LogRhythm SIEM Valuable Features

KM
Global Security Manager at Chart Industries Inc

One of the features that we use the most and find the most valuable includes the Web Console. My analysts really like the interface and the ability to build queries using point-and-click without having to write Query languages. My favorite feature is the actual Admin Console and the ability to monitor all aspects of the SIEM's health and the ability to build new use cases for my analysts to work with.

We also use the Machine Data Intelligence feature for classifying and contextualizing logs. It does struggle with unknown log sources and we've had some challenges over the years getting new log sources incorporated into the MDI Fabric.

The ability to authenticate successes and failures using MDI is incredibly easy. For the log sources that we bring into the SIEM, that work is pretty much done for us by the MDI. We don't have to do any additional work.

View full review »
Joseph W. - PeerSpot reviewer
System Administrator at GOLDENWEST FEDERAL CREDIT UNION

One of the main features that I like about LogRhythm SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us.

We use the Event Log Filtering feature a lot. We use it for simple troubleshooting tasks like when a user is logged out, to more important tasks like trying to investigate a threat. As far as its effect on productivity, we can go and search instead of trying to troubleshoot and guess what is causing an error. We can identify what the program is or where the hiccup is.

LogRhythm helped us to identify a lot of blind spots. Originally, we didn't have a SIEM tool. We had auditors say that this is something that we should be doing. My management team asked me to go and find a product, and I researched a bunch of them and found LogRhythm. It really opened our eyes to see how much traffic we have, whether it's other IP addresses that are scanning us or external users trying to hit certain ports that could then get closed. It helped us tighten down some of those firewall rules that may have been left open unintentionally through other changes. It helped us a lot early on to identify who was trying to communicate with us or, essentially, who was trying to attack us.

As far as our overall security posture, our SIEM tool was the initial push that really got us going into identifying where all of our threats were. We expanded over the seven years that we've had it, and I implemented at least eight other products that are all security related because the SIEM tool indicated the need to identify other risks. It really helped us as an organization to identify risks and move forward to a more secure environment.

View full review »
YI
Regional Technical Manager at HTBS

The most valuable features of the solution are network monitoring, user behavior analytics, and log collection. Our company uses almost all the features offered by the solution.

View full review »
Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
JG
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees

I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios.

View full review »
Wail Khachfa - PeerSpot reviewer
Network and Security Specialist at Ajman Digital Government

The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions that need a special team dedicated to configure and extract reports.

Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the data needs to be forwarded, stored and searchable for a certain time period. This solution categorizes different types of data: cold, warm, and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. It studies the user behavior and if there is unusual traffic is recorded from a user, the solution flags it very effectively. 

View full review »
SK
Manager Solutions Architect at a comms service provider with 10,001+ employees

It has connectivity with multiple log sources - including those that are on-prem and in the cloud (including GCP, AWS and our own cloud).

It is extremely scalable. 

Technical support has always been helpful.

It is stable, reliable, and flexible. 

View full review »
SR
Sr Manager - Information Security at a computer software company with 1,001-5,000 employees

The log analysis feature is valuable. The solution has an AI rule manager. AI Engine gives us plenty of options to write new rules and modify existing rules according to our requirements.

View full review »
DH
SOC Analyst at PLS Financial

Looking at the logs and how much detail each log has when it is ingested into our dashboards is quite useful. I found it very useful when looking at, for example, what emails are inbound and outbound of our networks. 

I like how detail-oriented the logs are in terms of what the origin is and what network it's coming from. 

I also like how the detailed logs give us what host or user it's coming from. On sight, I have a pretty cohesive understanding of what threat intelligence looks like in terms of reviewing what we have to deal with.

I use the Event Log Filtering feature daily. Every day when I look at event logs, I use the filters on certain time ranges and AIU engine rules. Overall, it's had a very positive impact. It helps us expedite certain security incidences very quickly, thanks to how detail-oriented the logs are. It really helps me report threats to my supervisor. For example, if someone's trying to scan us, my boss will ask me, "Can you look into this further?" I'll go ahead, and use the searches and the lists that the LogRhythm console has to offer, and I will get back to him in a timely fashion, with more details on the threat. 

The Event Log Filtering feature has definitely helped reduce administrative overhead. On a scale of one to ten, I would rate it a seven.

It helps us manage workflows and cybersecurity exposure. In terms of managing workflows, it definitely has given us leverage on what our overall security posture is, and gives us a better understanding of what we need to focus on more in terms of what threats are persisting. Our workflows have been pretty seamless so far. I would say our workflow is pretty seamless in terms of static manual investigations.

In terms of blind spots and our ability to shut down attacks, while we don't see all the blind spots, it gives us enough understanding and information about where we can classify a threat. 

Overall, it's had a very positive impact on our security posture. It gives us good visibility of what we need to see right now. It definitely gives us a better understanding of what we deal with, and what we should focus on in terms of what threats are more critical than others. In terms of our daily operations, it's very helpful.

It's positively affected our overall rate of efficiency. It's given us what we need for now. We're looking to improve our efficiency by looking into what LogRhythm offers in its newer products. Still, it's pretty efficient. On a scale of one to ten, I would rate it around eight or nine in terms of efficiency. My immediate coworkers in my department could use what we have right now for looking at critical alerts, user analytics, and overall IT operations since we usually have daily operations where we look at all user activity throughout our organization.

View full review »
AS
Senior Network Engineer at a government with 5,001-10,000 employees

The feature that makes it usable is the web interface.

One nice feature about the product is the log message field extraction, where they try to fit every field into a field name. A log message is a string of ASCII text and its value depends on how the vendor formats it. Fields within log messages, such as a time stamp or source IP address, are delimited by spaces. Depending on the type of device, the information varies because if it's a temperature sensor you'll get temperature, or if it's a pressure sensor you'll get pressure, but if it's an active directory server you'll get an active directory message. The problem comes about because in some cases, the fields are not labeled.

Rather than an identifier for a source IP address (e.g. "SRCIP="), it will just have the address, and you have to determine what it is based on its location within the message. Of course, even though the field name is not in the log message itself, the field will still have a name. Extracting it correctly requires that you understand how the vendor formatted it. With LogRhythm, it does a better job than some products at slotting every field into a field name.

View full review »
AG
Cybersecurity Solutions Architect at a tech vendor with 10,001+ employees

SOAR is integrated with the dashboard that we use for threat management. Because it's all integrated, it is useful for us when we deploy something on-prem.

View full review »
JB
SIEM Architect at Marsh & McLennan Companies, Inc.

I've worked with a lot of SIEMs. It's nice that it's straightforward. 

View full review »
KM
Global Security Manager at Chart Industries Inc

The ability for me to go into the Web UI, and just learn what's going on in my environment. Being able to go in and show our company's management, "Look, this is what we can see. This is what we can now know about our environment."

Then, using the past several months to baseline what's normal, it has been invaluable, and we have also been able to stop things that were bad, at the same time. We were able to actually show value, while we were still building out the solution.

View full review »
LV
Security Analyst at Secure-24

The user interface is pretty good compared to other SIEM tools. The log search capabilities are good. It gives results pretty fast.

View full review »
JG
Senior Cyber Security Engineer at a individual & family service with 10,001+ employees

The most valuable feature that we use is the AI Engine itself.

View full review »
KS
Senior Security Engineer at a manufacturing company with 5,001-10,000 employees

The AI Engine can take an event and correlate it into something else giving meaningful context regarding what is going on. We integrated it in with our ticketing system, so if an alarm fires, it raises a ticket in our system. Therefore, if I find somebody needs to action other things on it, I can just forward the ticket along. This is all done via email, which is pretty slick.

View full review »
Subhash Sreenivasan - PeerSpot reviewer
Founder & CTO at NiyoSecure

Its most valuable features include robust dashboards and effective alerts. I find LogRhythm's log management capabilities to be beneficial.    

We integrate multiple credentials and feeds from various sources to enrich customer data. However, we haven't extensively explored its capabilities for compliance reporting as it hasn't been a priority for our clients.

Regarding identifying potential security incidents, LogRhythm's preconfigured alerts are quite effective in detecting vulnerabilities. As for the impact of LogRhythm's log management capacity on security posture, it largely depends on the deployment type. The analytics and intelligence features, particularly the correlation functionalities, have proven valuable in catching complex cyber security threats.

View full review »
KB
Senior Cyber Security Engineer at a logistics company with 10,001+ employees

Currently, we are in the implementation phase. LogRhythm is better than QRadar from the point of view of collecting Windows events. It has a much higher view. You can enable monitoring by default.

View full review »
GC
Security Engineer at a logistics company with 10,001+ employees

Specific to LogRhythm SIEM, I would say the dash boarding capability is pretty spectacular, so having the advanced UI available to just instantly drag and drop widgets into the browser and get top 'X' whatever field you're looking for just in real time is incredibly powerful. It's very fast. That's one of the things that I love about it is that we can get trending information at a moment's notice for just about anything that we have packed into the SIEM. So it's incredibly quick to get very easy high level information on any field we're looking for in the SIEM, and then be able to drill down into that through the log feature at the bottom.

We are using their AI engine, we're using the actual web console itself. We're using lists in some of their automated list for generating content of blacklisted hosts or known malware sites and things like that.

Most of those features are turned on at this point in time. We're actually pretty new, I think that says a lot to the amount of use we've been able to get out of it. We've only installed it maybe three or four months ago. And the amount of data that we have going into the SIEM at this point in time, which amounts to nearly 20,000 events per second, plus all the different features we have turned on is pretty impressive. So I think that that speaks a lot to the ease of getting it stood up and running, which is something that I've seen be way more difficult in other SIEMs in the past.

We will be using the playbooks immediately, on day one, as soon as they're available. I've attended some of the playbook sessions here already and we're looking at which ones are already out there for use and how we're going to integrate them into our environment. So, playbooks are going to be a huge point of focus for the next year for sure for us.

View full review »
it_user711480 - PeerSpot reviewer
Works at a aerospace/defense firm with 1,001-5,000 employees

My favorite part of LogRhythm is its ease of use. Everything I have used is designed very well, and makes sense after little time on the system. The new web interface is very fast and easy to use and see what is going on in a glance.

The AIE rule set is easy to setup and use. They have a lot of built in modules that have the rules already created for you. The deployment guides are easy to follow for setting up the modules. Personally I love the UBA or threat modules. These will first do a system baseline then start flagging events outside your normal operations. Creating new rules is very easy with the GUI.

Compliance reporting is another great feature of this product. It has built in reports right out of the box. Plus it was one of the few products with FIPS 140-2 encryption for the data base.

View full review »
AS
Information Technology with 501-1,000 employees

My favorite feature is the Drill Down which allows us to look at several different logs originating off of one particular alarm. If there is suspicious activity, we can use that feature to access one dashboard with different anomalies that might stand out or different places where alarms would've been triggered for particular events. 

We use the Event Log Filtering feature quite often. It makes it much easier to find useful information in our SIEM tool in a quick and efficient manner. There have been several times when we have imported 20,000 plus logs within a matter of minutes and it makes it much easier to find what we're looking for, especially when time matters.

The Event Log Filtering utility also allowed us to find information much quicker in our environment because it simplified the process of finding information. 

View full review »
RC
Senior Security Analyst at a transportation company with 501-1,000 employees

Our previous SIEM did not have dashboards, so there wasn't a starting point. With our previous SIEM, we had to have a specific thing we were looking for, and only then we could find it. 

The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation. The dashboards, therefore, are our favorite feature of the SIEM.

The solution helped with productivity and the ability to process logs. We do Event Log Filtering for certain log types, which we don't want in our SIEM as they're just too noisy. Having too much noise in the SIEM makes it harder to find relevant things. Therefore, we use Log Filtering to limit the noise. It's also given us the ability to bring more logs in, so we bring them all from all of our workstations and servers. Doing the log filtering this way allowed us to bring in other log sources and keep the noise manageable.

It's helped reduce our administrative overhead. Before we started doing the log filtering, we exceeded our license capacity for what we were licensed in terms of logs in our SIEM. The filtering allowed us to bring the noise down and helped us with the removal of junk logs that are not useful. We have a lot of firewalls, and anytime you're traversing internally inside of the firewall, it generates a lot of traffic. That kind of traffic is the type of traffic we took out, allowing us to bring our workstation traffic logs in to give us a better view of our environment.

It's very big for us that the solution is out-of-the-box. To have the solution be turnkey was significant as it enabled us to ramp up and get the logs onboarded immediately. There wasn't a lot of configuration to get to a point where we could bring logs in. It was essentially turnkey.

View full review »
DS
IT Security Analyst at a hospitality company with 10,001+ employees

The most valuable feature I get out of the LogRhythm platform is being able to take machine data and present it in a format that's easy to understand, easy to analyze, easy to pivot through to get answers to the questions that I had that I'm investigating, whether they're security related or operationally related.

At this time, we're not using any of the playbooks in LogRhythm because it's currently not available in our version. However we are very excited about that feature coming out in the near future and we're definitely looking at using playbooks to do phishing, unauthorized access and our other use cases we're gonna identify in the future to make sure that our analysts are responding to the threats in similar ways and that the correct actions are being taken.

We have around 75 different types of log sources coming into the environment right now. The log source support is good, there's always room for improvement. One of the areas that LogRhythm's kind of pushing really hard right now is to integrate more cloud solutions, so your Office 365, your Azure, your AWS, making sure that those SaaS and other cloud platforms are getting the data you need into that platform. It's getting better but there's definitely still work to be done.

We currently have 3000 messages per second in our environment but we still have a number of different resorts to onboard in our tenant. So we're definitely looking to push above, probably the 7, 8000 range.

View full review »
RH
Security Engineer at U.S. Acute Care Solutions

The analytics that it does.

Full-spectrum analytics capabilities, which we use for:

  • User behavior.
  • Watching and monitoring for login events or any anomalies. 
  • Going through and watching trends. 
  • Knowing what activities endpoints are doing, where they're going, what websites they visit, then making sure that they're in the normal or making sure they pick up on any outliers.
View full review »
EE
Administrator Executive at a individual & family service with 10,001+ employees

It gives us insight into our entire installation, where we are multiple sites, going as far as the East Coast to the Central West Coast. Our operation is small. I am a one-man shop right now, so it gives me a chance to aggregate all my events and logging, alerting, in one spot. I come in and can see exactly what is happening.

View full review »
it_user756357 - PeerSpot reviewer
Senior Security Analyst at a energy/utilities company with 1,001-5,000 employees

The recognition of many device types, log message formats, and the most common device types out there. Then, the ability to quickly display data, and do the classification on it. That is the big value.

I have used it a lot. I have used it against other SIEMs. I have used it in conjunction with other SIEMs, and it is the easiest to use and makes the most sense to me.

View full review »
Mohammed Jamous - PeerSpot reviewer
Chief Information Technology Officer at a insurance company with 11-50 employees

The solution has the ability to add and compare use cases. 

View full review »
RO
FSE at a computer software company with 1,001-5,000 employees

As a SIEM, probably the best feature is that it can be tuned effectively. There are very few SIEMs out there that can be effectively tuned to provide you with meaningful information and not be overwhelmed. It has the capability to do that, but it probably takes a little more time to do that. 

View full review »
JM
Principal Security Analyst at a healthcare company with 10,001+ employees

Most valuable features for our organization are the centralized painted glass for us to go through and triage and see everything going on in our environment. We're a mature organization. We have a lot of tools and a lot of different implementations and to go through all those dashboards monitoring everything is just not possible. So we centralize everything and then we get it, come into the web console and we're able to triage and respond quickly to anything that is important.

We do use many other capabilities with LogRhythm. We of course collect from our printer devices and our servers as well as some of our security specific systems. We'll drink from API's. We'll also implement file integrity monitoring in our data environment. So we use a lot of different features available within LogRhythm.

It makes is possible to stay aware of much more of what's going on. We get an overview, a macro view that we can zoom in on as opposed to prior to that we had individual panes of glass. You might be stuck in the firewall interface for half a day whereas something goin on is not getting addressed that we really should probably investigate. So that's our biggest benefit.

We're not using any of the built in playbooks. We are about to go up to version 7.4 once it becomes available. We were not an early adopter because of our size.

View full review »
JH
Security Engineer at Managed Technology Services, LLC fka LexisNexis

The most valuable features are the reporting tools. A lot of times as security, we are tasked with explaining to management and the executives how the security program is going, what our concerns are, and if we want to get anything out of them as far as budget to fix some issues. We have to be able to show the evidence, and LogRhythm does a great job of putting it forward and making it easy to create reports with nice looking dashboards, which show off what we are doing as a security program.

View full review »
DO
Senior Security Engineer at a healthcare company with 10,001+ employees

The most valuable features are the alarms, and some of the reporting features in the product are great. The web interface is awesome, it's very intuitive and gives a lot of great information.

View full review »
CG
Senior Security Engineer at a healthcare company with 10,001+ employees

The functionality of it. It definitely does a lot of things out of the box. You don't have to do a ton of tweaking and tuning, but that's there for you if you want it. Big-time usability and implementation is easy.

View full review »
AA
Assistant Manager Enterprise Security

What I found most valuable in LogRhythm NextGen SIEM is that it's user-friendly. I also like its dashboard, which shows all the logs and information I want to see.

View full review »
KA
Unit Head Titanium (Security Solution) at RapidCompute

We really appreciate the new cloud functionality. The cloud is really showing its dominance. 

Technical support is very helpful and responsive.

The product has a lot of useful features.

View full review »
WF
Information Security Engineer at Seminole Tribe of Florida

The most valuable feature is the Threat Intelligence Services (TIS).

View full review »
Rahul Kate - PeerSpot reviewer
Co-Founder at First Defense WLL

The GUI is very intuitive and the solution has good integration.

View full review »
MohamedKarram - PeerSpot reviewer
SOC Manager at Infratech Co

Its ease of use is valuable. It has improved a lot from the previous versions. It had a lot of issues before, but now, it's way better in terms of integration, the console part, report creation for use cases, false positive numbers, and so on. Its AI engine is a lot more advanced in the latest version.

View full review »
JM
Senior System Administrator at DP Infotech Pvt Ltd

I'm happy with their AI in general. 

We're able to make useful dashboards. 

The initial setup is now complex if you have a bit of knowledge going in. 

The solution is stable. 

View full review »
KM
Global Security Manager at Chart Industries Inc

The most valuable features in LogRhythm, honestly for me, the single most valuable feature is the web console. That is actually the primary reason we chose LogRhythm over some of these other solutions because I was able to leverage web console usage across multiple layers of IT, and I didn't have to sit back and teach everybody complex SQL queries. Just that point-and-click interface, it's nice and bouncy and it's beautiful to look at has really driven the adoption of the use of the software. Secondarily, I think another really great feature is the LogRhythm community. And the content that that provides has enhanced our adoption over the years.

We don't use the full-spectrum analytics capabilities of the SIEM mainly because I'm a lone wolf in running it. It's just a matter of timing and focus. We do a lot of analytics around user behavior although we're not a cloud AI customer yet. We're doing a lot of what they call the AI engine to do user behavioral modeling and we're starting to onboard some network behavior modeling analytics as well.

View full review »
AW
Systems CSO at a manufacturing company with 1,001-5,000 employees

From an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have.

We use the full-spectrum analytics capabilities. We have a number of rules that we've built, and built-in rules that we leverage as well. We've got a whole bunch of dashboards and the like to do the analytics. We definitely find the full-spectrum analytics to be valuable.

View full review »
DO
Senior Security Engineer at a healthcare company with 10,001+ employees
  • AI Engine
  • Alarm rules correlation
  • Web interface
  • The amount of information it has throughout the web interface
  • The drill-down
View full review »
TG
Cybersecurity Analyst with 201-500 employees

The most useful feature that I've found so far is the search function. I like all the different ways you're able to search through metadata and the different ways you're able to correlate or search through logs to find out what's going on.

The Event Log Filtering feature filters out certain logs that we don't need, and it has definitely helped decrease costs and increase efficiency for all of the products. With its hardware being on-premises, it reduces resources all around and makes it more efficient.

The Event Log Filtering feature has also helped us reduce our administrative overhead by approximately 10 to 15%.

In terms of managing workflows and cybersecurity exposure, LogRhythm SIEM is very efficient and is a good tool to use for locating and auditing any sort of activity that goes on in the network. It's very helpful for tracking and finding, even down to a granular level or up to events.

It's definitely been helpful with blind spots, especially in terms of vulnerabilities that aren't picked up by the scanners that we have. There were multiple instances where we've had brute force and various types of attacks that were quickly escalated to us via alarms and that were easily read and acted on.

View full review »
it_user576042 - PeerSpot reviewer
Senior IT Security Analyst at a retailer with 1,001-5,000 employees

For my situation, besides the investigation that LogRhythm offers, it's the AI Engine rule set that it offers. It has brought us more significant changes in how we alarm and notify our users about what's going on in our network. It's not just one specific log, it's the correlation of multiple logs on different log sources.

View full review »
SN
Sr. Systems Support Analyst at a manufacturing company with 10,001+ employees
it_user338868 - PeerSpot reviewer
VP, Information Systems Security Officer at a financial services firm with 501-1,000 employees

The AI engine is what I like the most. It’s all in how LogRhythm correlates the events that it is receiving. It takes a lot of guesswork away from the analyst. We don’t have to reinvent the wheel. Out of the box, it's very easy and intuitive to get started. It’s easy to see the impact of the event in which you are receiving.

View full review »
SB
Technology Solutions Head at MANTRA TECHNOLOGIES LTD

The user interface is good.

View full review »
AB
Manager of Information Security at a real estate/law firm with 51-200 employees

I wish I could just name one feature! There are so many: 

  • The ability to drill down and pivot from an event is one of the biggest advantage the product has compared to other things that I have seen in the market.
  • LogRhythm differentiates itself through its usability.
  • Its simplicity. It can do more than just basic simplicity.
View full review »
GW
IT Security Administrator at a energy/utilities company with 1,001-5,000 employees

We like the alerting features. They seem a little more hands-on and easier to set up.

View full review »
JC
Senior Security Analyst at a financial services firm with 501-1,000 employees

The breadth and harvesting of information the SIEM is capable of doing. I've been in this probably going on 30 years, and I've seen the growth. I found a resource that's outstanding in finding information and then the most important thing, distilling it, putting it together, which is a real big challenge in this field.

View full review »
it_user769674 - PeerSpot reviewer
Sec And Risk Lead at Baker Tilly Virchow Krause, LLP

We're fairly new to LogRhythm. One of the things that we really liked in the deployment PoC phase was the dashboard. How easily it percolated critical information up onto a screen that we could immediately review, and drill-down to look at the raw logs. That was one of the key features that we liked in the PoC. Still today, that is by far one of the best features.

View full review »
SA
Information Security Officer at First Mid Bancshares Inc

The scalability. We had a huge problem with that before. Now, we can quickly search through all of our logs. If we have an issue that, perhaps there's something suspicious from a particular host, we can quickly go through there and search all the logs for anything that had to do with that host for a specific time frame, and anything coming to or from that host, or if it's a user, or whatever it is. Investigations, its really been helpful for.

View full review »
it_user756429 - PeerSpot reviewer
Senior Security Engineer at Augeo Marketing

Provides visibility into the network. We got it for PCI compliance for the most part, and we also do SOC 1 and SOC 2 compliance, so we can show that we're secure to our clients. We have a lot of financial and other customers that care about security with the kind of business that we do. But we're looking at it to do SOC Light, not 24/7, but we want have a visibility into everything that is going on in our network, be able to respond, and do incident response using LogRhythm as our main console.

View full review »
it_user576042 - PeerSpot reviewer
Senior IT Security Analyst at a retailer with 1,001-5,000 employees

It's a compliance tool for our needs.

Security analytics, cloud security, log management are also definitely valuable. We're looking at all the cloud features at this point, even antivirus is going to cloud. A lot of analytics are going to the cloud. So, we're looking at LogRhythm, what it's going to do at with the AI cloud stuff.

View full review »
MR
CEO at a tech services company with 51-200 employees

The most valuable feature is the SOC Security Operations Center feature. This solution has two types of systems, virtualization and the appliance. The appliance is ready and configured, so we use the IP addresses and trigger the endpoint. It's very user-friendly, and whenever anyone deploys a virtualization system, they can experience it.

View full review »
PP
Senior SIEM Engineer at a financial services firm with 501-1,000 employees

Some of the valuable features, I find it's very easy for me to integrate new log source types within the SIEM. The MPEs, there's plenty out of the box solutions that we can integrate new appliances with. We're constantly buying and upgrading our appliances, so it makes it easy for me to ingest logs and run correlations in the AI Engines. 

Currently, we don't have full spectrum capabilities. We're using AI Engine mostly to run correlations, and then we obviously have our dashboards and stuff, but apart from that, we're working on the UEBA implementation for users to run more correlations. We do have our net monitors that we use to run packet monitors, packet captures, and even traces.

View full review »
MN
Information Security Analyst at Endicott College
  • The threat analytics
  • Seeing what potentially could be happening; what are the riskiest things going on.
View full review »
it_user756426 - PeerSpot reviewer
SOC Manager at a energy/utilities company with 10,001+ employees

The important thing in LogRhythm is the correlation in the AIE rules. It correlates all the logs to give meaningful events.

View full review »
it_user256056 - PeerSpot reviewer
Director Of Infrastructure And Security
  • Ability to collect logs
  • File integrity monitoring
View full review »
Haitham AL-Sarmi - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees

LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it.

View full review »
JW
Security Administrator at a non-profit with 501-1,000 employees

The most valuable feature has just been the log reporting. Within three hours of installation of LogRhythm, we were pulling error reports that actually indicated we had a switch about to fail. It saved us about ten thousand dollars of a potential failed switch.

We are ramping up the analysis and the analytics part of the LogRhythm. We're in the process of building a lot of that. We're trying to build out as clean as possible, so what we have in place is a lot of the intrusion detection and basic PCI compliance.

View full review »
DH
Information Security Analyst at a non-profit with 1,001-5,000 employees

The most valuable features for me is just to be able know who's in the network, being able to drill down on the alarms, to being able to look at the different rules or whatever that's been impacted within the network for anyone being in the network.

At this point we don't use the full spectrum of analytics. We're still fairly new and trying to tweak our system to get the information that we want out of it. So we're still at the beginning stage.

We are not using the playbooks, we're still on a version that doesn't support them. But yes, after going through the session today, the preview session, we definitely want to use the playbooks.

View full review »
EH
Senior Security Engineer at a healthcare company with 1,001-5,000 employees

The capabilities that we mostly take advantage of in the LogRhythm platform is the wide array of log formats that we can bring in from various systems, and the capability to create custom role processing capabilities for log sources that may not already be a part of the platform.

Currently, LogRhythm, the playbook's functionality is not in my version, so we're looking forward to utilizing playbooks. That's part of the main draw for me to come here, was to learn more about the playbook functionality and how we can incorporate that into our platform. But right now, the functionality is not there.

View full review »
BH
SOC Analyst at a financial services firm with 1,001-5,000 employees

Being able to find everything in one place is really nice when you're doing your searches.

View full review »
JM
Principal Security Analyst at a healthcare company with 501-1,000 employees

There's value in all of it. The most valuable is the reduction in time to triage. We take in around 750 million logs a day. We have a lot of products and that would be a lot of different panes of glass that we would have to look through otherwise. By centralizing, we can triage and take steps much more quickly than if we tried to man all the interfaces that come with the products.

View full review »
AB
Senior Security Analyst at a consultancy with 1,001-5,000 employees
  • Out-of-the-box features, like widgets and dashboards.
  • The content in the LogRhythm Community is very helpful and useful for new users.
View full review »
it_user545001 - PeerSpot reviewer
Security Operations Center Manager at a financial services firm with 1,001-5,000 employees

We find the user interface and the ability to pivot near search from one particular item to the next part item to be highly valuable. 

Its ability to work with all different sorts of log sources has been extremely valuable. 

View full review »
JT
Information Security Engineer at a financial services firm with 501-1,000 employees

Right now I really like the dashboard, and being able to view it easily, and to just have all the data right there available for me.

View full review »
it_user756333 - PeerSpot reviewer
Security Analyst at Xanterra

The PCI compliance pieces that help us produce reports for our external auditor, and their support.

I constantly sing the praises of their support group. It's a complicated, vast product with a lot of breadth and depth. Things go wrong. But when I have a problem their support group will get a hold of me within minutes to hours, at the most. If it takes a group of people to solve the problem they pull a group of people together. They will create remote sessions. I don't have any other vendors with the same level of support that LogRhythm does.

View full review »
GN
Head Of Technical Services at a tech services company with 51-200 employees

I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages.

What LogRhythm really excels at is its stability, since, in all the deployments that I have been involved in, there's no break-and-fix at all. When the customer finds that there is something lacking from the solution, it is often a matter of deploying extra appliances and things like that. So the most valuable feature in an abstract sense is that it is so reliable. 

View full review »
MC
Information Security Officer, Network Analyst at a university with 1,001-5,000 employees

Automations are very valuable. It provides the ability to automate some of our small use cases. 

The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools.

View full review »
JD
Vice President at a financial services firm with 201-500 employees

The ability to investigate a particular period of time where you can analyze logs is its most valuable feature. 

View full review »
JA
Security Lead at a financial services firm with 201-500 employees

LogRhythm has really improved, I think, my personal sense of security as far as our organization. I feel that I can trust the data that it's pulling in. Through its metrics, I can see when something isn't reporting so I know immediately if, maybe say one of our core servers isn't feeding its logs to us, I can remediate that almost immediately, and then feel secure again knowing that that data is coming to LogRhythm, and LogRhythm is correctly dealing with it. I can know that our security is in place.

We haven't used any of the LogRhythm built-in playbooks yet. Stability has been really good. The LogRhythm platform in our environment actually sat for three years with no one really using it. I came in about six months ago. I was able to pull it from generating about a thousand alarms a day that were just heartbeat errors, or critical components going down, to it actually only generating about 100 alarms a day, some of those being diagnostic alarms, but most of them being very helpful alarms that rarely ever point to having a component being down. With some short maintenance daily, LogRhythm has been a very stable platform.

View full review »
SB
Information Security Manager at a tech vendor with 1,001-5,000 employees

I think the biggest thing is tying all of our log sources together, whereas there was a lot of manual work before of reviewing Windows logs or you know, firewall logs. Bringing it all together so that way my team, the information security team, as well as the infrastructure team can kind of view all of that from a single pane of glass and see everything that's going on in the environment.

As of now, we're not using all of the full analytics capabilities that we know the logarithm SIM can do. So it's one of the things, areas of that we need to improve on. We have all of our log sources in there, now making sure that we're getting the value of all that together is something we still need work on, so.

View full review »
it_user769665 - PeerSpot reviewer
Chief Security Officer at Optomany

The most valuable feature for me is that it's a single pane of glass for all of the analysts in my team. It gives us complete eyes and ears into what's going on within our environment. We run two separate installations. One is in our datacenter where we handle all of the sensitive data, and one is on the enterprise side, so it gives us a real good visualization of what's really going on.

View full review »
it_user756342 - PeerSpot reviewer
Technical Architect at a financial services firm with 10,001+ employees
  • The overall view of the solution: It encompasses end-to-end analysis and response.
  • Log management
  • Threat management: Threat hunting is going to be a large topic for us as well, which being a big data engine, will go a long way for us, too.

We have not move into cloud security so much, but eventually we will be there.

View full review »
it_user347160 - PeerSpot reviewer
Security Consultant and Co-Founder at a tech consulting company with 51-200 employees

The web interface, especially since the move to the open source storage system in v7, allows almost instant access to detailed log data from across the platform.

View full review »
it_user326751 - PeerSpot reviewer
VP, Information Security Officer with 501-1,000 employees
  • Advanced Intelligence Engine (AIE) for threat intelligence, 9/10
  • LRM for logging and compliance, 8/10
View full review »
Muhammad Ahtsham - PeerSpot reviewer
Information Security Engineer at RapidCompute

The log correlation is the most valuable feature.

Our clients enjoy having one dashboard to monitor their environments in real time.

View full review »
Lahiru Prabath - PeerSpot reviewer
Engineer - Network and Security at Connex Information Technologies

It's very easy to create the correlation rules with LogRhythm, and there are some advanced features like SIEM and UEBA, which are also very valuable.

View full review »
it_user756336 - PeerSpot reviewer
Deputy Ciso at Temple University

The thing that I find most valuable is that every interface is consistent. Whether you're looking at a dashboard, a drill-down, an alarm, a search, the interface is exactly the same. As you move through the experience of looking at some type of event, some type of incident, following up on a search, everything is consistent throughout the whole user experience.

View full review »
it_user769683 - PeerSpot reviewer
Cyber Security Operations Manager at Old National Bancorp

Probably the investigation part, being able to investigate any log. We've got so many sources that go in there that, at any given time, we can easily look up the logs on just about any system that we have.

View full review »
it_user341256 - PeerSpot reviewer
Lead Specialist - Information Security at a hospitality company with 1,001-5,000 employees

The speed at which I can get into forensic data is the most useful thing.

View full review »
SK
Security Engineer Analyst Admin at a aerospace/defense firm with 1,001-5,000 employees

Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing.

View full review »
it_user756336 - PeerSpot reviewer
Deputy Ciso at Temple University

The consistency of its interface, whether you go to a dashboard, a search, an alarm - everything comes back consistently. There isn't a different interface for every function that you do, so it makes it very usable.

View full review »
PC
Consultant at RIPEN

The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network. 

The engine accurately and quickly identifies problem areas as it correlates events from various devices. 

Without this engine, logs would have to be built individually for each device. 

View full review »
it_user756306 - PeerSpot reviewer
Manager Security Operations Center at a leisure / travel company

One of the most valuable features is the investigation tab. It allows us to dig in deeper into the alerts that we receive today, based on the policies, that get triggered by our end-user population.

View full review »
it_user317229 - PeerSpot reviewer
Information Security Engineer at a tech vendor with 501-1,000 employees

The Web UI is perhaps the most valuable feature in the solution.

View full review »
YI
security solutions integrator at a consultancy with 1-10 employees

LogRhythm's GUI is easy to explore. We also like other features, such as its integration with other security solutions, log correlation, and the deployment of use cases.

View full review »
SR
Senior System Engineer at a tech services company with 11-50 employees

I appreciate the fact that I can do everything from one dashboard. That is the main aspect of LogRhythm so far that I find extremely useful. We don't need a different dashboard or other solution for managing things.

The initial setup is simple. 

The solution is stable.

The product is great for medium to large-scale organizations.

The product can scale. 

Technical support is reportedly quite good.

View full review »
MS
Senior Network Engineer with 201-500 employees
  • AI
  • SMART Response
  • Looking forward to using the playbooks
View full review »
it_user756354 - PeerSpot reviewer
Security Analyst 3 at a comms service provider with 1,001-5,000 employees
  • The user interface (UI)
  • Ease of use, especially if you are starting off
  • The AI
View full review »
it_user756324 - PeerSpot reviewer
Senior Manager IT Security at Virginia Premier Health
  • Being able to gather logs in one place
  • Being able to process them and generate alarms
View full review »
it_user756366 - PeerSpot reviewer
Senior Network Systems Engineer at a non-profit

The ability to threat-hunt and, being a small staff of five people, we can actually not put a lot of time in administration, the care and feeding of it, and get useful analytics out of it.

View full review »
it_user756435 - PeerSpot reviewer
Threat And Awareness Manager at a tech services company with 1,001-5,000 employees

It is the dashboards. Up until just a couple of weeks ago, we were just using the standard dashboards. We actually had our account manager and professional services team members come out to our Security Operations Center (SOC) and essentially walked through our processes and how the SOC operates. One of the immediate improvements was using the dashboards more effectively, so we just used the standard, out-of-the-box dashboard, and it actually wasn't really telling us much.

Now, the SOC have custom dashboards, showing them a lot more useful information, puts the information in context, and they are actively using it for proactive investigations, rather than just responding to alarms.

View full review »
it_user331431 - PeerSpot reviewer
Senior Information Systems Specialist at a manufacturing company with 1,001-5,000 employees

The product was easy to deploy and easy to learn how to use. The web console is the best I’ve seen when compared to other SIEMs.

View full review »
MB
IT Specialist at a healthcare company with 51-200 employees

The AI Engine.

View full review »
it_user756381 - PeerSpot reviewer
Manager Of Cyber Security at a healthcare company

The most valuable feature to me is certainly the CloudAI, which I have been a beta tester of, and also the SIEM capabilities and automation.

I see CloudAI expanding greatly. It's obviously a new product for them. It will be able to give contextual evidence of people's behavior which, at the moment, whilst the SIEM does that, AI actually is that specification and concentration on people's behavior, which is a huge component in cybersecurity.

View full review »
it_user756405 - PeerSpot reviewer
Principal Security Specialist at University Of Massachusetts

I would say the amount of data that it collects and the way it correlates it, extracts it, and makes it easy for an analyst to look at it and deep dive into it. I had another SIEM before LogRhythm and it was nowhere near what LogRhythm does.

The idea to me is collecting all this data and then extrapolating all that data, and it's phenomenal.

View full review »
KM
Sr IT Security Engineer at Puget Sound Energy

The most valuable feature is scheduling the KB update, which reduces administrative effort.

View full review »
DK
Information Security Analyst at a retailer with 201-500 employees

The most valuable features for me are the customization features. I can build it out to do whatever I want. I've created rules in there for Crypto mining and Crypto jacking. 

The compliance aspect is phenomenal. The reporting in there is fantastic. It helps our internal audit team. It also helps us with our compliance, as well, for our audit. So it's a lot of good options in there.

CloudAI gives us analytics into our user's behavior and whether or not they are acting outside of their norms. It has helped me to identify a lot of policy violations inside of our networks. A lot of bad habits. Just for a specific use case, I've identified where an account that should have been disabled was being used by another user inside of our network. A lot of policy violations. A lot of geographical location identification inside of the networks.

CloudAI-UEBA has enhanced my security operations because I've been able to track down users with anonymous behavior. To be more specific about that, I've been able to track down users that were using accounts that they shouldn't have. So for example, we had a user that left the company and another user was using that account to access servers inside of our network that they didn't have access to. So it's very powerful. It just takes some learning to get used to.

View full review »
KW
Security Engineer at a financial services firm with 1,001-5,000 employees

The Web Console is my favorite. It enables me, at a glance, to see the health of the environments. That is really important to me and to us.

View full review »
AO
Senior Security Analyst at a leisure / travel company with 10,001+ employees

The AI Engine is the most valuable feature.

View full review »
it_user756366 - PeerSpot reviewer
Senior Network Systems Engineer at a non-profit

Favorite feature of the product is the ease of administration. There's not a lot of overhead. We don't need a FTE dedicated just to admin the product. That was one of the biggest selling features for us.

View full review »
it_user769662 - PeerSpot reviewer
Operations Team Lead at Mary Kay Inc

Most valuable feature is really providing us visibility into our infrastructure. Frequently, I'm reaching out to our partners in the business, and I'm asking them how I can assist them, and how I can improve their visibility from a security perspective. 

Often times, like many of the users I've met this week here at the LogRhythm User conference, we've encountered that the business owners, they're not familiar with their logs. Some of them haven't even really looked at them. But when I delve into the logs with them, and identify some things we can trigger on and alert on, and really help them improve the efficacy of their tool, it's really been a big benefit to have that visibility. Not only from the security perspective, but an operational perspective. It's really helped to build a relationship between us and the business.

View full review »
it_user769659 - PeerSpot reviewer
Data Sec Program Manager at a insurance company

The most valuable feature of LogRhythm for me is the ability to correlate logs throughout many different log sources. Every different log has a different time stamp, it has a different user, things are in different places. But with LogRhythm you can take all of your logs from all the different sources and make them relevant to each other. 

So if you're looking for a user that is doing something malicious or if you're looking for a computer that is maybe making some calls out to systems that you've never made before, you can correlate based on a user attribute or a computer attribute to say, "Go find me everything that that user is doing." Because of the correlation, you can then have alarms and reporting off of multiple log sources.

View full review »
it_user756369 - PeerSpot reviewer
Senior Cyber Security Engineer at a healthcare company with 1,001-5,000 employees

I like the usability of it. I like the web console and the ability to pivot through all the data in real-time.

View full review »
it_user756360 - PeerSpot reviewer
Director Information Security at Vail Resorts

Being able to centralize and have one view of all the threat events coming out of all my multiple security sensors.

It has been the easiest SIEM platform that I have worked with or seen in production.

View full review »
it_user756303 - PeerSpot reviewer
SYM Engineer Specialist at FIS

Visibility. Being able to see the system, see what's coming in, and being able to report on the logs coming in. Seeing what other people are doing and being able to track down quickly what is going on in your network.

View full review »
it_user756381 - PeerSpot reviewer
Manager Of Cyber Security at a healthcare company

As a healthcare company, what we use it for is compliance, then to protect our data from exaltation.

View full review »
it_user756390 - PeerSpot reviewer
IT Infrastructure Manager at Jeunesse Global

Well our eCommerce site is very important to our business. So not only NetMon, but also just knowing the traffic that's coming in and out of there, and whether it's coming from bad sources. We have to protect our eCommerce site and it is helping us do that.

View full review »
it_user341232 - PeerSpot reviewer
IT Security Specialist at a manufacturing company with 1,001-5,000 employees

The advanced intelligence engine -- in fact, the whole suit -- is very powerful. It depends how you use it. Security management is what it's best at. As far I’m concerned, it’s one of the best.

View full review »
EC
Security Admin with 1,001-5,000 employees

The most valuable features are probably the AI Engine is very valuable, as well as Netmon.

We plan on using the playbooks, and the value I think we'll get is automating the or scripting their responses that our analysts use, rather than using our existing playbooks, which are somewhat incomplete. I think the playbooks will be a lot of out of the box pre-scripted playbooks that should be extremely helpful to us, as well as integrating some of the smart response capabilities into the playbooks.

View full review »
AW
Enterprise Information Technology Security Engineer at a government with 1,001-5,000 employees

The most valuable features would be the automation, reporting, and the support.

I do plan to use the full extent of the correlation and AI Engine to streamline our processes.

View full review »
CO
Senior Architect at a energy/utilities company with 201-500 employees

We do a lot of the alerting, as far as user accounts. We have NetFlow information going into it, so we can examine a lot of traffic patterns and anomalies, especially if something stands out and is not the baseline. This helps a lot.

View full review »
CG
Network Security at a energy/utilities company

For me, one of the most valuable things about it is it helps me to produce evidence in my compliance role for NERC. It helps me to really bring all my logs together and easily translate that into evidence, to show I’m doing what I’m supposed to be doing.

View full review »
CG
Network Security at a energy/utilities company

For me, the NERC compliance modules are probably the best thing. And the system monitors, they really pick up a lot for me.

It helps you get an eagle-eye view and then delve down granularly. The ease of that is pretty amazing.

View full review »
it_user386685 - PeerSpot reviewer
Director of Information Technology at a university with 1,001-5,000 employees

It allows me, through the reporting functions, to take a quick scan of what's happened in the prior 24 hours.

Also, it's essential for our compliance. We're audited frequently and this is the piece that's essentially mandated by the State.

View full review »
it_user375531 - PeerSpot reviewer
Information Security Analyst at a financial services firm with 1,001-5,000 employees

The most valuable feature is the AI engine, as well as the usual SIEM product stuff. The ability to have all of our logs in one place is a big thing for me.

View full review »
it_user331482 - PeerSpot reviewer
Senior Manager, Distributed Systems at a insurance company with 501-1,000 employees
  • SIEM
  • File Integrity Monitoring
  • Danned compliance reports (PCI, GLBA, HIPAA).
View full review »
TS
Security Analyst at a financial services firm with 201-500 employees

The most valuable features, for me as user, is probably the AI engine rules and dashboards, which give us a lot more insight into our security.

The playbooks functionality will be valuable down the road, but right now my team is too small to really take advantage of it.

Our messages per second right now is probably about 4,500.

View full review »
HM
IT Security Architect at a construction company with 10,001+ employees

Out-of-the-box, it already has a knowledge base solution. Therefore, if you do a little bit of work, such as configure the lists and log sources, you can have use cases implemented quickly.

View full review »
it_user769680 - PeerSpot reviewer
Sec Eng at a financial services firm

What I found most helpful out of it is the ability to see all of the same data, that I would get from my appliances, in one place. I don't have to log in to six or seven different appliances and hunt for that kind of information. I can just do some queries within LogRhythm and it tells me the same information.

View full review »
it_user769689 - PeerSpot reviewer
Technical Systems Analyst

I would say to us, the thing that matters most is the automation of the AI rules that are being sent to our emails to let us know what's happening within our network and within our environment.

When we set it up, we went through and probably turned on about 14 AI rules that we found to be really advantageous to us, and have tuned those over the past couple years. It's just worked out really well for us.

View full review »
it_user769692 - PeerSpot reviewer
Information Security Officer at a insurance company with 201-500 employees

Any SIEM, in and of itself, should be easy to ingest data, it should also be easy for the analyst to assess the different types of events that are coming through, be able to sift through false positives, and ensure that they are only acting on things that are truly actionable, that need to have attention. It's not one of those things that you want to have analysts spending a lot of time on, and then seeing false positives in the system. It just gets to a lack of trust within the system.

LogRhythm has shown to us, to this point in time, that it has the capabilities of being able to deliver actionable intelligence to the security engineers and analysts.

View full review »
it_user756408 - PeerSpot reviewer
Information Security Analyst 2 at a non-profit with 1,001-5,000 employees
  • Visibility
  • The AI Engine for rule generation
View full review »
it_user756417 - PeerSpot reviewer
Information Security Engineer at Lancaster General Health
  • SmartResponse flexibility
  • Ease of use
  • Ease of administration

Overall, versus competitors, it is a lot easier to use, a lot more user friendly, but it still gives you a lot of flexibility to do whatever you want. The limit is your imagination, for SmartResponses at least.

View full review »
it_user756330 - PeerSpot reviewer
Senior Network Engineer at a transportation company
  • The SmartResponse and the alarming
  • The ability to write your own rule set
View full review »
it_user756378 - PeerSpot reviewer
Information Security Analyst at Aims Community College
  • Log correlation
  • Aggregation
  • Being able to quickly identify threats in our network.
View full review »
it_user756327 - PeerSpot reviewer
Senior IT Security Analyst at a financial services firm

It is creating a whole ecosystem, integrating different security components together, whether it is bringing the CloudAI, a UABE solution or smart response case management.

View full review »
AW
Principal Consultant at ITSEC Asia

LogRhythm's dashboard can link to many other kinds of information.

View full review »
SB
Cyber Security Researcher at a tech services company with 1-10 employees

The UEBA flow is the most useful aspect of the solution.

The initial setup is pretty easy.

While the cost is high, the security provided is quite good, and for those who can afford it, they will pay for the peace of mind.

View full review »
it_user756387 - PeerSpot reviewer
IT Security Administrator at a financial services firm

The Web Console, and digging in through the logs.

View full review »
it_user756402 - PeerSpot reviewer
Cyber Security Engineer at a healthcare company with 1,001-5,000 employees
  • The SmartResponse piece of it.
  • It supports most standard log sources.
View full review »
it_user756396 - PeerSpot reviewer
Security Administrator at a tech services company

The artificial intelligence engine.

View full review »
it_user756312 - PeerSpot reviewer
Systems Architect at a university with 10,001+ employees
  • The integratedness
  • The parsing
  • Their partnerships with various device manufacturers

They keep it up to date, you don't have to worry about that when their products change.

I think as an aggregator it works very well, and as a case management tool it works very well. I think it works reasonably well for parsing. I think there's always room for improvement there; I'm thinking any solution that I've seen, it's just a difficult problem to solve.

View full review »
it_user320625 - PeerSpot reviewer
Senior Security Engineer at a tech vendor with 10,001+ employees

Its Security Information and Event Management (SIEM) capabilities (security analysis, forensics) are the most valuable features for us.

View full review »
it_user756315 - PeerSpot reviewer
Security Analyst at Guitar Center
it_user756399 - PeerSpot reviewer
EMS-Scada Infrastructure Engineer at a energy/utilities company

Compliance. It's the main focus of the solution, and that is what we've been doing: logging, monitoring, and alerting.

View full review »
it_user756372 - PeerSpot reviewer
Security Analyst at a tech services company

Being able to have all our logs all in one place, so we can easily correlate across the environment.

View full review »
it_user756414 - PeerSpot reviewer
Lead Info Security Architect with 501-1,000 employees

Using the web console to get a quick look at what's happening on the network, so the different dashboards that are available. Those are probably the things I look at first. Probably very useful at really analyzing what's going on.

View full review »
it_user756300 - PeerSpot reviewer
Security Architect at a leisure / travel company

We're doing almost 10,000 EPS right now and we have anywhere between 5000 and 6000 servers, and a couple thousand network devices more or less.

Our goal is pretty much to gather all those logs. Keeping track of when new servers are deployed and new network equipment gets put out there and then have them report to LogRythm. That's mainly the biggest challenge so far.

Mostly for us the most valuable feature is its aggregation of all the logs into a single platform, and then doing the real-time monitoring based on that.

Also, the real-time monitoring piece of it, that's extremely valuable. Plus you can tweak a lot of their settings while other systems don't really let you.

View full review »
it_user326481 - PeerSpot reviewer
Sr. Mgr of Network Operations at a comms service provider with 501-1,000 employees
  • Investigation
  • Advanced Intelligence Engine
  • Alarming and Response
View full review »
it_user756420 - PeerSpot reviewer
Security Advisor at a manufacturing company

The UI. We can give it down to our SOC and we can train them.

View full review »
it_user756411 - PeerSpot reviewer
Security Analyst at a financial services firm

The most valuable part of the solution is being to view all of the logs whenever you want. Any time an issue comes in or something that needs to be researched, I have the logs there. I can go in, run an investigation. It's pretty much at my hands. Information is available on demand. I feel like I'm in control of it, which gives me warm, fuzzy feeling.

View full review »
it_user756393 - PeerSpot reviewer
Junior Information Security Analyst at a financial services firm with 51-200 employees

The fact that I can quickly determine if there is a threat actor from internal to external. That's our primary goal. We have a lot of traders and a lot of developers, internal, so that's generally where our presence is. We don't have a whole lot of online presence. We're not so much worried about external actors.

Being able to determine what a user is doing is really helpful for us.

View full review »
it_user756363 - PeerSpot reviewer
IT Analyst at a energy/utilities company with 501-1,000 employees

Visibility, obviously. Seeing all the logs from all the various log sources, be it perimeter, internal, overall security controls; getting it in one pane of glass. And alerting, obviously.

View full review »
it_user756339 - PeerSpot reviewer
Information Security Analyst at a legal firm

The visibility that it gives us into all of our data at once.

View full review »
it_user290340 - PeerSpot reviewer
Vice President at a financial services firm with 1,001-5,000 employees
  • Reporting - we need to do a lot of security monitoring
  • It doesn't have a lot of forensics, but we appreciate fact that it has the capability
  • The ability to collect a lot of information, as we have 200 users and a lot of log sources
View full review »
SS
Systems Administrators at a tech services company with 201-500 employees

File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting.

View full review »
CE
Associate Senior Engineer - Network & Security at Connex Information Technologies (Pvt) Ltd.

The most valuable feature is that we can alternate incident automations.

View full review »
it_user769656 - PeerSpot reviewer
Information Security Architect at a healthcare company with 1,001-5,000 employees

I believe the most valuable feature for us has been that we have all the logs together. We can query them, we can find all kinds of different situations that are going on in our network that we wouldn't have knowledge of without searching many different servers and logs.

View full review »
it_user756348 - PeerSpot reviewer
IT Security Analyst at a financial services firm with 201-500 employees
  • The web console
  • The case management
View full review »
it_user341220 - PeerSpot reviewer
Systems Administrator at a financial services firm with 501-1,000 employees

The log aggregation is what we use it for.

We don’t have a lot of the reporting configured or the advanced analytics. When the time is right, we will we will make the most of these features.

View full review »
it_user341262 - PeerSpot reviewer
Security Analyst at a retailer with 1,001-5,000 employees

I find that the ease of installation is a valuable part of the solution.

View full review »
RJ
Consultant at a tech services company with 11-50 employees

NextGen SIEM's most valuable feature is its user-friendliness.

View full review »
MR
SOC Analyst

NextGen SIEM's best feature is how it presents logs. For example, the dashboard view is detachable from other things.

View full review »
SB
Cyber Security Researcher at a tech services company with 1-10 employees

In terms of security, LogRhythm NextGen SIEM is great.

View full review »
TS
Security Analyst at a financial services firm with 201-500 employees

The dashboards and the AI Engine.

View full review »
it_user317892 - PeerSpot reviewer
Senior Information Security Manager with 1,001-5,000 employees
  • Clarity of information
  • Ease of deployment
View full review »
LM
CISO at a religious institution with 501-1,000 employees

Daily alerts: These allow me to quickly find security and operational issues which need to be addressed.

View full review »
it_user418188 - PeerSpot reviewer
IT Security Manager at a financial services firm with 501-1,000 employees

The reporting feature is valuable.

View full review »
it_user756384 - PeerSpot reviewer
Systems Administrator at a construction company
  • Security analytics
  • Compliance: The reason we implemented was compliance. We're hoping to use it more now.
View full review »
Buyer's Guide
LogRhythm SIEM
March 2024
Learn what your peers think about LogRhythm SIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.