Item: LogRhythm NextGen SIEM Platform
Rating: 5
Author: Verified User

Use Cases and Deployment Scope

Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.

Pros and Cons

Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
Searching/Investing thru logs is extremely quick with LogRhythm.

While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
The LogRhythm agent, when used for FIM and RIM, is very memory intensive.

Return on Investment

We were able to consolidate two legacy SIEM products into LogRhythm NextGen SIEM Platform.
We are able to provide reporting on SOX and Compliance requests immediately whereas it might have taken a couple of days with our previous SIEM platforms.
Since we are not using the LogRhythm agent on servers, we had to spin up a large number of VMs to act as data collectors.

Alternatives Considered

McAfee Enterprise Security Manager

LogRhythm's NextGen SIEM Platform is lightning fast when compared to other SIEM platforms. With our previous SIEM platform, it would take several hours to query for certain events over a 90 day period. For more advanced queries we'd sometimes have to let it run overnight. With LogRhythm's NextGen SIEM Platform, we are able to provide data on the same query in minutes.

Support Rating

While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.

Key Insights

Do you think LogRhythm NextGen SIEM Platform delivers good value for the price?

Are you happy with LogRhythm NextGen SIEM Platform's feature set?

Did LogRhythm NextGen SIEM Platform live up to sales and marketing promises?

Did implementation of LogRhythm NextGen SIEM Platform go as expected?

Yes

Would you buy LogRhythm NextGen SIEM Platform again?

Other Software Used

Splunk Enterprise, McAfee Enterprise Security Manager

Likelihood to Recommend

The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.

If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect

Overall Satisfaction with LogRhythm NextGen SIEM Platform