If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect
Anonymous | TrustRadius Reviewer
October 14, 2019

If we were a smaller environment, LogRhythm's NextGen SIEM Platform would be perfect

Score 5 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with LogRhythm NextGen SIEM Platform

Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.
  • Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
  • LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
  • Searching/Investing thru logs is extremely quick with LogRhythm.
  • While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
  • Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
  • The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
  • We were able to consolidate two legacy SIEM products into LogRhythm NextGen SIEM Platform.
  • We are able to provide reporting on SOX and Compliance requests immediately whereas it might have taken a couple of days with our previous SIEM platforms.
  • Since we are not using the LogRhythm agent on servers, we had to spin up a large number of VMs to act as data collectors.
LogRhythm's NextGen SIEM Platform is lightning fast when compared to other SIEM platforms. With our previous SIEM platform, it would take several hours to query for certain events over a 90 day period. For more advanced queries we'd sometimes have to let it run overnight. With LogRhythm's NextGen SIEM Platform, we are able to provide data on the same query in minutes.
While LogRhythm support is generally quick to respond, the initial response is usually from a first line support engineer with general knowledge of the product. Any advanced or complex issues have always required the assistance of a higher tier of support, directly or indirectly. For a few occasions we actually used our PS hours to work on the issue.

Do you think LogRhythm NextGen SIEM Platform delivers good value for the price?

No

Are you happy with LogRhythm NextGen SIEM Platform's feature set?

No

Did LogRhythm NextGen SIEM Platform live up to sales and marketing promises?

No

Did implementation of LogRhythm NextGen SIEM Platform go as expected?

Yes

Would you buy LogRhythm NextGen SIEM Platform again?

No

The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.

LogRhythm NextGen SIEM Platform Feature Ratings

Centralized event and log data collection
8
Correlation
7
Event and log normalization
7
Deployment flexibility
6
Integration with Identity and Access Management Tools
7
Custom dashboards and views
9
Host and network-based intrusion detection
7