The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.
N/A
Splunk Enterprise Security
Score 8.1 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
I think Logrhythm still has a lot of work to do to catch up with competitors in many areas. They need to improve their design cycle, with a cycle that's completely focused on bug fixing and reliability, without introducing any new features to improve the system's overall …
LogRhythm has consistently been in the top quadrants and reviews. The support provided by the vendor is top class. Once it is up and running, there is no much to be done in terms of setup. However, free trainings on the internet like youtube are not available as they should be.
SIEMs are complex behemoths, regardless of the one you decide to go with. Even those that are supposedly turn-key solutions aren't really and can pose some tricky issues for veteran IT and InfoSec staff. LogRhythm has the best educational services and technical support, hands …
The only thing we chose LogRhythm NextGen SIEM Platform for is to allow the Security Analysts to work on the dashboards which don't know much about programming and query languages but has good intuition about cyber-security. It is easy to get hands-on compared to Splunk, which …
We researched Splunk as well but it seemed to require more programming experience than LogRhythm which we currently do not have and could not support another FTE for. SolarWinds SIEM product was another product we researched, although it's basic functionality was good, it was …
LogRhythm's NextGen SIEM Platform is lightning fast when compared to other SIEM platforms. With our previous SIEM platform, it would take several hours to query for certain events over a 90 day period. For more advanced queries we'd sometimes have to let it run overnight. …
Unlike other vendors, all modules of LogRhythm are integrated with the main solution. One could go for the Enterprise Architecture which offers separate hardware for separate modules. But in our case that wasn't needed. We needed something that was user-friendly and didn't take …
We used Kiwi years ago before it was owned by Solarwinds and it worked great for our then small server stack, but we grew much bigger fast and needed something more robust and LogRhythm fit the bill.
LogRhythm is easily differentiated from the other log analysis products I've used in terms of sheer functionality. The competitors can't keep up in performance, speed, or correlation. The only thing that the other products can do to hold a candle to LogRhythm is to integrate it …
AlienVault USM Appliance and USM Anywhere might lack some functionality where LogRhythm does well. For instance, SmartResponse functionality is more mature than the Orchestration rules at AlienVault USM Anywhere. You can easily script SmartResponse to act accordingly to each …
We selected LogRhythm due to low overall time investment to meet our basic needs, very competitive pricing, a strong user community and a reputation for excellent support. We have been pleasantly surprised by the very personal nature of the partnership we enjoy with LogRhythm - …
We did an RFP and evaluated several SIEM vendors. LogRhythm ended up being a very clear choice when compared with the other vendors. In this RFP we invited all vendors that were in the leaders category of the Gartner magic quadrant for SIEM.
LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since …
I work with every SIEM on the market and I believe LogRhythm simply provides the best overall value in terms of price, incident response capability, content capability, and ease of engineering.
In my experience, Sentinel only works well for clients invested in azure. But the moment you step outside that ecosystem, mixing AWS , on prem and custom logs, things fall into shambles and feel fragmented
Before Splunk, we ran Elastic Security for our log aggregation and alerting platform. Unfortunately, the solution was not a good fit for many logs and mixed on-prem/cloud infrastructure, as our. For cost or small infrastructure, Elastic is a very good, strong, and credible …
The cost of Splunk Enterprise Security is very low as this can be hosted on private cloud. Google secops has very good UI and better log query speed and other features but cost sooo much.
The fact that it is used by many large companies was a strong reason for selecting Splunk Enterprise Security. After several demos and POCs, the teams were convinced of the value it brings: it demands the right amount of customization to fit with the company data sources. Also …
We piloted Sentinel for one of our regional logistics hubs but it struggled to handle our volume on-prem iot and telematics data cleanly. Splunk on the other hand gave us more control than its competitors
LogRhythm is good for a team comprising mostly non-technical IT users. Unlike Splunk, it has a GUI log search and a good ticketing system. Splunk is better than Logrhythm for me as it provides me with the ultimate flexibility to write custom queries. Scalyr is a good tool and …
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some …
AlienVault is much more user and beginner friendly, however Splunk ES very much so provides more capability for mass data manipulation, report and dashboard customization, and trend analytics.
These two really helps in better way and low cost and high productivity. Automatic detection ML help you to detect many ways and create cases based on risk score GRS UBA helps to protect organization from data ,via sharing through emails and USB s . Gurucu product license once …
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review …
I consider Splunk Enterprise Security to have the strongest deployment methodology and troubleshoot features. Other products also provide good solutions such as Riverbed, Broadcom and Solarwinds but I think Splunk Enterprise Security is a great and trustable option to use for …
Even though Splunk ES is not the cheapest solution on the markt, we found it was still cheaper compared to Secureworks we had before. Also the level of flexibility and "thinking with the customer" is much better now.
Traditional hardware logging mechanisms do not provide in-depth research data on the threats and signatures, while Splunk Enterprise Security could easily achieve this feat.
FortiAnalzer is a hardware solution, but with Splunk, we could identify as well get the correct solution for the active threats and too with accurate and precise detailing.
- Schema on the fly indexing --> Gives you faster index searches. Even if you use Datamodes, it's 100x time faster as well. - Correlation with other domains easily gives you total visibility and reduces the time to investigate and understand the problem. - With lookups and trust, …
Securonix does not nearly meet the scale, extensibility, and maturity that Splunk ES offers. However, when looking at the MSP architecture options, Securonix is a much more flexible platform for multi-tenanting. So, Splunk ES for captive SOC platforms and Securonix for …
Splunk ES is by far the best solution in the market as per flexibility, features and support. Cost-wise, it is the most expensive option to go with, but that has its own advantages as the product that we get is premium and superior to other SIEM. The best thing about Spunk ES …
Splunk Enterprise Security allows for data normalization that does not compare to other SIEMs such as QRadar or Trustwave. QRadar requires custom dsm parsers before the data can be onboarded. I appreciate that Splunk Enterprise Security can ingest any source of data and …
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
Its best feature is its user interface, which is easy to navigate and understand. All you need is a little tutorial on how to use the Splunk query language and you're done.
Logs can be easily uploaded or shared across multiple platforms and display a highly insightful graphical representations of data using graphs, tables, and many other formats.
ES on the cloud (SaaS) has too many limitations with platform administration.
Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
LogRhythm is focused on SIEM. That is their core business. Cost of operations, feature set and ease of use. The Log Rhythm support team is outstanding. Overall reliability is good. Reporting module needs some improvement and LR is promising that there will be significant improvements in future releases.
LogRhythm does a rather decent job of making the functionality advanced (allowing for advanced keyword & field searching, use of "AND" as well as "OR" statements in the search bar) while keeping it accessible (by not requiring a specific syntax to do quick searches). This combined with a user interface that has headings and labels that are intuitive is very helpful.
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
Support has always been fantastic for this product compared to many other support providers I've worked with. They are always very friendly and seem to be well trained and knowledgeable and never have to wait long for a solution. We usually get the issue fixed in the first call, but also we really haven't had to use support a ton so that's also a plus
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
I think Logrhythm still has a lot of work to do to catch up with competitors in many areas. They need to improve their design cycle, with a cycle that's completely focused on bug fixing and reliability, without introducing any new features to improve the system's overall reliability. They also need to improve their API, as now all security solutions should talk very well with each other, which APIs can enable.
Before Splunk, we ran Elastic Security for our log aggregation and alerting platform. Unfortunately, the solution was not a good fit for many logs and mixed on-prem/cloud infrastructure, as our. For cost or small infrastructure, Elastic is a very good, strong, and credible choice. But if you need a performant SIEM, enjoy Splunk.
We have on prem splunk and it’s mostly east to setup, but we have issues keeping data separated between customer splunk deployments while at the same time only having to look at one SIEM to address events in every environment
One of the positive impacts that we experienced from LogRhythm NextGen SIEM Platform is the Dynamic Alarming System. It shows the recent tickets, and we know what exactly to prioritize at the start of the day.
The search tool also helped us trace back wireless users by log correlation that we almost gave up our hope for.
A slightly negative impact that can be featured it relying too much on it. We have been a victim of a false alarm and went on a completely wrong direction until we tallied with the Log source and found the problem. It is good, but we must correspond against the log source to be confirmed.
Swift Incident Response: ES's real-time monitoring and correlation capabilities have notably reduced our mean time to detect (MTTD) and respond (MTTR) to security incidents.
Cost Efficiency: ES streamlined operations, lowering operational costs through task automation and effective resource allocation.
Compliance Simplification: ES's robust reporting and compliance features have eased audits, reducing related costs and efforts.