April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Powerful correlation and forensic analysis tools with extensive prepackaged reports.
- Weaknesses: Complicated install.
- Verdict: Customers willing to invest in support services will be very pleased with the performance of this product.
The basic setup is, as it turns out, a little complicated. LogRhythm recommends, and we agree, that purchasers of the product should secure a few hours of deployment assistance. That said, the engineer with whom we worked had our evaluation system up and ready to accept log data in about 15 minutes. Larger deployments - with hundreds of log sources - would obviously take a bit more time, but for our small, all-in-one deployment, it wasn't that bad.
LogRhythm is comprised of a series of modules. The Console provides the user interface and offers a single pane of glass for viewing logs, events, alerts and reports, conducting investigations and managing workflows. Designed to support fast access to millions of records, the console enables users to quickly correlate, search and pivot through their data rapidly. The integrated case management system enables events to be easily assigned to users for later analysis. In addition to the robust installable console, new to v6.2 is an attractive web GUI. While it is obviously in its infancy, it nevertheless enables quick, at-a-glance views of a number of reports and alarms and allows limited investigation. Still, the bulk of an analyst's work needs to be done in the console. The Event Manager provides centralised event and incident management, analysis, reporting and configuration management across the entire deployment.
The Log Manager provides centralised log storage, log processing and archiving functions. The Artificial Intelligence Engine is the analytics platform and is the real meat of the tool. Taking log data from the Log Manager, it performs log correlation, pattern recognition and behaviour analysis before sending results to the Event Manager. Finally, the System Monitor Agent does the actual log collection. Installed locally or on remote systems, it provides log collection services to Windows, Linux, AIX, HPUX and Solaris systems. All logs received are parsed and metadata is derived from them, which is then loaded into a database, greatly increasing performance while searching or performing analysis.
Product documentation was done very well. All product features and functions are clearly explained via a series of PDFs. Documentation is also available through LogRhythm's support portal, which contains online versions of those documents, as well as a user support forum.
There are a number of support options offered by LogRhythm. However, the two most common are standard and platinum. The standard tier provides phone, email and web support from seven to 18:00 US Mountain Time. It also includes software updates, a three-year hardware warranty, four-hour response to technical support requests within normal assistance hours, and next-day on-site hardware aid. The platinum tier increases coverage to around the clock, with four-hour technical support response and four-hour on-site hardware help.
LogRhythm starts at £16,602, and the standard support option is priced at 20 per cent of the base cost of the product, annually.
Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report