The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
Microsoft BI (MSBI)
Score 8.4 out of 10
N/A
Microsoft BI is a business intelligence product used for data analysis and generating reports on server-based data. It features unlimited data analysis capacity with its reporting engine, SQL Server Reporting Services alongside ETL, master data management, and data cleansing.
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
Microsoft BI is well suited for Stream analytics, easy data integration, report creation and UI/UX designs (limited but what all available are great ones) Microsoft BI may be less appropriate for handling huge number of datasets and difficult queries. It may also be difficult for a company with heavy data.
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
The race to perfect gathering of Non-Traditional datasets is on-going; with Microsoft arguably not the leader of the pack in this category.
Licensing options for PowerBI visualizations may be a factor. I.e. if you need to implement B2C PowerBI visualizations, the cost is considerably high especially for startups.
Some clients are still resistant putting their data on the cloud, which restricts lots of functionality to Power BI.
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
Microsoft BI is fundamental to our suite of BI applications. That being said, Northcraft Analytics is focused on delighting our customers, so if the underlying factors of our decision change, we would choose to re-write our BI applications on a different stack. Luckily, mathematics are the fundamental IP of our technology... and is portable across all BI platforms for the foreseeable future.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
The Microsoft BI tools have great usability for both developers and end users alike. For developers familiar with Visual Studio, there is little learning curve. For those not, the single Visual Studio IDE means not having to learn separate tools for each component. For end-users, the web interface for SSRS is simple to navigate with intuitive controls. For ad-hoc analysis, Excel can connect directly to SSAS and provide a pivot table like experience which is familiar to many users. For database development, there is beginning to be some confusion, as there are now three tool choices (VS, SSMS, Azure Data Studio) for developers. I would like to see Azure Data Studio become the superset of SSMS and eventually supplant it.
SQL Server Reporting Services (SSRS) can drag at times. We created two report servers and placed them under an F5 load balancer. This configuration has worked well. We have seen sluggish performance at times due to the Windows Firewall.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
While support from Microsoft isn't necessarily always best of breed, you're also not paying the price for premium support that you would on other platforms. The strength of the stack is in the ecosystem that surrounds it. In contrast to other products, there are hundreds, even thousands of bloggers that post daily as well as vibrant user communities that surround the tool. I've had much better luck finding help with SQL Server related issues than I have with any other product, but that help doesn't always come directly from Microsoft.
I have used on-line training from Microsoft and from Pragmatic Works. I would recommend Pragmatic Works as the best way to get up to speed quickly, and then use the Microsoft on-line training to deep dive into specific features that you need to get depth with.
We are a consulting firm and as such our best resources are always billing on client projects. Our internal implementation has weaknesses, but that's true for any company like ours. My rating is based on the product's ease of implementation.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
We have used the built in ConnectWise Manager reports and custom reports. The reports provide static data. PowerBI shows us live data we can drill down into and easily adjust parameters. It's much more useful than a static PDF report.
The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
As a SaaS provider we see being able to provide self-service BI to our client users as a competitive advantage. In fact the MSSQL enabled BI is a contributing factor to many winning RFPs we have done for prospective client organisations.
However MSSQL BI requires extensive knowledge and skills to design and develop data warehouses & data models as a foundation to support business analysts and users to interrogate data effectively and efficiently. Often times we find having strong in-house MSSQL expertise is a bless.
