LogRhythm NextGen SIEM Platform

Score7.7 out of 10

70 Reviews and Ratings

What is LogRhythm NextGen SIEM Platform?

The LogRhythm NextGen SIEM Platform, from LogRhythm in Boulder, Colorado, is security information and event management (SIEM) software which includes SOAR functionality via SmartResponse Automation Plugins (a RespondX feature), the DetectX security analytics module, and AnalytiX as a log management solution that centralizes log data, enriches it with contextual details and applies a consistent schema across all data types.

Categories & Use Cases

Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 0
Event and log normalization/management
Ability to normalize event syntax so that logs can be compared and are machine-understandable
Category average: 0
Incident indexing/searching
Effectiveness of searching across structured and unstructured events and incidents within SIEM
Category average: 0

Reporting and compliance management
Ease and quality of reporting and compliance functions
Category average: 0
Data integration/API management
Ease and quality of data integrations between SIEM and other systems
Category average: 0
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 0

#1 most frequent

Information

42.9%

3 installations of 7

#2 most frequent

Manufacturing

14.3%

1 installation of 7

#3 most frequent

Educational Services

14.3%

1 installation of 7

Mohamad Islam Hamadieh View profile

SOC Engineer in Engineering at Dell technology (10,001+ employees employees)

Use Cases and Deployment Scope

LogRhythm is a great SIEM with many needed features and competitive pricing. They also offer both on-premises and cloud solutions based on your needs. They have a decent community and support. They offer many needed features, such as UBEA, NDR, and file monitoring. Their web console is well-designed, while I can't say the same for their client console.

Pros

Live monitoring.
UBEA
File activity monitoring.
Dashboards.

Cons

Reliability.
Customer support.
Overall system reliability and availability and development.

Return on Investment

With there competitive pricing you can make good ROI usually.
Most negative impacts are due to uptime.

Usability

Alternatives Considered

IBM Security QRadar SIEM and Microsoft Sentinel

Other Software Used

FortiSOAR, CrowdStrike Falcon, BeyondTrust Password Safe

Verified User

Employee in Information Technology (1001-5000 employees employees)

Use Cases and Deployment Scope

We use LogRhythm NextGen SIEM Platform to monitor and manage security incidents. The business problem it addresses is it enables quick response to incidents. The scope is enterprise wide.

Pros

The User and Entity Behavior Analytics feature to help us detect anomalous user behavior before data is corrupted or exfiltrated
LogRhythm's integration of Security Orchestration and Automation capabilities to automate repetitive tasks and labor-intensive work, improving response times
The large number of out-of-the-box threat detection capabilities mapping them to the MITRE ATT&CK framework.

Cons

Parsing techniques could be improved to more effectively handle data from various devices
The user interface could be more user-friendly with drag-and-drop features, would be beneficial
Log source management is time-consuming, and requires expert-level regex knowledge to customize

Return on Investment

Faster onboarding and integration process would improve ROI
Capabilities to ingest logs from a huge variety of sources and in helping interpret logs faster
Integrate with cloud technologies and upgrades are very time consuming often require a paid professional services

Usability

Alternatives Considered

Splunk Enterprise Security

Other Software Used

Microsoft 365, ServiceNow Customer Service Management, CrowdStrike Falcon

Mohammed Younus Siddiqui View profile

Security Specialist in Information Technology at King Fahd University of Petroleum & Minerals (1001-5000 employees employees)

Use Cases and Deployment Scope

We use LogRhythm NextGen SIEM Platform in our university to ingest all types of logs. Be it firewall logs, window events logs etc. If it has a log then we send it to LogRhythm NextGen SIEM Platform. This ensures that we have all our logs in one central place which can then be used to analysis and cross section and use case creation.

Pros

Log Ingestion
Dashboards
Alerts

Cons

Hard to Use
Multiple modules with different points of entry
Needs AI

Most Important Features

Dashboards
Log Ingestion
Alerts

Return on Investment

Intrusion Detection
Executive Level Reports
Centralized log search and lookup

Alternatives Considered

Splunk Enterprise and Darktrace

James Harrison, CISSP View profile

Information Security Engineer in Information Technology at PDX (501-1000 employees employees)

Pros

Great Web UI for help desk troubleshooting.
Identification and drilldown of authentication issues.
Performance trending.
Correlation of events.
Access and group policy change monitoring.

Cons

Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
Query building in the WebUI has little or no documentation.
Depth of training on reporting is lacking.

Return on Investment

LogRhythm has had a positive impact on our reporting capabilities, although the reporting module is very difficult to use.
Our support teams use LogRhythm to alert on, track and troubleshoot issues with authentication, inappropriate access attempts and other anomalous behavior.
The cost of deployment was significantly lower than the competitor QRadar.

Other Software Used

SolarWinds Netflow Traffic Analyzer, SolarWinds Network Configuration Manager, Cisco IronPort Web Security Appliance

Usability

Verified User

Engineer in Information Technology (10,001+ employees employees)

Use Cases and Deployment Scope

We have deployed LogRhythm NextGen SIEM to incorporate all of our system logs, network appliances, and security servers. It provides well-profiled logs that we use in daily operational in-depth diagnosing. The SIEM also offers automated reports that review our logs daily. The inbuilt and customized dashboards monitor events' real-time security. The AI engine regulations rapidly detect malicious events and send us immediate alerts. It also issues organized reports to fully meet our HIPAA compliance needs.

Pros

Massive log incorporation.
Top notch reporting and alerting features.
It rapidly detects hostile activities through the AI engine regulations.

Cons

Executing huge web searches on web traffic can make it a bit rickety.
It has a tight support for cloud domains.

Most Important Features

A powerful drill down tool for searches and can parse a massive amount of logs.
A very easy to use UI makes performing investigations easy.
The dashboards are user friendly.

Return on Investment

It gives the overall view of the environment so we are always aware of our security position.
It has created operational effectiveness; we are able to rapidly detect threats and resolve it fast.
We have been able to track inappropriate login attempts through tickets.

Other Software Used

Symantec Endpoint Security, Microsoft SQL Server, Google Kubernetes Engine

LogRhythm NextGen SIEM Platform

What is LogRhythm NextGen SIEM Platform?

Categories & Use Cases