LogRhythm’s SIEM offering boasts high ratings from users and analysts. It is easier to deploy than some top-of-the-line SIEM products, but may not scale to support very high event volume environments. It is best for small and mid-sized organizations that already possess some kind of threat intelligence and analytics functionality.
Founded in 2003, LogRhythm bills itself as “the security intelligence company,” with a primary focus on developing next-generation SIEM solutions. It is privately held.
LogRhythm unifies SIEM, log management, network and endpoint monitoring and forensics, as well as security analytics. It incorporates threat lifecycle management, security automation and orchestration (SAO), compliance, and targeted searches that use contextual or unstructured criteria. It includes modules such as Platform Manager, AI Engine, Data Processors, Data Indexers and Data Collectors. Earlier this year, LogRhythm released its GDPR Compliance Module and CloudAI, an analytics-as-a-service offering leveraging artificial intelligence in support of threat detection.
LogRhythm is consistently rated among the Leaders in Gartner’s SIEM Magic Quadrant, with its strong core SIEM platform with complementary host and network monitoring capabilities. Gartner lists areas for improvement as machine learning-driven analytics; easier integration with third-party solutions; fully open APIs; and greater support for threat intelligence feeds out of the box. Gartner said it may not scale to support very high-event volume environments and is thus best for small and mid-sized organizations with good threat intelligence and analytics functionality.
See our complete list of Top 10 SIEM Products.
LogRhythm SIEM Features Rated
Threats blocked: Very good. LogRhythm SIEM provides out-of-the-box analytics content (950+ threat scenarios) available in organized modules, as well as the ability to create custom content. Its processing tier on log data enables pre-defined rules to be vendor-agnostic so users can align them to their use case without customization.
Sources ingested: Best. The LogRhythm NextGen SIEM Platform supports over 850 supported data sources, including IoT devices, physical security systems, operating systems, and applications. A single deployment can process hundreds of thousands of messages across a global environment.
Performance: Very good. SANS Institute verified LogRhythm’s ability to collect and process a sustained 300,000 messages per second (MPS). A single LogRhythm Data Processor processes up to 40,000 MPS and scales horizontally in an active: active architecture to increase processing rates. LogRhythm Data Indexers process data at more than 20,000 MPS per node. LogRhythm NetMon, a network analytics and forensics sensor, supports up to 10 Gbps.
Value: Good. Users are generally satisfied with what they get for their money. Risk-based scoring, security orchestration and automated or semi-automated tasks can save security teams time and boost productivity.
Implementation: Very good. Ease of deployment is a common theme among users.
Management features: Very good. Users praise the product’s ease of use, with some noting they’d like to see more robust reporting features.
Support: Very good. Users rate LogRhythm’s support above average, with four-hour responses to technical support requests and standard and premium support levels available.
Scalability: Good. LogRhythm supports up to 10 Data Indexers in a cluster and multiple clusters in a single LogRhythm deployment. But Gartner said some clients found it hard to scale to very high-volume environments.
FISMA, GPG13, PCI DSS, the Health Insurance Portability and Accountability Act (HIPAA), NERC CIP, SOx and ISO 27001.
Can be deployed as an appliance, software, or virtual instance.
LogRhythm can collect all types of Windows Event Logs with or without the use of an agent. Its agent technology facilitates the aggregation of log data, security events and other machine data. Data Collectors can operate locally or remotely.
The platform begins at $28,000, with subscription options also available. Subscription pricing is tied to volume consumption. Licensing is also based on a daily (rather than hourly) average of messages per second (MPS).
For more analysis of LogRhythm’s SIEM, see our LogRhythm vs Splunk SIEM product comparison.