Bottom Line
LogRhythm’s SIEM offering boasts high ratings from users and analysts. It is easier to deploy than some top-of-the-line SIEM products, but may not scale to support very high event volume environments. It is best for small and mid-sized organizations that already possess some kind of threat intelligence and analytics functionality.
Company Description
Founded in 2003, LogRhythm bills itself as “the security intelligence company,” with a primary focus on developing next-generation SIEM solutions. It is privately held.
Product Description
LogRhythm unifies SIEM, log management, network and endpoint monitoring and forensics, as well as security analytics. It incorporates threat lifecycle management, security automation and orchestration (SAO), compliance, and targeted searches that use contextual or unstructured criteria. It includes modules such as Platform Manager, AI Engine, Data Processors, Data Indexers and Data Collectors. Earlier this year, LogRhythm released its GDPR Compliance Module and CloudAI, an analytics-as-a-service offering leveraging artificial intelligence in support of threat detection.
LogRhythm is consistently rated among the Leaders in Gartner’s SIEM Magic Quadrant, with its strong core SIEM platform with complementary host and network monitoring capabilities. Gartner lists areas for improvement as machine learning-driven analytics; easier integration with third-party solutions; fully open APIs; and greater support for threat intelligence feeds out of the box. Gartner said it may not scale to support very high-event volume environments and is thus best for small and mid-sized organizations with good threat intelligence and analytics functionality.
See our complete list of Top SIEM Products.
LogRhythm SIEM Features Rated
Threats blocked: Very good. LogRhythm SIEM provides out-of-the-box analytics content (950+ threat scenarios) available in organized modules, as well as the ability to create custom content. Its processing tier on log data enables pre-defined rules to be vendor-agnostic so users can align them to their use case without customization.
Sources ingested: Best. The LogRhythm NextGen SIEM Platform supports over 850 supported data sources, including IoT devices, physical security systems, operating systems, and applications. A single deployment can process hundreds of thousands of messages across a global environment.
Performance: Very good. SANS Institute verified LogRhythm’s ability to collect and process a sustained 300,000 messages per second (MPS). A single LogRhythm Data Processor processes up to 40,000 MPS and scales horizontally in an active: active architecture to increase processing rates. LogRhythm Data Indexers process data at more than 20,000 MPS per node. LogRhythm NetMon, a network analytics and forensics sensor, supports up to 10 Gbps.
Value: Good. Users are generally satisfied with what they get for their money. Risk-based scoring, security orchestration and automated or semi-automated tasks can save security teams time and boost productivity.
Implementation: Very good. Ease of deployment is a common theme among users.
Management features: Very good. Users praise the product’s ease of use, with some noting they’d like to see more robust reporting features.
Support: Very good. Users rate LogRhythm’s support above average, with four-hour responses to technical support requests and standard and premium support levels available.
Scalability: Good. LogRhythm supports up to 10 Data Indexers in a cluster and multiple clusters in a single LogRhythm deployment. But Gartner said some clients found it hard to scale to very high-volume environments.
Security qualifications
FISMA, GPG13, PCI DSS, the Health Insurance Portability and Accountability Act (HIPAA), NERC CIP, SOx and ISO 27001.
Delivery
Can be deployed as an appliance, software, or virtual instance.
Agents
LogRhythm can collect all types of Windows Event Logs with or without the use of an agent. Its agent technology facilitates the aggregation of log data, security events and other machine data. Data Collectors can operate locally or remotely.
Pricing
The platform begins at $28,000, with subscription options also available. Subscription pricing is tied to volume consumption. Licensing is also based on a daily (rather than hourly) average of messages per second (MPS).
For more analysis of LogRhythm’s SIEM, see our LogRhythm vs Splunk SIEM product comparison.
Top LogRhythm SIEM Alternatives
1 ManageEngine Log360
Log360 is a SIEM solution that helps combat threats on premises, in the cloud, or in a hybrid environment. It also helps organizations adhere to several compliance mandates. You can customize the solution to cater to your unique use cases.
It offers real-time log collection, analysis, correlation, alerting and archiving abilities. You can monitor activities that occur in your Active Directory, network devices, employee workstations, file servers, Microsoft 365 and more. Try free for 30 days!
2 Graylog
Graylog is a log management and SIEM that is easier, faster, more affordable than most solutions. It is a scalable, flexible cybersecurity platform that combines SIEM, security analytics, industry-leading anomaly detection capabilities with machine learning that adapts to your environment and grows with your business. Built by practitioners for practitioners, Graylog Security flips the traditional SIEM application on its head by stripping out the complexity, alert noise, and high costs.
3 Managed Threat Complete
Managed Threat Complete extends your team fast with Rapid7 MDR analysts and digital forensics and incident response experts working side-by-side. Your environment is monitored 24/7/365, and threats are acted on, end to end. Data collection is unlimited. Incident response, unlimited. Vulnerability management, unlimited. And it’s consolidation with a strategy: you proactively handle your risks, and Rapid7 reacts for you when a threat gets real.
