LogRhythm Logging for the masses (of stuff you own)
Overall Satisfaction with LogRhythm
It is deployed as an enterprise logging solution. It collected logs from Windows (all flavors), *nix, Cisco, Syslog, NetFlow and other sources. It provides logs that are analyzed, reported on and used in daily operational troubleshooting. It provides scheduled reports to meet the auditing and compliance needs of an HIPAA organization.
Pros
- Great Web UI for help desk troubleshooting.
- Identification and drilldown of authentication issues.
- Performance trending.
- Correlation of events.
- Access and group policy change monitoring.
Cons
- Reporting is based on Crystal Reports, requiring a template prior to building a report. The template once saved, cannot be edited. Repeat until you get it right.
- Query building in the WebUI has little or no documentation.
- Depth of training on reporting is lacking.
- LogRhythm has had a positive impact on our reporting capabilities, although the reporting module is very difficult to use.
- Our support teams use LogRhythm to alert on, track and troubleshoot issues with authentication, inappropriate access attempts and other anomalous behavior.
- The cost of deployment was significantly lower than the competitor QRadar.
We had business requirements for the following features:
- Sustained flow acquisition and data collection of dissimilar log types from multiple sources.
- Customization for Reporting and Alerting in near real time.
- Offer Dynamic Monitoring.
- Presented in a Security Event Console.
- Automated Response Generation for Security Events.
- Support for Regulatory Compliance.
- Host, Application and Object Access Logs.
- Integration with IAM (Identity Access Management).
- Ability to Express and Track Compliance with User-Defined Policy.
- Mapping of Events to NIST/CSF and ISO 27001 Control Frameworks and Regulations.
- Incident Management and Workflow.
- Data Collection and Archiving.
- Redundancy, Scalability and Deployment Flexibility.
- Correlation and Taxonomy.
- Enterprise Administration, Auto-Discovery, Asset Classification, Embedded Security Knowledge
LogRhythm NextGen SIEM Platform Feature Ratings
Using LogRhythm
20 - Information security is the product owner.
IT support staff including desktop and server support and analysts
Regulatory Auditors
Executives receive reports
IT support staff including desktop and server support and analysts
Regulatory Auditors
Executives receive reports
Analysts, technicians, programmers, engineers
- Regulatory compliance
- Log collection and archiving
- Log analysis for troubleshooting issues
- Reporting of security and access activities
- The AIEngine allows us to track and alert on anomalous activity
- The dashboard gives a realtime view of activities
- Scheduled reporting has reduced required audit findings for our numerous HIPAA and SOC audits.
- File integrity monitoring will be added to our deployment
- We are adding new threat feeds to our deployment
Evaluating LogRhythm and Competitors
Yes -
| Attempts to get the demo version running on our test server were unsuccessful even with the assistance of a EIQ support engineer |
CorreLog | Successful tests were conducted over a period of two weeks. It appears the Windows solution will require a great amount of customization to be useful in our environment. Agents would be required to every endpoint. Company was disqualified by our team when Gartner failed to review them due to financial stability of the company. Size of development and support team is also a concern. |
Alien Vault | A review of available feature set did not fit the XYZ WIDGET CO. model. |
EventLog Analyzer | Off shore company, missed two different appointments for demo |
IBM QRadar | Rebranded version of our current solution. Got quote to replace what we currently have. 2 weeks ago I was promised a call from IBM sales to discuss further. Never got that call. |
LogRhythm | Appliance based solution. Online evaluation, full demo, great interaction with presales engineering. International support team. |
- Price
- Product Features
- Product Usability
- Product Reputation
- Third-party Reviews
LogRhythm is an appliance based solution. We deployed it as a high-availability
collector, with servers in all our geographically diverse data centers.
The appliance had the ability to add additional storage to the
repository as our storage requirements and retention times are extensive. We looked for a solution that had great reviews in the vertical space (SEIM). Log Rhythm's core business is just that.
collector, with servers in all our geographically diverse data centers.
The appliance had the ability to add additional storage to the
repository as our storage requirements and retention times are extensive. We looked for a solution that had great reviews in the vertical space (SEIM). Log Rhythm's core business is just that.
I would have required all competitors to provide custom reports that mirrored what we were getting from the system we retired. I would have asked for a side by side evaluation to be run for 30 days in our environment to compare all features. Log Rhythm advertised the features, but it took some time (up to a year) to realize that value.
Would I buy it again? Yes, but I would hire the Pro Services team to come on site and see our old platform, before deploying the new one.
Would I buy it again? Yes, but I would hire the Pro Services team to come on site and see our old platform, before deploying the new one.
LogRhythm Implementation
- Implemented in-house
- Professional services company
The implementation was two tiered in so much as our internal teams provided the initial rack and cable, base configuration and turn on. We then worked with the Pro Serve team at L R to get the system configured. There was issues not discussed by the sales team such as the need for a license for the full feature System monitor agent. Part of that disconnect was due to our changing sales force reps in the middle of the negotiation.
Yes - Physical installation. Rack, cable and network configuration
Power on and initial configuration of appliances
Configuration of log collectors
Configuration of endpoints to direct logs to the system (this is the most time consuming of all the steps)
Verify and accept logs from various resources
Begin creating lists of resources
Create reports and validate expected results, Tune report criteria, repeat
Create training documents for internal users
Power on and initial configuration of appliances
Configuration of log collectors
Configuration of endpoints to direct logs to the system (this is the most time consuming of all the steps)
Verify and accept logs from various resources
Begin creating lists of resources
Create reports and validate expected results, Tune report criteria, repeat
Create training documents for internal users
Change management was a small part of the implementation and was well-handled - Our company has a well defined change management program. The most challenging issue is getting the project team to understand the steps required to implement a system of this type. The other challenging issue was the steps to configure Windows logging and alerting. Tuning of logs could only be accomplished after the collection of a large number of logs. The tuning phase did not require C M approval or oversight.
- Configuration of the Life Keeper software
- Configuration of the endpoints. We have a large group of dissimilar systems including AIX, *inux, Cisco, Windows and other resources.
- Pruning of logs not needed for daily operations.
- Learning to generate reports similar to the ones previously available through our old SIEM Platform
LogRhythm Support
Pros | Cons |
---|---|
Quick Resolution Good followup Knowledgeable team Problems get solved Kept well informed No escalation required Immediate help available Support understands my problem Support cares about my success | None |
Yes - UP time is of the essence. I have a high availability deployment and must keep logs flowing into the system. Our desktop and analyst support teams uses the WebUI for daily operational and troubleshooting. The security team uses LR for reporting, alerting and monitoring of bad behavior trends.
Additionally, support is needed to assist when we can't get the information we know is there.
Additionally, support is needed to assist when we can't get the information we know is there.
Yes - I have discovered a couple of bugs in the reporting tools. Log Rhythm was quick to find workarounds and the issues were corrected in patch deployments.
During a recent update, there were issues with the 3rd party app (Life Keeper) that manages the high availability connection between the main system and backup server. That app had issues, and required the L R tech staff to engage other teams. They coordinated a conference call and worked with the other parties to insure I would get the assistance required to solve the issue. At the end of a couple of days, the issue had been corrected and the L R tech called to review and verify that failover was working as expected.
Using LogRhythm
Pros | Cons |
---|---|
Like to use Technical support not required Well integrated Consistent Quick to learn Convenient Feel confident using | Lots to learn |
- The WebUI is the most used part of the platform, used by our Desktop support analysts, engineers and others for daily operations.
- The security team uses the console and reporting tool on a daily basis.
- Adding new assets to the system is very easy.
- Performing an investigation results in a case, which can be shared with team members.
- The knowledge base is a great feature and keeps the system up to date with relevant data include report templates
- The Malware feed monitor keeps the database up to date with potential threat information.
- Reporting is very difficult, and results are often unpredictible
- Building queries in the WebUI require a bit of scripting to get the desired result.
- The AI Engine is a bit corny with the graphical cube approach to build out alert scenarios.
Comments
Please log in to join the conversation