LogRhythm NextGen SIEM and SolarWinds Safety Occasions Supervisor present safety info and occasion administration instruments to customers who want to guarantee their organizational networks’ safety and digital gadgets’ safety. Whereas each merchandise present SIEM capabilities, primarily based on my evaluation, I consider that every platform is optimized for various audiences:
- LogRhythm: Greatest for mature firms with deep safety wants and a devoted safety operations middle workforce.
- SolarWinds: Greatest for smaller groups or these in search of ease of reporting.
1
ManageEngine Log360
Staff per Firm Dimension
Micro (0-49), Small (50-249), Medium (250-999), Massive (1,000-4,999), Enterprise (5,000+)
Micro (0-49 Staff), Small (50-249 Staff), Medium (250-999 Staff), Massive (1,000-4,999 Staff), Enterprise (5,000+ Staff)
Micro, Small, Medium, Massive, Enterprise
Options
Exercise Monitoring, Blacklisting, Dashboard, and extra
LogRhythm vs SolarWinds: Comparability desk
| Options | ||
|---|---|---|
| Pricing | ||
| Free trial | ||
| Actual-time monitoring | ||
| Logging | ||
| Analytics | ||
| Reporting | ||
| Risk administration | ||
| Incident response | ||
| Customization | ||
Pricing
LogRhythm
LogRhythm presents perpetual licensing and subscription-based pricing plans, however the firm doesn’t publicly disclose pricing info. I discovered the shortage of pricing info disappointing, particularly since LogRhythm doesn’t supply a free trial both. The licensing permits limitless customers and log sources, and might be run through the cloud, {hardware}, and digital machines. To get an actual quote on pricing, contact LogRhythm.
For extra info, take a look at our LogRhythm vs Splunk comparability and our information to adopting Splunk’s SIEM platform.
SEE: Every little thing You Have to Know in regards to the Malvertising Cybersecurity Risk (TechRepublic Premium)
SolarWinds
SolarWinds value begins at $2,992, with an choice to get a customized pricing plan. Customers can select from the perpetual licensing possibility, which permits for indefinite license use, or the subscription-based mannequin. Whereas the price of subscription-based licensing is initially far lower than the price of buying the perpetual license, the long-term price is increased. A 30-day free trial is offered from SolarWinds, which stood out to me since LogRhythm doesn’t supply a free trial.
LogRhythm vs SolarWinds: Function comparability
Risk monitoring
LogRhythm displays the info and occasions of organizations to detect anomalies all through their networks and endpoints. The system collects safety knowledge, log knowledge, and move knowledge to supply holistic real-time visibility and efficient risk detection. The danger-based monitoring eliminates blind spots and identifies threats shortly, so customers can reply to them earlier than they trigger extreme harm.
LogRhythm’s Endpoint Risk Detection Module makes use of risk intelligence, machine studying, and conduct analytics to seek out potential threats. I additionally appreciated that LogRhythm SIEM options a number of strategies for risk detection, together with figuring out irregular communication patterns, lateral motion, and adjustments to delicate information.
The SolarWinds SIEM resolution supplies steady risk detection and real-time monitoring throughout customers’ gadgets, providers, information, and folders with its on-premises and multicloud deployments. Its intuitive dashboard and person interface make navigating the software’s options straightforward for customers. The centralized repository collects log knowledge with the SIEM log collector software, and uncooked community log knowledge is organized and normalized for customers within the system.
This is among the most important causes we named it the only option for log aggregation on our checklist of the perfect SIEM instruments. Moreover, I respect that SolarWinds options event-time correlation and superior search capabilities, that are helpful when conducting forensic evaluation and safety investigation.
Risk analytics
The LogRhythm NextGen SIEM platform makes use of multidimensional analytics to detect and cease safety threats. Information collected by the system is normalized and correlated to establish probably harmful exercise, which supplies extra accuracy. I additionally preferred that community visitors and packet knowledge are analyzed for patterns and behavioral outliers.
The behavioral evaluation options can course of customers’ exercise inside a community and establish deviations from regular baseline conduct; that is made potential by way of machine studying and can assist guarantee safety from insider entry abuse and knowledge exfiltration. Moreover, the system permits for each contextual and unstructured searches.
SolarWinds SIEM processes knowledge and occasions for indicators of safety threats. The occasion log analyzer collects and analyzes log knowledge, offering customers perception with real-time visibility and context. Occasions are monitored to establish suspicious exercise, comparable to permission adjustments and knowledge modification. This knowledge is then correlated by way of built-in and customized occasion correlation guidelines.
I respect the automated insights provided by these SolarWinds options, which might be helpful in serving to customers and community directors diagnose system vulnerabilities, troubleshoot community issues, and enhance their useful resource administration.
Notifications
When a risk is detected, the LogRhythm SIEM platform notifies its customers primarily based on their settings and the occasion’s severity. The Alarming and Response Supervisor can notify customers when threats are detected or alert them of suspicious exercise. The LogRhythm DetectX resolution makes use of analytics to find out the prioritization of threats primarily based on their severity degree.
I additionally preferred that the safety analytics might be personalized, or completely developed by customers, in order that no notifications slip by way of the cracks. As well as, customers can combine their instruments with open-source or STIX/TAXII-compliant suppliers for much more alert precision.
SolarWinds lets customers set customized alerts or view SEM alert feeds, so they’re at all times conscious of safety threats. Customers can handle their techniques to supply threshold-based alarms and notifications for safety system occasion stream triggers, system errors, IDS/IPS techniques with an infection signs, crash studies, and so on.
I used to be additionally glad to see that its fine-tuned file integrity monitoring filters might be adjusted to make sure that solely high-priority, file-related occasions create studies. When safety occasions happen, or threats are recognized, SolarWinds Log & Occasion Supervisor can ship customers notifications through e-mail.
Automation and response
LogRhythm SIEM displays organizational knowledge and occasions for suspicious exercise and takes actions to attenuate the influence with its automated response options. Its embedded resolution, RespondX, can coordinate these response actions into repeatable processes to handle occasions shortly and effectively.
I additionally preferred that the software has preconfigured modules and studies, which signifies that customers have full visibility into threats and considerations and by no means must search out the knowledge they should reply appropriately. Moreover, the platform presents playbooks for streamlining operational workflows.
As soon as the SolarWinds SIEM software identifies safety incidents and threats that require motion, it could possibly reply in numerous methods. Customers can set personalized responses to flagged safety occasions or suspicious exercise by way of automation. This could embrace blocking or quarantining contaminated gadgets, killing processes, restarting servers, logging off customers, and even disabling an agent’s entry to the community. I prefer to see these automated responses, as a result of it means you don’t must depend on your IT workforce manually addressing each single suspicious incident.
As well as, I respect that Lively Response lets customers mitigate dangers with both customizable or preconfigured settings for a extra hands-off expertise. Customers also can set their notification choices to be alerted to important occasions.
LogRhythm professionals and cons
Execs
- Permits customers to match their safety and IT operations with established safety frameworks comparable to MITRE ATT&CK and NIST.
- Simplifies the method of accumulating and analyzing knowledge from numerous sources by way of a centralized log administration system.
- Affords Consumer and Entity Conduct Analytics capabilities.
- Can automate repetitive duties with its embedded safety orchestration, automation, and response capabilities.
- Dietary supplements conventional log assortment with endpoint monitoring.
- Makes use of Machine Information Intelligence functionality to assist customers to contextualize and simplify complicated knowledge.
Cons
- Pricing info isn’t publicly out there.
- The customization choices is perhaps slender when in comparison with different instruments.
- No free trial provided.
SolarWinds professionals and cons
Execs
- Helps compliance reporting and audits for HIPAA, PCI DSS, SOX, and extra.
- Licensing price relies on the variety of log-emitting sources, not the log quantity.
- Permits customers to customise actions primarily based on risk intelligence findings.
- Can ship generated uncooked occasion log knowledge in numerous codecs comparable to CSV or by utilizing syslog protocols.
- Affords a 30-day free trial.
Cons
- Restricted AI and machine learning-enhanced capabilities.
- Restricted info on pricing.
Ought to your group use LogRhythm or SolarWinds?
For my part, LogRhythm presents a extra strong SIEM resolution with its superior AI and machine learning-backed risk detection and response capabilities. The answer makes risk detection workflows simpler as its SOAR characteristic is built-in into the dashboard. I like to recommend LogRhythm in case your group has complicated safety wants and operates a devoted SOC workforce.
Then again, SolarWinds presents a extra fundamental and user-friendly interface design. Though it could possibly enable you monitor and handle safety occasions successfully and generate compliance studies, it’d lack among the superior options and customization choices present in LogRhythm. For that cause, I feel that SolarWinds is a better option for smaller organizations in search of a easy SIEM software that’s extra user-friendly.
In order for you extra common steering for choosing the proper SIEM software, see our SIEM purchaser’s information. And if you would like readability on what SIEM instruments can and might’t do to guard your online business, take a look at our article explaining the six SIEM myths.
Methodology
I in contrast each SIEM options for this SolarWinds vs. LogRhythm overview by consulting product documentation, demo movies, and person suggestions from respected overview websites comparable to Gartner Peer Insights. I thought of options comparable to risk monitoring, risk analytics, notification settings, automation instruments, and incident response instruments. I additionally weighed different elements comparable to pricing, licensing choices, buyer help, person interface design, and LogRhythm SIEM integrations vs. SolarWinds integrations.
