5 out of 5.0, Reviewed Sep 16, 2016
It's a great SIEM product right out of box and replaced our previous SIEM tool. From the beginning we just bring in log sources, go through the core module and turn on each AI engine rule to start. As we go through training and gain more experience with the product, we find even more use case and more value to the product.
Understand your environment and log sources. You might have more hidden log sources that can be utilized by the tool that you don't know.
The AIE provide correlation that help identify anomaly automatically so we can be notified through alarm or email alert.
None so far.
Identify all the log sources and discuss the deployment scenario with professional service at the beginning to get a full picture.
The product has all the capabilities we are looking for. There are several other features that we have not implemented yet/looking into implementing, such as threat intelligence feed, honeypot, File Integrity Monitoring...etc.
Support was very responsive.
4 out of 5.0, Reviewed Aug 17, 2016
LogRhythm can do a lot. But, it takes a lot to configure it properly. If you have other responsibilities and no one dedicated to the security role, you may find yourself getting it set up just enough to give you some alerts and then leaving it alone. This can cause problems for two reasons. One, when you do get back to it you find it hard to remember what to do. Two, I have logged into the appliance after a long period of not managing it and noticed the system monitors down. This ended up being due to Windows Updates that had happened on these devices a month before. Overall, it's a great product but it does take the time to manage. It is not a drop in and forget it device. Yes, you can do that and yes it will work, but that is nowhere near ideal.
Support is usually very quick to respond and they have always been able to find an answer quickly.
2 of 2 peer(s) found this review helpful.
4 out of 5.0, Reviewed Aug 15, 2016
We transitioned from the other big-name SIEM to LogRhythm, and have been pleased with the product.
Much easier to use out-of-the-box than Splunk, although there is a learning curve and takes some time getting used to.
Could be a little more intuitive on setting up alerts.
Support is helpful land timely. Only glitch would be that it took a week to get support portal access.
Professional services team were fantastic. Very helpful in transitioning from one SIEM to another, on the SAME infrastructure hardware (physical box)
4 out of 5.0, Reviewed Aug 9, 2016
The non-HA solution is very simple to implement and deploy. HA brought about some degree of complexity in terms of installation and configuration. The benefits of HA, however, are noteworthy particularly when updates/patches need to be installed and log collection cannot be interrupted. The recent addition of ElasticSearch for search and analysis is phenomenal.
We had a central Syslog collector that was hard to use, and by replacing it with LogRhythm, security incident investigations became a lot easier.
HA is of great benefit and would provide the optimum benefit when it becomes automated in terms of switch over.
The support team has been very responsive to our cases and provided acceptable solutions.
Syslog collection is the easiest to set up. Windows logs require an agent that is easy to install.
5 out of 5.0, Reviewed Aug 1, 2016
Willingness to work with their customers to deliver what they need.
5 out of 5.0, Reviewed Jul 26, 2016
Over the years LogRhythm has been extremely helpful and attentive. We have utilized this product since 2009, and while it was a better product at the time than the rest, it has only improved with age, and at the same time as the company has grown so large, they have managed to keep the loyalty to its customers by acknowledging the importance of customer service. Every upgrade has been well documented, easily performed, and team members have been in constant contact making sure we were satisfied. All tickets are addressed in a timely manner, with great knowledge. LogRhythm is an unbeatable solution whose capability keeps growing and improving while offering customer service and technical solutions of equal caliber.
The product is highly scalable and allows us to collect millions of logs each day, only to be limited by our personal resources (RAM/Storage).
We can't even keep up with the capabilities, but upon release, capabilities fuction as advertised or are annotated and disclosed.
4 out of 5.0, Reviewed Jun 16, 2016
Great organization to work with. It grows with my company and leverages peer groups to look at business functions.
Use a LogRyhtm TAM and configure the system to what your initial needs are. Then speak to your peers.
The hunting capabilities. It will go through 1.7 million logs and show me the few anomalies to focus on.
Support is great and the company is led by innovators.
I invested in a SOC, Not sure I see the value.
You need to completely bring in all log sources the more sources the greater value.
5 out of 5.0, Reviewed Jun 15, 2016
LogRhythm has maintained a small company feel, allowing us to work closely together to make changes to the system to increase its effectiveness in our organization. The software is more intuitive than some competitors and overall is consistent and actionable. Utilizing SE hours for our rollout helped immensely in resolving any issues as they arose and allowing us to stay on track for completion.
If there is something you don't like, speak up. We ran into a couple of bumps but once we voiced our concerns to the team we were happy to see they were quickly resolved.
Small company feel/support style. Fairly intuitive interface.
Make sure any newer SEs are paired up with an experienced SE, otherwise you give the customer a feeling of being hung out to dry.
We have had some issues with database integration and misunderstanding surrounding the impact of pulling logs from Windows, but these issues were worked through.
4 out of 5.0, Reviewed Jun 15, 2016
The sales experience was a great experience.
Review every line of the SOW to make sure you're getting what you actually need.
I love the capabilities and the addition of FIM.
The thick client is slow.
I wish the vendor had put me in touch with a sales engineer to review the deployment selected.
I would spend longer on the POC.
5 out of 5.0, Reviewed Jun 15, 2016
Excellent model for assisting in deployment. Made it easy to install, roll-out, and are helping us make it easy to understand the data being gathered.
Examine the ease of deployment and the excellent dashboards built into the product. Compared to some of their competitors, this was a far simpler roadmap to get up and running.
Ease of use.
Ensure resources on all sides (3rd party consultants, internal, etc.) are all available at same time.