We performed a comparison between LogRhythm SIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
"The user interface is pretty good compared to other SIEM tools."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"The initial setup is pretty easy."
"The product is great for medium to large-scale organizations."
"The correlation engine is extremely valuable because it uses machine learning to process information from the central manager and identifies issues in the network."
"In terms of security, LogRhythm NextGen SIEM is great."
"One of the main features that I like about LogRhythm NextGen SIEM is that there are a lot of pre-built pieces. Like with our AV, we didn't have to tell it how to read the logs; they already had it pre-made. So, we essentially just had to follow their guide to get the logs imported in and set up some rules for it. We've only had to manually create the parsing rules for a few of our vendors so that we could interpret the logs correctly. Most of them had already been pre-created for us."
"It is easy to use."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable feature is the correlation rules."
"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."
"The support I have received from the vendor has been great."
"The solution's technical support is great."
"It can be easily deployed with the other solutions."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"Sometimes the Platform Manager crashes because it's built around Windows."
"The customer support system is time-consuming."
"I would like it to do a lot of the automation (which I still need to learn more about), because I am essentially a one man shop doing all the jobs. I'd like for it to be able to do more for me."
"I would like to see our vulnerabilities counter. We will be using Tenable to fill that void right now."
"We've tried to work with a couple of engineering department guys there. We've called them and called them but we never hear anything back."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"One thing we have mentioned to them before is that we'd like to be able to do searches, or drill-downs, directly from an alarm. When you click it and the Inspector tab slides out, that might be a good place to be able to click the host to search for the last 24 hours. I know the search is right there but it would be even nicer to just click that and then have an option to search something there."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"There should be support for multitenancy in the product."
"The solution needs to improve case management. The UI is confusing."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"Customized reports and alerting functionality could be included in the dashboard."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. LogRhythm SIEM is rated 8.4, while Trellix ESM is rated 7.4. The top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Securonix Next-Gen SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, Trellix Helix and Fortinet FortiSIEM. See our LogRhythm SIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I cannot respond to the query as I have worked with solutions based on NetIQ and AcrSight.
1. I feel the query is very generic and can not have any tangible response other than users listing their side of the stories (experience) while tabulating Pros & Cons would be inconclusive.
2. The vendors mentioned (McAfee, Splunk, LogRhythm and IBM Q1 Labs) are from the top quadrant and are very much comparable based on evaluation parameters such as List of Features, capabilities and capacities, Integration to other corporate IT security tools etc.
3. Methodology used by Gartner for evaluation of vendors for SIEM Quadrant should also be kept in view to get a realistic comparison. I feel, its not a real Apple-to-Apple comparison nor can be used as a measure to influence the decision making for a new deployment (or migration to another vendor)
4. I also feel that vendor experiences, most of the times are dependent on how clear you are of your own Security Landscape, Compliance & Regulatory drivers and requirements.
Thanks
Rajendra Nag
Unfortunately while evaluating SIEM solutions I was unable to evaluate the IBM solution. I tried to work with IBM for two weeks to get an evaluation of the product and finally gave up.
I think Splunk is an incredibly diverse and flexible product; however, if you are just looking for a SIEM I think it's a bit overcomplicated.
Our company choose SolarWinds LEM due to it's ease of deployments for small to mid sized environments and we have a good track record working with SolarWinds as a vendor.
I asked this question in a previous discussion, what is your experience with the solutions?
I went to Infoworld and found some pretty interesting results - www.infoworld.com
It seems that based on price, GFI took the prize with $220/server $22/workstation.
But based on features and sheer capability, Arcsight took the prize there.
Additional findings bring up HP Arcsight, IBM Q1 Radar and McAfee Nitro as the industry leaders - Gartner Magic Quadrant from 2013 - infosecnirvana.com
But if you were to go to the comparison charts:
Cons
HP Arcsight - Complex, Suited for Medium to large deployments, learning curve, skilled employees
IBM Q1 Radar - Limited Customization, limited multitenancy support, limited use case configuration
McAfee Nitro - Very basic correlation capabilities, requires agent installs, no analytics capability, limited customization, limited support for multi-tier, multi-tenancy
There are others these seem to be the leaders in the industry.
So from the report from Gartner, Infoworld and Infosecnirvana.com, they all seem to think that HP Arcsight is the way to go
Todd
Hi,
I disgree for SME installation since Q1 is usually on a large scale
installation. While expertise on the product is still needed including
integration with other security platforms.
Splunk/LogRythm is good for Network correlation only not focusing much on the
security area.
McAfee is ok for both SME and Enterprise whilst expertise should also be
considered as they have an easy and available tool for integration with their
ticketing system, IPS, and AV.
Hope this helps.
Cheers,
Lilet
Its is now an easy and clear answer.
It depends on the environment, the integration needed, and the staff expertise.
IBM is usually a better solution for large/very large installations and integration.
But it requires much more staff and skills.
But for smaller environments Splunk and LogRhytm is better.
McAfee is correctly rated against others.
So the answer is YES/AGREE for large installations.
And NO/DISAGREE for smaller ones.