Effective security at your hands.
Overall Satisfaction with LogRhythm
We currently use LogRhythm as a SIEM for our cloud environment, mainly managed by the Technical Services department. It helps with the log management of all our cloud devices and helps us find live attacks done in our both test and production environment. It also helps as a showcase for when a customer requires a demo presentation or needs a certain configuration done on their environment.
- The Analyze module is very useful for drilling down and winding down with filters what you need to see, regarding incidents and logs. It allows you to be agile and create a case with the current logs, appending them as evidence.
- The reports module is really easy to use, both for running and configuring them, as long as you have the queries ready for what you need. If you beforehand prepare what you're going to look for in a report, configuring a report from scratch is not hard.
- The dashboards are also very useful out of the box and easy to configure. You can make sense of the data with the proper queries and a very helpful feature is the ability to see the data with Live Data turned on, you're always on relevance while looking at dashboards.
- I wished it didn't need a thick client for configuring the tool. They could perhaps make a different login screen using the web for configuring the tool so you don't need to mix up the configuration of the solution with the security management.
- The training at the LogRhythm Thrive Partner Portal is somewhat hard. The content is very helpful, but the exams are perhaps too hard even for the 101. I understand there's a challengening part, but the learning curve could be smoothened out instead of making it too steep.
- I think the licensing of the agents should be more open. Instead of making it extra at a premium rate, you should allow your users to install it freely on their assets and receive logs from those assets.
- If your company is big enough (mid-size and upwards), you can see ROI pretty fast along with your other security systems and devices. The renewal process is easy also.
- LogRhythm has helped us in detecting external attacks on our organization and stopping them, if you spent the time configuring those properly.
AlienVault USM Appliance and USM Anywhere might lack some functionality where LogRhythm does well. For instance, SmartResponse functionality is more mature than the Orchestration rules at AlienVault USM Anywhere. You can easily script SmartResponse to act accordingly to each situation, and if you do so carefully (and test them), you can be assured your environment is safe automatically or if you set those up on approval mode, you can be agile by clicking the proper SmartResponse item when the opportunity arises.