Review: LogRhythm takes SIEM to the next level

LogRhythm Enterprise offers a lot of protection and assistance for finding and remediating threats … and sometimes even pre-threat actions.

When they were first created, Security Information and Event Manager (SIEM) platforms solved a big problem in cybersecurity: Too many alerts were being generated by multiple defensive tools like firewalls and log analyzers, and information technology teams had to go into each of them individually to check the health of their network. SIEMs collected all of that data in one place.

Today, most SIEMs are overloaded themselves, and just collecting data is no longer such a valuable skill. To be truly useful in today’s threat-rich environment, SIEMs need to analyze threats from multiple angles, help to classify them based on their severity, and provide tools to help mitigate the problem. And a really advanced SIEM would even solve some of those problems automatically, saving time and further reducing all of the security noise that a modern enterprise network generates.

That’s a pretty tall order, but it’s one that LogRhythm was able to effortlessly tackle during this evaluation.

Getting started

LogRhythm offers two core products: LogRhythm Enterprise, which is designed to drop into complex, enterprise environments with a lot of existing security tools, and LogRhythm XM, which is designed for small and medium sized businesses that don’t have a lot of cyber maturity or robust monitoring and defenses. We looked at LogRhythm Enterprise.

LogRhythm considers its product a next-generation SIEM, and has for years been included in the Gartner magic quadrant for that category. While it’s true that there are a lot of very helpful additional features packed into LogRhythm Enterprise, including automation, the main console is immediately recognizable as an SIEM.

LogRhythm Dashboard John Breeden II

There are a lot of very useful extra features in LogRhythm Enterprise, but right from the main dashboard, it’s clear that the heart of the platform is an enterprise SIEM.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!