The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
Microsoft BI (MSBI)
Score 8.2 out of 10
N/A
Microsoft BI is a business intelligence product used for data analysis and generating reports on server-based data. It features unlimited data analysis capacity with its reporting engine, SQL Server Reporting Services alongside ETL, master data management, and data cleansing.
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
The Microsoft BI suite of tools, which comprises tools from the SQL Server suite, provides end-to-end features and functionality for businesses of any size. Users who need dashboards and reports fast will benefit from this tool. It’s simple to connect to databases, cloud storage systems, and CSV files of any type. This makes the dashboards suitable for a more rapid presentation workflow because we can easily incorporate them into PowerPoint presentations. Enterprise and standard editions are both available for some tools.
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
The layout of Power BI is very intuitive. Someone that is familiar with Excel and working with Charts and Graphs in that environment will find the learning curve a rather short one to start using Power BI.
I like the way Power BI fits an assortment of users and how the functionality that you engage is replicated in Excel, that being Power Query and Power Pivot. So what you learn in one tool can be readily applied towards the other which allows you to more effectively apply your training.
I appreciate how Microsoft is working to develop tools that go a long ways to empowering the end user. Prior to Power BI I would have had to consult with a "BI" professional to develop a dashboard. With Power BI I don't have to consult with anyone, I can work to put together the dash board I want and using a tool set that is really robust and allows me to engage an enormous amount of data. It's provides a great deal of flexibility and the types of data I can connect to.
Updates...Microsoft is working diligently to keep Power BI current with monthly updates. They do a really good job of listening to the end user, if there is functionality not currently present just give them a month or so.
Just to be clear, even though it's easy to get going right out of the gate with Power BI it provides plenty of opportunities to create some really sophisticated reporting solutions. With DAX in Power Pivot and M language in Power Query, you are provided with plenty of head room to do some really amazing things in Power BI.
Training...there are resources across the web for learning and growing your skills and Power BI. And what's even better is the majority of those resources are free.
Data engagement, when presenting the data to the end user Power BI goes a long way to allowing that end user to engage the data and begin to identify root cause by simply interacting with the graph/chart/data set. It allows for really fluid engagement. Prior to Power BI so many times during the presentation of data we often times ended the engagement with that data with more questions than what were answered. With Power BI, more often than not, the end user is able to get answers to the questions by simply clicking on the data in the graph/chart/dataset to see the details. This tool really does have the capacity to make you look like a rock star.
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
The race to perfect gathering of Non-Traditional datasets is on-going; with Microsoft arguably not the leader of the pack in this category.
Licensing options for PowerBI visualizations may be a factor. I.e. if you need to implement B2C PowerBI visualizations, the cost is considerably high especially for startups.
Some clients are still resistant putting their data on the cloud, which restricts lots of functionality to Power BI.
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
Microsoft BI is fundamental to our suite of BI applications. That being said, Northcraft Analytics is focused on delighting our customers, so if the underlying factors of our decision change, we would choose to re-write our BI applications on a different stack. Luckily, mathematics are the fundamental IP of our technology... and is portable across all BI platforms for the foreseeable future.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
The Microsoft BI tools have great usability for both developers and end users alike. For developers familiar with Visual Studio, there is little learning curve. For those not, the single Visual Studio IDE means not having to learn separate tools for each component. For end-users, the web interface for SSRS is simple to navigate with intuitive controls. For ad-hoc analysis, Excel can connect directly to SSAS and provide a pivot table like experience which is familiar to many users. For database development, there is beginning to be some confusion, as there are now three tool choices (VS, SSMS, Azure Data Studio) for developers. I would like to see Azure Data Studio become the superset of SSMS and eventually supplant it.
SQL Server Reporting Services (SSRS) can drag at times. We created two report servers and placed them under an F5 load balancer. This configuration has worked well. We have seen sluggish performance at times due to the Windows Firewall.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
While support from Microsoft isn't necessarily always best of breed, you're also not paying the price for premium support that you would on other platforms. The strength of the stack is in the ecosystem that surrounds it. In contrast to other products, there are hundreds, even thousands of bloggers that post daily as well as vibrant user communities that surround the tool. I've had much better luck finding help with SQL Server related issues than I have with any other product, but that help doesn't always come directly from Microsoft.
I have used on-line training from Microsoft and from Pragmatic Works. I would recommend Pragmatic Works as the best way to get up to speed quickly, and then use the Microsoft on-line training to deep dive into specific features that you need to get depth with.
We are a consulting firm and as such our best resources are always billing on client projects. Our internal implementation has weaknesses, but that's true for any company like ours. My rating is based on the product's ease of implementation.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
We have used the built in ConnectWise Manager reports and custom reports. The reports provide static data. PowerBI shows us live data we can drill down into and easily adjust parameters. It's much more useful than a static PDF report.
The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
As a SaaS provider we see being able to provide self-service BI to our client users as a competitive advantage. In fact the MSSQL enabled BI is a contributing factor to many winning RFPs we have done for prospective client organisations.
However MSSQL BI requires extensive knowledge and skills to design and develop data warehouses & data models as a foundation to support business analysts and users to interrogate data effectively and efficiently. Often times we find having strong in-house MSSQL expertise is a bless.
