Item: LogRhythm NextGen SIEM Platform
Rating: 10
Author: Verified User

Use Cases and Deployment Scope

It is being used to not only to help us achieve PCI compliance but collect logs from various systems to monitor the landscape and critical infrastructure systems. It alerts us to various anomalies that we set up to monitor such as the use of privileged accounts within the environment.

Pros and Cons

Easy to set up/configure out of the box.
Easy to manage/administer.
Quickly processes logs/events within the central console for review.
Allows us to correlate activities across multiple systems we capture logs/events for.

The upgrade process from version 6.x to 7.x was a bit messy.
Should be able to update software within the application for minor updates without the need to download separate software from the support portal.

Return on Investment

We were able to retire a few older log collection platforms that we had in house. There were 2-3 systems doing the job of LogRhythm.
We were able to bring some part of the analysis of events back in house and not rely on third party MSS.

Alternatives Considered

Snare and McAfee

LogRhythm was simpler to set up and configure as well as extract information from. It also was less intrusive in terms of how many appliances were needed to implement. We were up and running within 5 hours to start accepting log sources. We selected LogRhythm as well since support is based in the USA in Colorado.

Other Software Used

Symantec Critical System Protection, FireMon, AirWatch, RSA Access Manager, Symantec Endpoint Encryption, Symantec Endpoint Protection

Likelihood to Recommend

It helps achieve various aspects of compliance needs and requirements. It also provides a nice overview of what is going on within the environment in respect to security threats. It is less appropriate if there is no internal team that can properly manage it and respond to alerts/events that are triggered.

LogRhythm for your SIEM Needs

Overall Satisfaction with LogRhythm