The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
ServiceNow IT Service Management
Score 8.6 out of 10
N/A
Built on the ServiceNow Now Platform, the IT Service Management bundle provides an agent workspace with knowledge management, and modules supporting issue tracking and problem resolution, change, release and configuration management.
$10,000
per year
Pricing
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Editions & Modules
No answers on this topic
Starting Price
$10,000.00
per year
Offerings
Pricing Offerings
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
LogRhythm NextGen SIEM Platform
ServiceNow IT Service Management
Considered Both Products
LogRhythm NextGen SIEM Platform
Verified User
Analyst
Chose LogRhythm NextGen SIEM Platform
We researched Splunk as well but it seemed to require more programming experience than LogRhythm which we currently do not have and could not support another FTE for. SolarWinds SIEM product was another product we researched, although it's basic functionality was good, it was …
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
In our organization, we are using ServiceNow extensively. Change Management, Incident Management, Problem Management, Time tracking are few modules which we use extensively. This sort of model will work for any product or service based companies as the product is built on ITIL framework. So this product will be suited for small or large scale companies to better organize and add controls and track SLA's for technology or business process.
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
When I have a number of requests to make, for example a request to add a dozen or so user accounts to more than one group account in Active Directory , I can put all the needed information into the initial form, add it to my "shopping cart" and all of that information remains on the screen for the next item for which I only need to edit a few items (like the AD group name in this example), and keep adding them to the shopping cart until I have them all. When I "Check Out" each of those items is generated as a separate task under the one request. It simplifies and expedites the creation and tracking of these kinds of requests.
I can easily and quickly see what tickets are currently assigned to me in order to prioritize them and remain aware of my workload.
Numerous fields for CIs can be used when trying to find the entry for a particular item. For example, IP Address, server name, raw text, classification, and so on.
To help with making sense out of related tasks, when a task is assigned to me and I need to open another task for a different team to work in order to complete my task, I can open a sub-task from my ticket so that the relationship between the two can be pulled up later into reports. For example, I may have a task to build a new vm, and need to open tasks for networking, security accounts, software installation and so on. By opening sub-tasks from my assignment, the time spent by all parties concerned is tied together for more meaningful cost accounting.
LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
It is hard to find areas for improvement, the tool is very powerful. That said, building the CMDB still involves some manual interaction which was not how it was presented in demos.
The CMDB data is almost too deep and detailed. When you build the relationship map it can be so large that it is overwhelming. You can limit this, but the default maps are massive if you are discovering lots of device classes.
The product is expensive. Since they are the leader in the industry and the product has tons of features, they definitely charge for it!
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
To be completely honest setting up a new ticketing system can be a pain in the ass. Once you have it setup and customized the way you want it, you don't want to switch unless you're unhappy with the product. Unless future releases and updates really muck the system up, I wouldn't change.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
The dashboard is so confusing, [there are] many clicks to open a task and search by a ticket. The Enterprise customisation [we did] has finished to kill the software and creates a really bad experience on a daily basis. [It is] So slow, and so many clicks to process a ticket. Works only on IE so, that [should] make you realize that [it] is a bad idea.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.
I would give it this rating because we have had no major issues with the support for ServiceNow after we implemented it at our organization. They seem to respond promptly and efficiently if we ever do need to open a support case with them about an issue we are having.
To type in what should be a text box, you have to click an empty cell, a tiny text box pop up opens with a check box and an X. You the. Type in the text box and have to click the check mark. If you have a bunch of fields to fill out, doing this is very annoying. Absolutely know thought went in to this. I'm sure somebody in marketing thought it was a good idea. It wasn't.
Without exception, every client I have worked with has been very happy with their resulting product. While this is partly due to my work, I must point out that the platform is the winning decision, not the implementer.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.
We used to use Jira to handle service tickets but it's way too robust for something this straightforward. Due to the nature of Jira, you needed to already have a lot of documentation and knowledge about who should be assigned the ticket, so the lift of creating a ticket was time consuming.
The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
Overall ServiceNow has a positive impact on getting the SLA of tickets down in supporting our customers.
One negative impact has been the amount of time to get the product to produce an ROI, it's almost too big to fail and too big to replace. You almost become committed to the product. Good or bad.
Another negative impact would be if you track metrics of employees and time tracking, there is a lot of scenarios where engineers will track time on tickets but not get credit for closing them as the assignee function of tickets can only be tied to one user and credits only the engineer who closes the ticket.
Another positive impact would be the level of security for permissions and scaling the workloads is robust and you will get out of the system what your team is willing to put in.
