TrustRadius
LogRhythm, from the company of the same name in Boulder, Colorado, is security information and event management (SIEM) software.https://dudodiprj2sv7.cloudfront.net/product-logos/Ek/Lj/UJL9KDLZHSZW.pngEffective security at your hands.We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.,The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence. The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard. The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.,I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management. The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep. I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.,9,If your company is big enough (mid-size and upwards), you can see ROI pretty fast along with your other security systems and devices. The renewal process is easy also. LogRhythm has helped us in detecting external attacks on our organization and stopping them, if you spent the time configuring those properly.,AlienVault USM,AlienVault OSSIM, AlienVault USM, Teamwork Projects, Vtiger, Bomgar Remote Support Software, Bomgar Privileged Access Management, Tenable SecurityCenter, Tenable.ioLogRhythm Can't Find the BeatLogRhythm was being used in our production environment primarily for compliance reasons (HIPAA). This tool primarily provided a HIPAA compliant SIEM and HIPAA compliant reporting for audits and other compliance related activities. The tool aggregated logs from the machines in some of our private environments to give us a holistic view for the specific compliance environments.,HIPAA and Compliance Brand Recognition Documentation and Training,Complicated and manual setup Not cloud native, difficult to automate Pricing Reliance on Windows,1,Timewaster for employees Required significant management overhead Customers love HIPAA reporting,Sumo Logic,Datadog, G Suite, GitHubLogRhythm - excelling in customer support and innovationLogRhythm is used by both our managed security services partner (level 1) and the internal team members who manage our SOC. We leverage the complete set of SIEM features offered by LogRhythm to meet requirements for PCI in addition to comprehensive support for our evolving process to meet the changing data security needs of a retail organization.,LogRhythm's technical customer support is exceptional. The product roadmap is extensive. Automation and AI continue to evolve rapidly.,LogRhythm has recently updated their agent to support a push process for upgrade - until this was done, it was a source of frustration.,10,LogRhythm allowed us to meet several compliance needs with very minimal investment of time. Overlal cost of ownership is much less than with other platforms that we had used.,RSA enVision and Splunk Enterprise,Fortinet FortiGate, CylancePROTECT, CrowdStrike Falcon Endpoint ProtectionLogRhythm is a clear winnerLogRhythm is used throughout our organization and managed by the Information Security department We collect logs from many systems that are important to managing our security infrastructure. These include all of our security systems (FW, IPS, Endpoint protection), all of our AAA systems (LDAP, Radius Active Directory), as well as sytems contain data of concern.,Central Management and storage of logs Parses all logs into a readable format Correlates events from various systems to provide a consolidated view of activity Alerts and alarms on various events of possible concern,Reports should be available in the Web Console Detail contained in Alarms should be configurable to provide more or less information as applicable Case in the case management module should allow investigation playbook templates,10,Our ROI has been positive, we have improved our ability to investigate incidents We have also used LogRhythm to be able to block attacks in progress based on the real time alerting LogRhythm has improved our posture in terms of security framework and significantly improved our score as measured by alignment with NIST CSF framwork In our last completed Pen Test engagement we caught the Pen testers 5 times in the course of their objectives,WE used to use Solar Winds LEM and but we outgrew it,Rapid7 NeXpose, IBM Security AppScan, Symantec Endpoint ProtectionLogRhythm Logging for the masses (of stuff you own)It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.,Great Web UI for help desk troubleshooting. Identification and drilldown of authentication issues. Performance trending. Correlation of events. Access and group policy change monitoring.,Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right. Query building in the WebUI has little or no documentation. Depth of training on reporting is lacking.,9,LogRhythm has had a positive impact on our reporting capabilities, although the reporting module is very difficult to use. Our support teams use LogRhythm to alert on, track and troubleshoot issues with authentication, inappropriate access attempts and other anomalous behavior. The cost of deployment was significantly lower than the competitor QRadar.,,SolarWinds Netflow Traffic Analyzer, SolarWinds Network Configuration Manager, Cisco IronPort Web Security Appliance,20,,Regulatory compliance Log collection and archiving Log analysis for troubleshooting issues Reporting of security and access activities,The AIEngine allows us to track and alert on anomalous activity The dashboard gives a realtime view of activities Scheduled reporting has reduced required audit findings for our numerous HIPAA and SOC audits.,File integrity monitoring will be added to our deployment We are adding new threat feeds to our deployment,9,Yes,Price Product Features Product Usability Product Reputation Third-party Reviews,I would have required all competitors to provide custom reports that mirrored what we were getting from the system we retired. I would have asked for a side by side evaluation to be run for 30 days in our environment to compare all features. Log Rhythm advertised the features, but it took some time (up to a year) to realize that value. Would I buy it again? Yes, but I would hire the Pro Services team to come on site and see our old platform, before deploying the new one.,Implemented in-house Professional services company,Yes,Change management was a small part of the implementation and was well-handled,Configuration of the Life Keeper software Configuration of the endpoints. We have a large group of dissimilar systems including AIX, *inux, Cisco, Windows and other resources. Pruning of logs not needed for daily operations. Learning to generate reports similar to the ones previously available through our old SIEM Platform,8,Yes,10,Yes,During a recent update, there were issues with the 3rd party app (Life Keeper) that manages the high availability connection between the main system and backup server. That app had issues, and required the L R tech staff to engage other teams. They coordinated a conference call and worked with the other parties to insure I would get the assistance required to solve the issue. At the end of a couple of days, the issue had been corrected and the L R tech called to review and verify that failover was working as expected.,The WebUI is the most used part of the platform, used by our Desktop support analysts, engineers and others for daily operations. The security team uses the console and reporting tool on a daily basis. Adding new assets to the system is very easy. Performing an investigation results in a case, which can be shared with team members. The knowledge base is a great feature and keeps the system up to date with relevant data include report templates The Malware feed monitor keeps the database up to date with potential threat information.,Reporting is very difficult, and results are often unpredictible Building queries in the WebUI require a bit of scripting to get the desired result. The AI Engine is a bit corny with the graphical cube approach to build out alert scenarios.,9
Unspecified
LogRhythm
27 Ratings
Score 8.0 out of 101
TRScore

LogRhythm Reviews

LogRhythm
27 Ratings
Score 8.0 out of 101
Show Filters 
Hide Filters 
Filter 27 vetted LogRhythm reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-9 of 9)
  Vendors can't alter or remove reviews. Here's why.
Ivan Montilla Miralles profile photo
September 17, 2018

LogRhythm Review: "Effective security at your hands."

Score 9 out of 10
Vetted Review
Reseller
Review Source
We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.
  • The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence.
  • The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard.
  • The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.
  • I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management.
  • The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep.
  • I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.
A good scenario to have LogRhythm SIEM is when you have an enterprise environment with specific compliance requirements and/or if you have a critical environment you need to make sure is really protected, along with proper SmartResponse rules to take action when an alarm triggers. If your environment is mission critical, but your company is an SMB, LogRhythm might be overkill for you, as it's a solution that has a great upfront cost. The cost of investment [is] worth it given a minimum company size, but it makes sense only if you can really afford it.
Read Ivan Montilla Miralles's full review
Stephen Groat profile photo
September 13, 2018

User Review: "LogRhythm Can't Find the Beat"

Score 1 out of 10
Vetted Review
Verified User
Review Source
LogRhythm was being used in our production environment primarily for compliance reasons (HIPAA). This tool primarily provided a HIPAA compliant SIEM and HIPAA compliant reporting for audits and other compliance related activities. The tool aggregated logs from the machines in some of our private environments to give us a holistic view for the specific compliance environments.
  • HIPAA and Compliance
  • Brand Recognition
  • Documentation and Training
  • Complicated and manual setup
  • Not cloud native, difficult to automate
  • Pricing
  • Reliance on Windows
LogRythm is good for Windows based compliance environments where operators may need training or hiring with tool experience is important. For environments that use a lot of more ephemeral machines (such as AWS Spot instances), the management overhead of having to manually add boxes to the LogRythm central server is not worthwhile
Read Stephen Groat's full review
No photo available
July 31, 2018

Review: "LogRhythm - excelling in customer support and innovation"

Score 10 out of 10
Vetted Review
Verified User
Review Source
LogRhythm is used by both our managed security services partner (level 1) and the internal team members who manage our SOC. We leverage the complete set of SIEM features offered by LogRhythm to meet requirements for PCI in addition to comprehensive support for our evolving process to meet the changing data security needs of a retail organization.
  • LogRhythm's technical customer support is exceptional.
  • The product roadmap is extensive.
  • Automation and AI continue to evolve rapidly.
  • LogRhythm has recently updated their agent to support a push process for upgrade - until this was done, it was a source of frustration.
LogRhythm is very well suited for retail organizations and others with a geographically dispersed set of endpoints. LogRhythm also works very well in situations where there is a multi-tired SOC - especially if an outsourced provider is involved that can manage the upgrade process to ensure that the system is always up-to-date without requiring the support of internal resources.
Read this authenticated review
Seth Shestack profile photo
October 25, 2017

User Review: "LogRhythm is a clear winner"

Score 10 out of 10
Vetted Review
Verified User
Review Source
LogRhythm is used throughout our organization and managed by the Information Security department
We collect logs from many systems that are important to managing our security infrastructure.
These include all of our security systems (FW, IPS, Endpoint protection), all of our AAA systems (LDAP, Radius Active Directory), as well as sytems contain data of concern.
  • Central Management and storage of logs
  • Parses all logs into a readable format
  • Correlates events from various systems to provide a consolidated view of activity
  • Alerts and alarms on various events of possible concern
  • Reports should be available in the Web Console
  • Detail contained in Alarms should be configurable to provide more or less information as applicable
  • Case in the case management module should allow investigation playbook templates
LogRhythm is well suited for managing logs from disparate systems, correlating events, and providing a comprehensive view of the environment. One of its main strengths is the continuity of dashboards, drill downs in data, searches, and alarms.
All of the screens use the same format moving from module to module, making this product very intuitive to use.
Read Seth Shestack's full review
James Harrison, CISSP profile photo
June 22, 2017

Review: "LogRhythm Logging for the masses (of stuff you own)"

Score 9 out of 10
Vetted Review
Verified User
Review Source
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
  • Great Web UI for help desk troubleshooting.
  • Identification and drilldown of authentication issues.
  • Performance trending.
  • Correlation of events.
  • Access and group policy change monitoring.
  • Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
  • Query building in the WebUI has little or no documentation.
  • Depth of training on reporting is lacking.
Logging is always necessary if
1. You have audit requirements for system access
2. You need to alert and report on user activity
3. You need to troubleshoot issues
4. You want to monitor, report and alert on malicious / suspicious activity
5. You want to impress your management team with statistics...

I cannot think of any computing environment where logging is not appropriate.
Read James Harrison, CISSP's full review
Jacob Steffen profile photo
April 11, 2017

User Review: "LogRhythm = A good Investment"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm to collect logs from a variety of devices. We then use this data to alert us when certain events occur. For example if a machine is restarted or a new user account is created. Only my department is using LogRhythm for these types of situations. The big driver for us getting LogRhythm was compliance NERC/CIP regulations pushed us to purchase LogRhythm. Overall I am really satisfied with the decision we are going to continue doing business with them for the foreseeable future.
  • One is alerting when certain events take place such as when a machine reboots. This is helps to gain more transparency as to what is going on within your network.
  • The features LogRhythm offers in terms of reporting are very helpful as well. For example we can do monthly reports on a given Windows server to show all activity on that server.
  • I know in the past LogRhythm was talking about a web application for administration. I think this would be a lot better than having an application to log into.
  • I think offering more video content on their site would also be beneficial. The last time I had issues I was reading through a lot of forum postings, I was able to get the job done but in 2017 video is the king of content.
Where it is more appropriate would be for alerting for near real time events such as a new user being created or machine restarting. If you don't need to have real time alerting or log aggregation I would say LogRhythm would be a bad decision. However, in an Enterprise environment you are more than likely going to want to use LogRhythm to track logs over time.
Read Jacob Steffen's full review
Joel Eng profile photo
June 08, 2016

LogRhythm Review: "So you want to know which SIEM to buy"

Score 9 out of 10
Vetted Review
Verified User
Review Source
I manage multiple instances of LogRhythm for customers that my company provides managed security services for. My team provides the rules, reports, and dashboards. Analysts use it to detect and respond to threats in our customers' environments. Our customers use LogRhythm to monitor their entire organizations ranging in size from 100-10,000+ end points plus network and security devices. The primary business problems that the SIEM solves is providing a single pane of glass for security while also providing a platform for conducting correlation across the network and time.

  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
  • LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
  • LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
  • The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.
Read Joel Eng's full review
Stephen Ilbery profile photo
June 07, 2016

User Review: "LogRhythm does what it promises."

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use LogRhythm to give the Information Systems Engineering department insight into our network environment.
  • LogRhythm imports log files from hundreds of devices into one, easy to search database.
  • LogRhythm sends me email alerts when various things take place on the network.
  • The upgrade process could be easier.
LogRhythm provides a good view of the network equipment, traffic, and the servers.
Read Stephen Ilbery's full review
No photo available
October 12, 2016

User Review: "LogRhythm for your SIEM Needs"

Score 10 out of 10
Vetted Review
Verified User
Review Source
It is being used to not only to help us achieve PCI compliance but collect logs from various systems to monitor the landscape and critical infrastructure systems. It alerts us to various anomalies that we set up to monitor such as the use of privileged accounts within the environment.
  • Easy to set up/configure out of the box.
  • Easy to manage/administer.
  • Quickly processes logs/events within the central console for review.
  • Allows us to correlate activities across multiple systems we capture logs/events for.
  • The upgrade process from version 6.x to 7.x was a bit messy.
  • Should be able to update software within the application for minor updates without the need to download separate software from the support portal.
It helps achieve various aspects of compliance needs and requirements. It also provides a nice overview of what is going on within the environment in respect to security threats. It is less appropriate if there is no internal team that can properly manage it and respond to alerts/events that are triggered.
Read this authenticated review

Feature Scorecard Summary

Centralized event and log data collection (9)
9.3
Correlation (9)
9.3
Event and log normalization (9)
8.8
Deployment flexibility (8)
7.4
Integration with Identity and Access Management Tools (7)
8.9
Custom dashboards and views (9)
9.2
Host and network-based intrusion detection (7)
7.5

About LogRhythm

LogRhythm, from the company of the same name in Boulder, Colorado, is security information and event management (SIEM) software.

LogRhythm Technical Details

Operating Systems: Unspecified
Mobile Application:No