April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Easy to deploy and manage with many reporting and alerting functions built in
- Weaknesses: Nothing that we found
- Verdict: A solid product with very good value and performance
The LogRhythm appliance goes way beyond traditional security event monitoring and management. It features log and event management functions, as with any SIEM, but beyond that it includes advanced correlation and pattern recognition driven by its onboard Advanced Intelligence Engine, host and file integrity monitoring and drill-down capabilities to get to the raw log data for analysis and forensics.
Overall, we found this product to be easy to set up and manage. To get started we had to power on the appliance and allow it to go through a brief initial power-on procedure to set up Windows Server 2008. After the initial start-up process, we were able to set the IP and network settings and we were pretty much done with the deployment. All further management is done via a well-designed web-based management interface, which we found to be intuitive to navigate. It also includes a multitude of analysis and monitoring tools, including many charts that could be drilled down into for deep event analysis.
LogRhythm came loaded with monitoring and reporting capabilities. On top of being able to drill down quickly and easily from any event to raw log data, it features a lot of automation and compliance reporting functions. The automation aspect includes the LogRhythm SmartResponse, which delivers immediate action on real-world issues, such as when specific cyber threats are detected or compliance-driven policies are violated. This allows for administrators and security managers to focus on the investigation of an incident, rather than trying to plug the hole in a time of crisis.
This appliance also came preloaded with a large selection of compliance and predefined reporting templates, making report generation simple right out of the box.
Documentation is contained in the web-based management console of the appliance, and includes installation and administrator guides for help with advanced configuration or use of product features. We found all documentation to be well organised and easy to follow owing to many screenshots and step-by-step instructions.
LogRhythm offers customers 11/5 standard support or 24/7 premium support as part of an annual maintenance contract, consisting of phone- and email-based technical assistance and access to software updates, including all major and minor releases and hardware warranty options. Customers also get access to a portal via the website, which includes a knowledgebase, user forums, documentation, support tips, downloads and other resources.
We find this product to be excellent value for the money. LogRhythm is a powerful yet reasonably priced appliance that includes many excellent features and functions onboard right out of the box. Along with powerful functionality, this appliance is easy to use and manage, which makes it an all-around good value investment for any organisation looking to deploy SIEM.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Russian intelligence claims to bust up pending banking cyber-attack
- Presidential commission calls for collaborative action to combat cyber-threats
- Russia's banks will be hacked today, apparently
- Met Police grab suspect with phone unlocked to get hold of data
- Researchers hack Visa cards in six seconds