So you want to know which SIEM to buy
Joel Eng | TrustRadius Reviewer
June 08, 2016

So you want to know which SIEM to buy

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with LogRhythm

I manage multiple instances of LogRhythm for customers that my company provides managed security services for. My team provides the rules, reports, and dashboards. Analysts use it to detect and respond to threats in our customers' environments. Our customers use LogRhythm to monitor their entire organizations ranging in size from 100-10,000+ end points plus network and security devices. The primary business problems that the SIEM solves is providing a single pane of glass for security while also providing a platform for conducting correlation across the network and time.

  • LogRhythm is a great SIEM to learn content on because the building blocks are very intuitive and easy to implement. All of the concepts relevant to content development are literally represented as drag and drop building blocks that can be easily manipulated.
  • The statistical building blocks contain powerful anomaly detection capabilities that are extremely difficult to implement in other SIEMs or not possible at all.
  • LogRhythm does better event classification than any other SIEM by far. My team typically drops all classification schemes from default installations of SIEMs and rebuilds them from scratch. I can actually use LogRhythms event classifications in rules without worrying about excessive partial matches or correlating unwanted events.
  • LogRhythm absolutely needs to provide back end support for threat intelligence lists. Performing a linear search on massive lists of IPs on incoming web traffic can bring the SIEM to its knees.
  • LogRhythm should drop its entire code base for implementing lists and simply turn them into hash tables to avoid the excessive cost associated with referencing lists in rules. I haven't seen the code, but the performance suggests O(n).
  • The reporting feature is the worst of all SIEMs, luckily reports are not my primary service offering. LogRhythm should definitely revamp its reporting to be more intuitive.
  • LogRhythm is just good for content, which means I catch more threats with it. The cost of the SIEM is always less than the cost of a breach.
I work with every SIEM on the market and I believe LogRhythm simply provides the best overall value in terms of price, incident response capability, content capability, and ease of engineering.
HP Arcsight, Splunk, McAfee Enterprise Security Manager, AlienVault Unified Security Management, IBM Security QRadar
I have seen LogRhythm reliably deployed in both medium and large sized corporations with centralized and distributed architectures. The software performs well across all scenarios.

LogRhythm NextGen SIEM Platform Feature Ratings

Centralized event and log data collection
9
Correlation
10
Event and log normalization
10
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and views
5
Host and network-based intrusion detection
5