26, 2015
      Our team has been able to correlate security events and react quicker to incidents, though retrieving logs that have been archived can be difficult and time consuming.

      What other advice do I have?

      If implementing a SIEM for the first time, it is very important to have members of the network and server teams involved from the beginning. Also, strong change management policies are necessary to keep the SIEM implemented properly.
      it_user326751
      VP, Information Security Officer with 501-1,000 employees
      Real User
      Oct 18, 2015
      Custom rules/alerts in LRM and AIE provide insight into network for internal users and InfoSec, although adding an entity could be much faster.

      What other advice do I have?

      Implementation time, hygene/maintenance time, functionality, and cost make it the clear choice in a competitive market.
      it_user326481
      Sr. Mgr of Network Operations at a comms service provider with 501-1,000 employees
      Vendor
      Oct 18, 2015
      It allows us to detect and remediate Advanced Persistent Threats, but the log management database needs to be more efficient.

      What other advice do I have?

      We recommend that people implementing it choose to log everything, including logs from desktops, laptops, servers, switches and routers.
      it_user313884
      Contract Sr. Security Engineer, LogRhythm Analysis/Forensics at a financial services firm with 1,001-5,000 employees
      Vendor
      Oct 16, 2015
      It provides reports on the Cardholder Data Environment at 95% effectiveness, but to operate at the 99.99% level, it needs to have uninterrupted reporting host connections to the Log Mediator.
      LogRhythm is a perfect example of "Garbage In, Garbage Out" in Information Security—LogRhythm reports on the Cardholder Data Environment (CDE) activity are only as reliable as the data coming in. If there are interruptions in the data downloads or hosts that don't report to LogRhythm from the CDE, the utility of the LogRhythm Reports declines dramatically. Even when reporting at 95% effectiveness, critical information regarding Threat Agent activity is probably still missing. To operate at the 99.99% level, LogRhythm needs to have uninterrupted reporting host connections to LogRhythm’s Log Mediator(s) for optimal LogRhythm device functioning, complete and valid CDE host presence in LogRhythm’s log records, the minimization of false positives (Trash Traffic), the use of dedicated…
      it_user320625
      Senior Security Engineer at a tech vendor with 10,001+ employees
      MSP
      Sep 30, 2015
      The Advanced Intelligence Engine alerts the SOC to potential security issues, though File Integrity Monitoring needs improvement.

      What is most valuable?

      Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.

      How has it helped my organization?

      The LogRhythm AIE (Advanced Intelligence Engine) is very good at alerting my SOC to events of interest and potential security issues without flooding my team with noise.

      What needs improvement?

      There is room for improvement in the area of File Integrity Monitoring.

      For how long have I used the solution?

      I've used it for 15 months.

      What was my experience with deployment of the solution?

      No issues encountered.

      What do I think about the stability of the solution?

      No issues encountered.

      What do I think about the scalability of the solution?

      No issues encountered.

      How are

      it_user317229
      Information Security Engineer at a tech vendor with 501-1,000 employees
      Vendor
      Sep 27, 2015
      Searches can be performed using any known value, IP address, hostname, username, or event, though report-building is limited by its use of Crystal Reports.

      What other advice do I have?

      We are very pleased with the LR solution and are looking forward to the upcoming update.
      it_user317892
      Senior Information Security Manager with 1,001-5,000 employees
      Vendor
      Sep 24, 2015
      It's simplified and clarified complex volumes of information, but customizing features could be improved.

      Valuable Features

      Clarity of information Ease of deployment

      Improvements to My Organization

      The ability to provide insights and simplification for complex volumes of information.

      Room for Improvement

      The ability to customize certain features of the product.

      Use of Solution

      I've used it for one year.

      Stability Issues

      I find that the system is stable and handling our traffic very well.

      Customer Service and Technical Support

      Customer Service: The customer service teams is excellent and have they resolved anything we have thrown at them in a timely fashion. Technical Support: The technical support team is excellent and have they resolved anything we have thrown at them in a timely fashion.

      ROI

      We do not have one yet, but we definitely foresee a ROI.
      it_user290340
      Vice President at a financial services firm with 1,001-5,000 employees
      Vendor
      Aug 19, 2015
      We're able to create customized monitoring reports that extract info from event logs.

      What other advice do I have?

      You should consult with LogRhythm experts because there are lots of features and customizations, and you need to figure out what's needed for your specific environment, for example, regulatory compliance issues. They do great job of making clear what's needed.
      Vinod Shankar
      Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
      Consultant
      Feb 26, 2015
      HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
      We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are based on Gartner Magic Q which is what Organizations typically use to select SIEM vendors. The Vendors mentioned here in the deck are : 1. HP ArcSight 2. McAfee Nitro 3. IBM QRadar 4. Splunk SIEM 5. RSA Security Analytic 6. LogRhythm. SIEM Technology Space SIEM market analysis of the last 3 years suggest: Market consolidation of SIEM players (25 vendors in 2011 to 16 vendors in 2013)Only products with technology maturity and a strong road map have featured in leaders quadrant.HP ArcSight & IBM Q1…
      Buyer's Guide
      Download our free LogRhythm NextGen SIEM Report and get advice and tips from experienced pros sharing their opinions.