We performed a comparison between Cybereason Endpoint Detection & Response and LogRhythm SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR)."Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The price is low and quite competitive with others."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet is very user-friendly for customers."
"The initial setup process is straightforward."
"The interface is user-friendly."
"They do a very good job of providing multi-stage visualizations of malicious operations that immediately show all attack details across all devices and users. Since it is MalOp-centric model, you can see if there has been a similar operation across multiple machines. If it is the same thing appearing on multiple machines, you see all the machines and users affected in one screen."
"The initial setup is not overly complicated."
"It gives all the information in a clear response."
"The initial setup was easy and straightforward."
"I haven't had any issues with the solution. Stability-wise, I rate the solution a ten out of ten."
"The most valuable feature is the capability of the command used by the machine so that we see the kind of performance that is running."
"I would say the most valuable feature of LogRhythm is that it has built-in UEBA functionality, among other basic Windows packages."
"In terms of security, LogRhythm NextGen SIEM is great."
"The most valuable features of the solution are network monitoring, user behavior analytics, and log collection."
"Our clients enjoy having one dashboard to monitor their environments in real time."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"Automations are very valuable. It provides the ability to automate some of our small use cases. The ability to integrate with other products that use an API is also very useful. LogRhythm has a plugin for it that we can connect and start to move down towards the path of a single pane of glass instead of having multiple or different tools."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"Cannot be used on mobile devices with a secure connection."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"We find the solution to be a bit expensive."
"The solution is not user-friendly."
"Intelligence aspects need improvement"
"The network coverage becomes an issue most of the time."
"Compared to our previous endpoint, we have a lot more false positives and a lot more duplication of alerts. So we're chasing more alerts."
"Cybereason does not have sandbox functionality."
"It should be more stable, and the sensor needs improvement in terms of connectivity."
"Ad hoc higher-level reporting to senior management can be improved or can be implemented. That's definitely an area of improvement that they need to focus on."
"The deployment on individual endpoints is more geared toward larger organizations. It might prove to be a bit too complicated for a smaller organization. You need to know what you're doing when you're deploying the sensor."
"It initially took some time to deploy."
"There can be problems with the EDI."
"It is a product that is very hard to use."
"I would like a more fuller implementation of STIX/TAXII so I can pull in some of the government lists without having to go implement a whole new STIX/TAXII platform."
"There used to be the ability to create alarms based on message text that was included in LR Version 6.x that has been removed in LogRhythm 7.x, and on that, I would like to see it added back."
"Stability has probably been one area where Health Checks have not been great with the product. We have been told that they are going to improve Health Checks on product, though we do struggle with them on a daily basis."
"Sometimes the error-logging is not altogether helpful. For example, on an upgrade, a systems data processor, a Windows box, was throwing an error code like 1083. Then it just stopped and it died right out of the installer and nobody looked. We searched through Google and what it means is the Windows Firewall wasn't turned on so that it could create a rule for the product. Why wouldn't they bubble up that description so that I wouldn't have to call support and I could just know, "Okay, the firewall wasn't turned on. Turn it back on. Re-run the installer and keep going.""
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"We have run into problems with stability going through upgrade processes. Recently, we have been on the front edge of the upgrade path. When that happens we tend to run into issues either with certain functionality not working after the upgrades or stability issues because of the upgrades."
"I think they probably need to, because a lot of companies are having this cloud-first strategy, where anything that's new has to go into the cloud for some reason."
More Cybereason Endpoint Detection & Response Pricing and Cost Advice →
Cybereason Endpoint Detection & Response is ranked 36th in Endpoint Detection and Response (EDR) with 19 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Cybereason Endpoint Detection & Response is rated 8.0, while LogRhythm SIEM is rated 8.4. The top reviewer of Cybereason Endpoint Detection & Response writes "It has helped us become more knowledgeable about our environment and aware of threats". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Cybereason Endpoint Detection & Response is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Darktrace, Cortex XDR by Palo Alto Networks and Splunk Enterprise Security, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Microsoft Sentinel.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.