LogRhythm Security Intelligence Platform
Strengths: Forensic tool and SIEM wrapped into one.
Verdict: One of the top SIEMs you can buy.
LogRhythm is a security information and event manager that is extremely customizable, functional and user friendly. The tool is supportive of forensic investigations and keeps raw data as well as the correlation of that data.
The company sent us a serious server with a large amount of disc space and RAM. We could tell right away that this was designed for large deployments. Setup left a little to be desired as there was no auto-update or even an update button. We had to download the newest version off the site. While it was not exactly plug-and-play, as soon as it was up and running, it was extremely intuitive, quick and a pleasure to use.
Usually, especially in large products, there is a tradeoff between customizability, user friendliness and, often, speed. LogRhythm's web interface proves that this isn't necessarily true. The web interface on LogRhythm Security Intelligence Platform is stunningly intuitive, customizable and the fastest one we've used. It supports more than 700 log types and scriptable parsing to other logs just in case users need to send other logs to it. LogRhythm also allows scriptable responses to events and correlated events, including killing processes or raising a ticket to higher tiers of analysis for manual approval of killing that process. LogRhythm's AI engine can also take a known sterile machine and establish a baseline - critical for point-of-sale-type systems - and provide alerts for processes that don't fit into that sterile model.
We were impressed with the offering's forensic abilities and its capability to drill down into logs, search them along multiples parameters, and continue working while it looks through potentially hundreds of thousands of logs without slowing down the interface. Everything about LogRhythm's interface saves users time or makes it easier.
Documentation was all easily accessible online. There is a guide to do just about everything, though they do not have quite as many visuals as we'd like to see. However, they are clear and concise with step-by-step procedures to get anything done.
Standard support and maintenance includes all software updates, including major and minor releases, and hardware warranty support for three years. Phone aid is accessible from 7 a.m. to 7 p.m. MST, and a 24/7 support portal is available. Platinum includes everything from standard support and 24/7 phone and email support.
LogRhythm is one of the most configurable and automation-ready solutions we tested. It is certainly one of the quickest, empowering the analyst with all the data they could want. Once set up, LogRhythm is without a doubt one of the top products here. If you have a need to dig deep into your logs, while never losing sight of the big picture, LogRhythm may be the product for you. - BJ