LogRhythm NextGen SIEM Platform
Overview
What is LogRhythm NextGen SIEM Platform?
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…
Top Rated SIEM Platform
LogRhythm is definitely worth the price especially in large organizations.
Fantastic Product For SIEM LogRhythm
LogRhythm Logging for the masses (of stuff you own)
Great SIEM, especially the auto-defending piece
LogRhythm: A NextGen tool for NextGen analysts
Delivers enterprise level SIEM at a reasonable cost
If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect
SIEM That Ticks All Major Boxes With a User Friendly Platform
LogRhythm is a solid centralized logging solution for large businesses
A very powerful SIEM with a robust AI engine
LogRhythm is on beat!
LogRhythm - A great SIEM for on-prem with room for growth for Hybrid/Cloud
Effective security at your hands.
LogRhythm - excelling in customer support and innovation
Awards
Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards
Popular Features
- Centralized event and log data collection (20)9.090%
- Correlation (20)8.181%
- Event and log normalization/management (20)8.080%
- Custom dashboards and workspaces (20)7.575%
Pricing
What is LogRhythm NextGen SIEM Platform?
The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
45 people also want pricing
Alternatives Pricing
What is Blumira?
Blumira’s cloud SIEM platform offers both automated threat detection and response, enabling organizations of any size to more defend against cybersecurity threats in near real-time. It's goal is to ease the burden of alert fatigue, complexity of log management and lack of IT visibility.
Product Demos
Unleash the Power of Your SOC: LogRhythm NextGen SIEM Platform Demo | InfoSec Matters
How to Stop Phishing Attacks with LogRhythm | LogRhythm in Action
Features
Security Information and Event Management (SIEM)
Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools
- 9Centralized event and log data collection(20) Ratings
Effectiveness of real-time centralized event and log data collection
- 8.1Correlation(20) Ratings
Correlation of logs and events to pinpoint significant threats
- 8Event and log normalization/management(20) Ratings
Ability to normalize event syntax so that logs can be compared and are machine-understandable
- 4.6Deployment flexibility(19) Ratings
Ability to tune system to maximize threat detection and minimize false positives
- 7.1Integration with Identity and Access Management Tools(16) Ratings
Integration with access control tools like Active Directory and LDAP
- 7.5Custom dashboards and workspaces(20) Ratings
dashboards that can be customized to meet the needs of specific groups
- 7.1Host and network-based intrusion detection(14) Ratings
Ability to detect both endpoint intrusion and network ingress detection
- 8Data integration/API management(2) Ratings
Ease and quality of data integrations between SIEM and other systems
- 8Behavioral analytics and baselining(2) Ratings
How effectively activity and behavior baselines are established and maintained
- 7.1Rules-based and algorithmic detection thresholds(2) Ratings
Effectiveness of manually-established rules and algorithmically-determined detection thresholds
- 7.1Response orchestration and automation(2) Ratings
Quality of built-in response orchestration and automation in Next-Gen SIEM
- 7Reporting and compliance management(3) Ratings
Ease and quality of reporting and compliance functions
- 7.1Incident indexing/searching(2) Ratings
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Product Details
- About
- Tech Details
- FAQs
What is LogRhythm NextGen SIEM Platform?
LogRhythm NextGen SIEM Platform Video
LogRhythm NextGen SIEM Platform Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(70)Community Insights
- Business Problems Solved
- Pros
- Cons
- Recommendations
LogRhythm NextGen SIEM Platform is a versatile tool that offers a wide range of use cases for organizations of varying sizes. Managed security services providers rely on LogRhythm to detect and respond to threats in their customers' environments effectively. Additionally, organizations use LogRhythm to monitor their entire infrastructure, including endpoints, network devices, and security systems, providing a comprehensive view of their network.
For information security departments, LogRhythm serves as a valuable tool for collecting logs from important systems and helps with log management in cloud environments. This allows users to identify live attacks and configure environments for customer demos. The platform also supports compliance regulations by providing auditing and compliance features, such as NERC CIP and HIPAA.
Furthermore, LogRhythm facilitates incident response and improves overall security posture by collecting logs from various systems and monitoring critical infrastructure. It allows for alerting and monitoring specific events like machine restarts or new user account creations. The drill-down feature enables users to extract information efficiently and detect problems in a well-structured manner with easy-to-understand visualizations.
Non-technical users find LogRhythm user-friendly as it requires no coding or programming knowledge, allowing them to easily build rules and manage servers. The extensive documentation, support, and community surrounding LogRhythm make it easy for users to learn and configure the highly customizable SIEM platform. Overall, LogRhythm NextGen SIEM Platform has proven to be an invaluable tool in meeting compliance requirements, improving incident response capabilities, and enhancing overall security monitoring for organizations across various industries.
Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.
Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.
Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.
Limited error handling: Some users have expressed frustration with the limited error handling capabilities of LogRhythm NextGen SIEM Platform. They feel that when an error occurs, the platform does not provide sufficient information or guidance on how to resolve it.
Lack of customization options: Several reviewers have mentioned that they would like more customization options within LogRhythm NextGen SIEM Platform. They feel restricted in their ability to tailor the platform to meet their specific needs and preferences.
Complex user interface: A number of users have found the user interface of LogRhythm NextGen SIEM Platform to be complex and difficult to navigate. They have mentioned that it can take time and effort to learn how to effectively use all the features and functionalities of the software.
Users commonly recommend LogRhythm's SIEM for its ease of use and monitoring capabilities, making it a good all-in-one tool for SIEM needs in larger and mid-sized setups. They consider LogRhythm one of the best SIEM tools available, praising its impact and GUI compared to RSA NetWitness. Users appreciate LogRhythm's cost-effectiveness, easy configuration and administration, as well as its ability to consume less CPU memory. They also highlight the availability of support and conferences in the community. Users suggest having patience during the initial setup and build-out process, as they believe the end result is worth it. Improved overall performance, control, and functionality with LogRhythm's instrument panel are also praised.
Furthermore, users recommend LogRhythm for companies that can develop sufficient expertise in its software and have an in-house SQL expert. They advise making the best use of LogRhythm for complete visibility of the network. Some suggestions for improvement include enhancing the dashboard process, offering a community version for trial and certification preparation purposes, adding more features to the web interface, and incorporating AI capabilities to streamline threat identification. Users find LogRhythm to be a great tool for work in medium-large size companies, suitable for achieving high fidelity security context. It is recommended for security event analysis and considered a leader in SIEM solutions that provide good support and meet customer requirements. Users suggest trying LogRhythm for better results in enterprise solutions compared to other SIEM tools.
Additionally, users emphasize LogRhythm's affordability, streamlining SIEM experience, and its suitability for mid-size and large organizations, especially those with widely dispersed endpoints and multi-tiered SOCs. LogRhythm is seen as a powerful network monitoring tool with pricing advantages. Recommendations include purchasing it for specific compliance requirements and critical environment protection, involving system administrators early to help filter traffic, and allowing multiple people to administer the system to avoid bottlenecks.
In conclusion, LogRhythm's SIEM is consistently recommended for its ease of use, monitoring capabilities, impact and GUI, cost-effectiveness, configuration flexibility, support availability, improved performance and control, integration possibilities, and affordability. It is considered a leader in the market and an alternative worth considering for organizations seeking a reliable SIEM solution.
Attribute Ratings
Reviews
(1-1 of 1)LogRhythm Logging for the masses (of stuff you own)
- Great Web UI for help desk troubleshooting.
- Identification and drilldown of authentication issues.
- Performance trending.
- Correlation of events.
- Access and group policy change monitoring.
- Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
- Query building in the WebUI has little or no documentation.
- Depth of training on reporting is lacking.
1. You have audit requirements for system access
2. You need to alert and report on user activity
3. You need to troubleshoot issues
4. You want to monitor, report and alert on malicious / suspicious activity
5. You want to impress your management team with statistics...
I cannot think of any computing environment where logging is not appropriate.
- Centralized event and log data collection
- 100%10.0
- Correlation
- 100%10.0
- Event and log normalization/management
- 100%10.0
- Deployment flexibility
- 100%10.0
- Integration with Identity and Access Management Tools
- 100%10.0
- Custom dashboards and workspaces
- 100%10.0
- Host and network-based intrusion detection
- 100%10.0
- LogRhythm has had a positive impact on our reporting capabilities, although the reporting module is very difficult to use.
- Our support teams use LogRhythm to alert on, track and troubleshoot issues with authentication, inappropriate access attempts and other anomalous behavior.
- The cost of deployment was significantly lower than the competitor QRadar.
- Sustained flow acquisition and data collection of dissimilar log types from multiple sources.
- Customization for Reporting and Alerting in near real time.
- Offer Dynamic Monitoring.
- Presented in a Security Event Console.
- Automated Response Generation for Security Events.
- Support for Regulatory Compliance.
- Host, Application and Object Access Logs.
- Integration with IAM (Identity Access Management).
- Ability to Express and Track Compliance with User-Defined Policy.
- Mapping of Events to NIST/CSF and ISO 27001 Control Frameworks and Regulations.
- Incident Management and Workflow.
- Data Collection and Archiving.
- Redundancy, Scalability and Deployment Flexibility.
- Correlation and Taxonomy.
- Enterprise Administration, Auto-Discovery, Asset Classification, Embedded Security Knowledge
IT support staff including desktop and server support and analysts
Regulatory Auditors
Executives receive reports
- Regulatory compliance
- Log collection and archiving
- Log analysis for troubleshooting issues
- Reporting of security and access activities
- The AIEngine allows us to track and alert on anomalous activity
- The dashboard gives a realtime view of activities
- Scheduled reporting has reduced required audit findings for our numerous HIPAA and SOC audits.
- File integrity monitoring will be added to our deployment
- We are adding new threat feeds to our deployment
|
Attempts to get the demo version running on our test server were
unsuccessful even with the assistance of a EIQ support engineer
|
CorreLog
|
Successful tests were conducted over a period of two weeks. It appears the Windows solution will
require a great amount of customization to be useful in our environment. Agents would be required to every endpoint. Company was disqualified by our team when Gartner
failed to review them due to financial stability of the company. Size of development and support team is
also a concern.
|
Alien Vault
|
A review of available feature set did not fit the XYZ WIDGET CO.
model.
|
EventLog Analyzer
|
Off shore company, missed two different appointments for demo
|
IBM QRadar
|
Rebranded version of our current solution. Got quote to replace what we currently
have. 2 weeks ago I was promised a
call from IBM sales to discuss further.
Never got that call.
|
LogRhythm
|
Appliance based solution. Online
evaluation, full demo, great interaction with presales engineering. International support team.
|
- Price
- Product Features
- Product Usability
- Product Reputation
- Third-party Reviews
Would I buy it again? Yes, but I would hire the Pro Services team to come on site and see our old platform, before deploying the new one.
- Implemented in-house
- Professional services company
Power on and initial configuration of appliances
Configuration of log collectors
Configuration of endpoints to direct logs to the system (this is the most time consuming of all the steps)
Verify and accept logs from various resources
Begin creating lists of resources
Create reports and validate expected results, Tune report criteria, repeat
Create training documents for internal users
- Configuration of the Life Keeper software
- Configuration of the endpoints. We have a large group of dissimilar systems including AIX, *inux, Cisco, Windows and other resources.
- Pruning of logs not needed for daily operations.
- Learning to generate reports similar to the ones previously available through our old SIEM Platform
- Buy professional services.
- Buy and implement the system if possible.
- Remember that the end point log configuration may require other teams in your company to assist you in getting the desired logs from all resources.
- Attend the end user and daily operations training after a period of usage so you are not overwhelmed with information on concepts not yet seen.
- Don't be afraid to call for help during your first months of use.
- Don't close any ticket until you are sure the expected results are verified.
- Use the community forums to discuss issues with your peers.
- Watch the training videos offered by L R University.
Additionally, support is needed to assist when we can't get the information we know is there.
- The WebUI is the most used part of the platform, used by our Desktop support analysts, engineers and others for daily operations.
- The security team uses the console and reporting tool on a daily basis.
- Adding new assets to the system is very easy.
- Performing an investigation results in a case, which can be shared with team members.
- The knowledge base is a great feature and keeps the system up to date with relevant data include report templates
- The Malware feed monitor keeps the database up to date with potential threat information.
- Reporting is very difficult, and results are often unpredictible
- Building queries in the WebUI require a bit of scripting to get the desired result.
- The AI Engine is a bit corny with the graphical cube approach to build out alert scenarios.
The real time dashboard in the console is feature rich and provides graphical views and the ability to see associated logs.
The alarms dashboard displays the most recent significant events, and the ability to track and document how the event is being handled.