Strengths: Easy to deploy and manage with many reporting and alerting functions built in
Weaknesses: Nothing that we found
Verdict: A solid product with very good value and performance
The LogRhythm appliance goes way beyond traditional security event monitoring and management. It features log and event management functions, as with any SIEM, but beyond that it includes advanced correlation and pattern recognition driven by its onboard Advanced Intelligence Engine, host and file integrity monitoring and drill-down capabilities to get to the raw log data for analysis and forensics.
Overall, we found this product to be easy to set up and manage. To get started we had to power on the appliance and allow it to go through a brief initial power-on procedure to set up Windows Server 2008. After the initial start-up process, we were able to set the IP and network settings and we were pretty much done with the deployment. All further management is done via a well-designed web-based management interface, which we found to be intuitive to navigate. It also includes a multitude of analysis and monitoring tools, including many charts that could be drilled down into for deep event analysis.
LogRhythm came loaded with monitoring and reporting capabilities. On top of being able to drill down quickly and easily from any event to raw log data, it features a lot of automation and compliance reporting functions. The automation aspect includes the LogRhythm SmartResponse, which delivers immediate action on real-world issues, such as when specific cyber threats are detected or compliance-driven policies are violated. This allows for administrators and security managers to focus on the investigation of an incident, rather than trying to plug the hole in a time of crisis.
This appliance also came preloaded with a large selection of compliance and predefined reporting templates, making report generation simple right out of the box.
Documentation is contained in the web-based management console of the appliance, and includes installation and administrator guides for help with advanced configuration or use of product features. We found all documentation to be well organised and easy to follow owing to many screenshots and step-by-step instructions.
LogRhythm offers customers 11/5 standard support or 24/7 premium support as part of an annual maintenance contract, consisting of phone- and email-based technical assistance and access to software updates, including all major and minor releases and hardware warranty options. Customers also get access to a portal via the website, which includes a knowledgebase, user forums, documentation, support tips, downloads and other resources.
We find this product to be excellent value for the money. LogRhythm is a powerful yet reasonably priced appliance that includes many excellent features and functions onboard right out of the box. Along with powerful functionality, this appliance is easy to use and manage, which makes it an all-around good value investment for any organisation looking to deploy SIEM.