LogRhythm NextGen SIEM Platform Reviews and Ratings
Rating: 7.3 out of 10
Score
7.3 out of 10
Community insights
TrustRadius Insights for LogRhythm NextGen SIEM Platform are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.
Pros
Intuitive and Easy-to-Implement Building Blocks: Many users have praised LogRhythm for its intuitive and easy-to-implement building blocks that are represented as drag and drop elements. This feature has been mentioned by several reviewers, highlighting the platform's user-friendly interface.
Powerful Anomaly Detection Capabilities: LogRhythm's statistical building blocks have powerful anomaly detection capabilities that are difficult to find in other SIEMs, making it stand out in terms of event classification. Several users have commended this feature, emphasizing its effectiveness in identifying and classifying anomalous events.
Great Help Desk Troubleshooting with Web UI: LogRhythm's Web UI is highly regarded for help desk troubleshooting purposes. Users appreciate its ability to easily identify and drill down into authentication issues, performance trending, and correlation of events. This functionality has been positively mentioned by multiple reviewers.
We use LogRhythm NextGen SIEM Platform in our university to ingest all types of logs. Be it firewall logs, window events logs etc. If it has a log then we send it to LogRhythm NextGen SIEM Platform. This ensures that we have all our logs in one central place which can then be used to analysis and cross section and use case creation.
Pros
Log Ingestion
Dashboards
Alerts
Cons
Hard to Use
Multiple modules with different points of entry
Needs AI
Likelihood to Recommend
If you want one of the best SIEM platforms out there with in built ready to use dashboards and use cases then LogRhythm NextGen SIEM Platform is the SIEM for you. However, you will need technical training and expertise to make sure that it runs smoothly and to built your own custom use cases. And also it's expensive.
We have deployed LogRhythm NextGen SIEM to incorporate all of our system logs, network appliances, and security servers. It provides well-profiled logs that we use in daily operational in-depth diagnosing. The SIEM also offers automated reports that review our logs daily. The inbuilt and customized dashboards monitor events' real-time security. The AI engine regulations rapidly detect malicious events and send us immediate alerts. It also issues organized reports to fully meet our HIPAA compliance needs.
Pros
Massive log incorporation.
Top notch reporting and alerting features.
It rapidly detects hostile activities through the AI engine regulations.
Cons
Executing huge web searches on web traffic can make it a bit rickety.
It has a tight support for cloud domains.
Likelihood to Recommend
LogRhythm is good for providing a comprehensive view of the environment. It gives a great outline of whatever is going on in our servers and systems regarding security malfunctions. The SIEM sends real-time notifications when there are some occurrences; like creating a new user and inappropriate login attempts. It also avails a good use case that meets our HIPAA compliance.
VU
Verified User
Engineer in Information Technology (10,001+ employees)
It's been 3 years that I started using LogRhythm. It is very good. The LogRhythm SIEM is an extremely well-rounded platform, definitely one of the best on the market when compared to the many other products I've used in the 6 years of my career in information security. The product and its features have continued to evolve over the past 4 years that I've managed it by making it easy for new and veteran analysts to get the information they need in a timely fashion. The setup, installation, and maintenance of the solution are seamless for our implementation. The product has a great community and slack channel where people share ideas or help each other. The documentation and support for the SIEM product are extensive and easy to find, and without much interaction, with LogRhythm support, we were able to learn just about any aspect of the highly configurable SIEM. A great product.
Pros
Paltform
UI
ENGINE
Cons
nothing is missing
all good
with futuristic room
Likelihood to Recommend
It is well suited for infra where Info security is needed. as and when <ul><li>Enhance decision making</li><li>Improve compliance & risk management</li><li>Improve business process agility</li><li>Create internal/operational efficiencies</li><li>Improve business process outcomes</li><li>Product roadmap and future vision</li><li>Strong services expertise</li><li>Product functionality and performance</li><li>Breadth of services</li><li>Strong customer focus</li><li>Strong user community</li></ul>
VU
Verified User
Professional in Information Technology (10,001+ employees)
<div>Our Security Team is using LogRhyhthm NextGen SIEM Platform at the University of Colorado.
</div><div>This our alarming default system that parses logs from our firewall, outlook, system logs, IDS logs, and some confidential cloud data logs and displays tickets.</div><div>LogRhythm NextGen SIEM Platform is right for our organization as it requires no knowledge in coding or programming. Therefore non-technical users can also use this product to build rules and manage the servers.
</div><div>The second benefit is the "drill down" feature that goes to the depth of the event, extracts information, and display in a very well structured manner with easy to understand visualization. It is very easy to go through and detect the problem. It also has a robust search tool for parsing through a high volume of logs.
</div><div>
In a nutshell, our overall incident response went a lot better than what it used to be five years ago.
</div>
Pros
LogRhythm NextGen SIEM Platform has an alarm system that generates tickets based on the event and the way it has been configured in the LogRhythm console. Let's say we have a ticket for a malicious email attachment. The ticket will some information like the source of the log, the source IP, destination IP etc. It can be drilled down to obtain specific information like the recipient, source location, file attachment name, SHA hash of the file, source and destination port, time, mac address of the machine that downloaded it etc. This helps the analysts to go to the root of the cause and take actions easily without manually parsing them.
The second good thing about the LogRhythm NextGen SIEM Platform is that it is very easy to use with its well-structured interface. To use LogRhythm, an user barely require any technical skills. A little overview of IP, CIDR, hash, etc. is enough to get your hands on it. It requires no programming or coding skills, as everything is GUI based. It also provides a beautiful visualization dashboard. There is another beautiful feature that it provides for the classification of events, known as cases. Multiple users working on the same platform can create cases and add events to it. They also help to maintain future reference.
The third good feature is the search tool which is very powerful. For example, sometimes it is hard to find the users who downloaded a malware from the guest wireless of the institution and not the private network. The search tool helps us in searching the user by automatically correlating the MAC address from the current network logs and the previous logs as the MAC address is the same. It is highly scalable for parsing a large number of logs from various sources.
I particularly think this is one of the best software available for log parsing in an organization where non-technical users are working on incident response. This tool has a good amount of flexibility. However, it can only be configured with the LogRhythm NextGen SIEM Platform Console.
In terms of usability, as already mentioned, it is a very easy tool to use, with a GUI based interface.
Cons
The LogRhyhtm NextGen SIEM Platform is good in terms of looks, but sometimes it is too sophisticated to do the simplest of tasks like, for example: counting the number of occurrences of a particular IP address in total logs for that specific day or month.
They can provide a simple syntax bar like Splunk, for technical users who feel a syntax-based query is more powerful than just GUI.
There can be a feature that can help you customize the amount of data to be displayed without "drill down." A lot of the time, it isn't worth waiting 10-15 seconds to find 5% extra required information that could be displayed easily before drilling down.
It doesn't have any online community or proper documentation that has a user rating on it. A lot of the times, their documentation doesn't help us.
Likelihood to Recommend
I will say that the LogRhythm NextGen SIEM Platform is well suited for an organization that is not very big but has multiple log sources. Or a lot of non-technical employees who do not know how to code or do write custom queries. Typically it is a good fit for universities and mid-range startups. This has an excellent interface, dashboard, useful for managing roles, but it doesn't provide the level of customization that a technical person with knowledge of coding probably would prefer. Software like Splunk and Elastic Search are much more flexible in terms of the granularity of the search.
VU
Verified User
Analyst in Information Technology (5001-10,000 employees)
We utilize LogRhythm across our entire organization for log collection and security investigations. We utilize both log collectors and Syslog pulls across all Windows platforms as well as Linux systems.
Pros
Centralized log collection database.
Searching logs for security incidents.
Running smart responses for more routine checks via API's with other platforms.
Cons
Configuring log collectors could be more intuitive via the thick clients.
Merging the Thick and Thin client consoles would be a nice architecture change.
Likelihood to Recommend
It is well suited If you just have Windows servers and platforms that utilize sys logging the process is relatively easy to collect logs.
VU
Verified User
Analyst in Finance and Accounting (1001-5000 employees)
Our organization is subject to both SOX and PCI compliance regulations. We use the LogRhythm NextGen SIEM platform as a central point of all log collection for our Windows and NIX servers as well as our network appliances. It also allows us to alert on certain events such as the use of elevated privileges.
Pros
Once LogRhythm is running, it's a fairly simple and quick process to get logs ingested. You can have your first log sources being parsed with 30 minutes.
LogRhythm is very good at parsing out Windows event logs and presenting them in an easily readable way.
Searching/Investing thru logs is extremely quick with LogRhythm.
Cons
While searching for log events is quick, the interface isn't as user-friendly as other SIEM products.
Many of the administrative/management functions are only available through the full LogRhythm desktop console, not through the web console.
The LogRhythm agent, when used for FIM and RIM, is very memory intensive.
Likelihood to Recommend
The LogRhythm NextGen SIEM Platform is well suited for collecting logs from Windows/NIX servers and generating alerts from certain events such as a user account being added to a privileged or administrator group. It might have issues with larger-scale deployments with regards to certain network appliances and the rate of event/log collection.
VU
Verified User
Team Lead in Information Technology (10,001+ employees)
My current company provided the solution to one of our clients and I was involved in the implementation process. It's being used by the IT security department to primarily monitor financial & security problems. LogRhythm is used in detecting unusual financial transactions, new/existing security threats within the network, and in detecting when people are not following corporate policy around avoiding particular applications/websites.
Pros
User-Friendly UI
GUI based control panel
Integrated platform
Cons
Reporting
More Correlation Rules Needed based on Behavior Analytics
Likelihood to Recommend
It is suited for all kinds of organizations especially for those where IT security professionals are involved in multiple activities. LogRhythm is really easy to get used to, so even if the users don't get to spend enough time with this solution, they will still be able to understand the basic offerings.
VU
Verified User
Engineer in Information Technology (501-1000 employees)
We use LogRhythm NextGen SIEM as a centralized system log repository. We purchased the product 5 or so years back to satisfy PCI compliance as our company has to maintain level 1 PCI compliance which states that all your system logs have to be maintained in a central location. We review the logs daily via automated reports sent to our ticketing system. It helps us keep on top of issues and to maintain compliance.
Pros
Updated GUI interface is rather easy to use and looks nice
Once up and running, seems to remain that way, we don't really have any issues with it
Was cost effective compared to other solutions
Cons
Implementation is tricky, definitely requires having them do the implementation for/with you
The software can be overly complex at times
Adding a Windows server to the solution isn't hard but seems like it could be made quicker/easier
Likelihood to Recommend
I'd say LogRhythm is best suited for larger environments with hundreds of servers and network devices. For smaller businesses you could probably get by with one of the many free open source logging solutions out there, though it may be harder to get up and running without some assistance. For example many years ago when we were much smaller we used a really cheap solution called Kiwi but back then we had maybe 20 servers instead of 250+ we have today and that worked fine for those, but no way could we do that now.
VU
Verified User
Administrator in Information Technology (10,001+ employees)
We currently are utilizing the LogRhythm SIEM primarily for Information Technology needs. This product is leveraged in a number of ways, one of which is to help auditing security events such as someone being added to the "Domain Administrators" security group in Active Directory. Additionally, we utilize the dashboards (both built-in and custom) to monitor events such as successful authentications from outside of the United States (since all our offices are within the USA).
Pros
LogRhythm SIEM provides an amazing granularity when it comes to building reports and alerts/alarms. There are a variety of syntaxes that are supported (regex, boolean, Lucene, etc) so getting exactly what you want is easy.
There is a vast amount of pre-defined log source types already available so adding new log sources is a breeze. Additionally, you have the ability to custom-parse a log type for those instances in which there isn't already a pre-defined log type.
LogRhythm is constantly improving its software and the capabilities/integrations that it provides. SmartResponses are also frequently being developed, which really help us to quickly (or automatically) take action when certain events are triggered.
Cons
They have been expanding the functionality of the "cases" features in the SIEM, which works fine, however, we don't utilize that feature in our deployment so (for us) it is a wasted feature.
Since the application provides such granularity/control, it can seem a little overwhelming to someone unfamiliar with the software. Luckily the software is pretty intuitive and laid out in a manner that is easy to understand. I would highly recommend sending your administrator to the (1 week long) on-site training that LogRhythm offers.
In order to really get the most out of the software, it takes a decent amount of work to get it configured. The software will function without specifying your subnets/VLANs, but for more accurate reporting it is recommended to define that information. I don't really consider that to be an oversight or issue with the software, but it is something to think about with any SIEM solution. It takes a little bit to really get it defined before you get the most out of it.
Likelihood to Recommend
I currently am leveraging LogRhythm to help me keep an eye on auditing. I have configured many different AI rules that look for specific event IDs such as users being added to administrator groups, accounts being locked out, or successful international logins. Additionally, since Windows Event logs frequently fill up and are overwritten, we use the LogRhythm SIEM as a log repository that can be searched to help identify the root cause of outages. The "second look" feature is nice as well because I can do a historical search in logs from well over a year in the past.
VU
Verified User
Analyst in Information Technology (1001-5000 employees)
