LogRhythm’s next-generation SIEM platform integrates log management, security analytics, and SOAR with network forensics and endpoint monitoring to give organizations the ability detect and mitigate threats.
An extensive range of early indicators and risk scores trigger rapid alarm triage, threat qualification, response and mitigation. Risk-based prioritization helps automatically corroborate evidence of higher risks with their scoring to recognize incident progression across the attack lifecycle to simplify the daily duties of an analyst.
The LogRhythm NextGen SIEM Platform offers many features, including several graphs, precision searches, a phishing intelligence engine, a threat activity map, case management reports and a collaborative platform.
The console itself is reminiscent of Microsoft’s Windows XP GUI, consisting of straight-to-the-point visuals and graphical icons. These icons are, however, on the small side and difficult to make out by default. This is where you first assign the licenses to the data processors, which determine how many can operate, and how many messages per second (MPS) can be processed. After verifying the licensing, we ran into a few technical issues, but the support team was extremely helpful, and we were able to get things up and running with their assistance.
The dashboard was neatly organized with high level overviews containing a lot of information for quick visibility. All dashboarding capabilities are based on HTML5. The dashboards are fully customizable. More than 850 log sourcing types are supported for full message processing and custom log sources.
Playbooks are predetermined, step-by-step guides laid out to assist security analysts in the remediation process. They ensure consistency of responses and increase efficiency by quickly laying out a plan of action. This functionality comes with this solution out-of-the-box but can also be user generated for use when an alarm is triggered. Organizations can also use playbooks found on the community portal. The alarm structure is risk prioritized to triage events so you can focus on the issues most important to your organization. Smart responses are another feature to automate actions and take remediation steps.
Several different compliance frameworks can be integrated, including a newly incorporated CIS offering. CIS Security Controls are included. Built-in searches can be tied to these compliance frameworks as well. No ad hoc charges are required to incorporate compliance. A variety of reports can be scheduled and downloaded as PDFs including compliance reports with requirements mapping displayed.
Pricing begins at $43,500. Support is offered with Standard and Premium options. Support includes phone and email. The online community can be accessed through any browser. A full user guide is offered on the web UI as well.
Tested by Matthew Hreben