A very powerful SIEM with a robust AI engine
September 13, 2019
A very powerful SIEM with a robust AI engine
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with LogRhythm NextGen SIEM Platform
We currently are utilizing the LogRhythm SIEM primarily for Information Technology needs. This product is leveraged in a number of ways, one of which is to help auditing security events such as someone being added to the "Domain Administrators" security group in Active Directory. Additionally, we utilize the dashboards (both built-in and custom) to monitor events such as successful authentications from outside of the United States (since all our offices are within the USA).
Pros
- LogRhythm SIEM provides an amazing granularity when it comes to building reports and alerts/alarms. There are a variety of syntaxes that are supported (regex, boolean, Lucene, etc) so getting exactly what you want is easy.
- There is a vast amount of pre-defined log source types already available so adding new log sources is a breeze. Additionally, you have the ability to custom-parse a log type for those instances in which there isn't already a pre-defined log type.
- LogRhythm is constantly improving its software and the capabilities/integrations that it provides. SmartResponses are also frequently being developed, which really help us to quickly (or automatically) take action when certain events are triggered.
Cons
- They have been expanding the functionality of the "cases" features in the SIEM, which works fine, however, we don't utilize that feature in our deployment so (for us) it is a wasted feature.
- Since the application provides such granularity/control, it can seem a little overwhelming to someone unfamiliar with the software. Luckily the software is pretty intuitive and laid out in a manner that is easy to understand. I would highly recommend sending your administrator to the (1 week long) on-site training that LogRhythm offers.
- In order to really get the most out of the software, it takes a decent amount of work to get it configured. The software will function without specifying your subnets/VLANs, but for more accurate reporting it is recommended to define that information. I don't really consider that to be an oversight or issue with the software, but it is something to think about with any SIEM solution. It takes a little bit to really get it defined before you get the most out of it.
- The ability to search through logs in a centralized location really helps us to provide RCA (Root Cause Analysis) to management for outages. This helps us to quickly identify the cause of outages and thus saves money due to reduced downtime.
- Being able to configure the alarms to provide real-time notification (and responses) to security events helps to prevent potential loss due to compromises (such as a fraudulent wire transfer).
- The initial investment in LogRhythm SIEM is somewhat expensive, however, the appliance is built to your specific needs so you won't have to constantly be upgrading the device as your company grows.
Do you think LogRhythm NextGen SIEM Platform delivers good value for the price?
Yes
Are you happy with LogRhythm NextGen SIEM Platform's feature set?
Yes
Did LogRhythm NextGen SIEM Platform live up to sales and marketing promises?
Yes
Did implementation of LogRhythm NextGen SIEM Platform go as expected?
Yes
Would you buy LogRhythm NextGen SIEM Platform again?
Yes
Comments
Please log in to join the conversation