LogRhythm NextGen SIEM and SolarWinds Safety Occasions Supervisor present safety data and occasion administration instruments to customers who want to guarantee their organizational networks’ safety and digital units’ safety. Whereas each merchandise present SIEM capabilities, primarily based on my evaluation, I imagine that every platform is optimized for various audiences:
- LogRhythm: Greatest for mature corporations with deep safety wants and a devoted safety operations heart crew.
- SolarWinds: Greatest for smaller groups or these on the lookout for ease of reporting.
LogRhythm vs SolarWinds: Comparability desk
| Options | ||
|---|---|---|
| Pricing | ||
| Free trial | ||
| Actual-time monitoring | ||
| Logging | ||
| Analytics | ||
| Reporting | ||
| Menace administration | ||
| Incident response | ||
| Customization | ||
Pricing
LogRhythm
LogRhythm provides perpetual licensing and subscription-based pricing plans, however the firm doesn’t publicly disclose pricing data. I discovered the shortage of pricing data disappointing, particularly since LogRhythm doesn’t provide a free trial both. The licensing permits limitless customers and log sources, and might be run by way of the cloud, {hardware}, and digital machines. To get a precise quote on pricing, contact LogRhythm.
For extra data, take a look at our LogRhythm vs Splunk comparability and our information to adopting Splunk’s SIEM platform.
SEE: Every part You Must Know concerning the Malvertising Cybersecurity Menace (TechRepublic Premium)
SolarWinds
SolarWinds value begins at $2,992, with an choice to get a customized pricing plan. Customers can select from the perpetual licensing choice, which permits for indefinite license use, or the subscription-based mannequin. Whereas the price of subscription-based licensing is initially far lower than the price of buying the perpetual license, the long-term value is greater. A 30-day free trial is on the market from SolarWinds, which stood out to me since LogRhythm doesn’t provide a free trial.
LogRhythm vs SolarWinds: Characteristic comparability
Menace monitoring
LogRhythm displays the info and occasions of organizations to detect anomalies all through their networks and endpoints. The system collects safety information, log information, and stream information to offer holistic real-time visibility and efficient menace detection. The chance-based monitoring eliminates blind spots and identifies threats rapidly, so customers can reply to them earlier than they trigger extreme injury.
LogRhythm’s Endpoint Menace Detection Module makes use of menace intelligence, machine studying, and habits analytics to search out potential threats. I additionally appreciated that LogRhythm SIEM options a number of strategies for menace detection, together with figuring out irregular communication patterns, lateral motion, and adjustments to delicate recordsdata.
The SolarWinds SIEM resolution gives steady menace detection and real-time monitoring throughout customers’ units, companies, recordsdata, and folders with its on-premises and multicloud deployments. Its intuitive dashboard and consumer interface make navigating the instrument’s options straightforward for customers. The centralized repository collects log information with the SIEM log collector instrument, and uncooked community log information is organized and normalized for customers within the system.
This is among the principal causes we named it the only option for log aggregation on our listing of the greatest SIEM instruments. Moreover, I respect that SolarWinds options event-time correlation and superior search capabilities, that are helpful when conducting forensic evaluation and safety investigation.
Menace analytics
The LogRhythm NextGen SIEM platform makes use of multidimensional analytics to detect and cease safety threats. Information collected by the system is normalized and correlated to establish probably harmful exercise, which gives extra accuracy. I additionally favored that community site visitors and packet information are analyzed for patterns and behavioral outliers.
The behavioral evaluation options can course of customers’ exercise inside a community and establish deviations from regular baseline habits; that is made potential by means of machine studying and might help guarantee safety from insider entry abuse and information exfiltration. Moreover, the system permits for each contextual and unstructured searches.
SolarWinds SIEM processes information and occasions for indicators of safety threats. The occasion log analyzer collects and analyzes log information, offering customers perception with real-time visibility and context. Occasions are monitored to establish suspicious exercise, akin to permission adjustments and information modification. This information is then correlated by means of built-in and customized occasion correlation guidelines.
I respect the automated insights supplied by these SolarWinds options, which might be helpful in serving to customers and community directors diagnose system vulnerabilities, troubleshoot community issues, and enhance their useful resource administration.
Notifications
When a menace is detected, the LogRhythm SIEM platform notifies its customers primarily based on their settings and the occasion’s severity. The Alarming and Response Supervisor can notify customers when threats are detected or alert them of suspicious exercise. The LogRhythm DetectX resolution makes use of analytics to find out the prioritization of threats primarily based on their severity stage.
I additionally favored that the safety analytics might be custom-made, or fully developed by customers, in order that no notifications slip by means of the cracks. As well as, customers can combine their instruments with open-source or STIX/TAXII-compliant suppliers for much more alert precision.
SolarWinds lets customers set customized alerts or view SEM alert feeds, so they’re all the time conscious of safety threats. Customers can handle their programs to offer threshold-based alarms and notifications for safety system occasion stream triggers, system errors, IDS/IPS programs with an infection signs, crash stories, and so on.
I used to be additionally glad to see that its fine-tuned file integrity monitoring filters might be adjusted to make sure that solely high-priority, file-related occasions create stories. When safety occasions happen, or threats are recognized, SolarWinds Log & Occasion Supervisor can ship customers notifications by way of e mail.
Automation and response
LogRhythm SIEM displays organizational information and occasions for suspicious exercise and takes actions to attenuate the impression with its automated response options. Its embedded resolution, RespondX, can coordinate these response actions into repeatable processes to handle occasions rapidly and effectively.
I additionally favored that the instrument has preconfigured modules and stories, which implies that customers have full visibility into threats and considerations and by no means need to search out the data they should reply appropriately. Moreover, the platform provides playbooks for streamlining operational workflows.
As soon as the SolarWinds SIEM instrument identifies safety incidents and threats that require motion, it may well reply in numerous methods. Customers can set custom-made responses to flagged safety occasions or suspicious exercise by means of automation. This could embrace blocking or quarantining contaminated units, killing processes, restarting servers, logging off customers, and even disabling an agent’s entry to the community. I wish to see these computerized responses, as a result of it means you don’t need to depend on your IT crew manually addressing each single suspicious incident.
As well as, I respect that Energetic Response lets customers mitigate dangers with both customizable or preconfigured settings for a extra hands-off expertise. Customers can even set their notification choices to be alerted to important occasions.
LogRhythm execs and cons
Professionals
- Permits customers to match their safety and IT operations with established safety frameworks akin to MITRE ATT&CK and NIST.
- Simplifies the method of gathering and analyzing information from numerous sources by means of a centralized log administration system.
- Presents Person and Entity Conduct Analytics capabilities.
- Can automate repetitive duties with its embedded safety orchestration, automation, and response capabilities.
- Dietary supplements conventional log assortment with endpoint monitoring.
- Makes use of Machine Information Intelligence functionality to assist customers to contextualize and simplify advanced information.
Cons
- Pricing data isn’t publicly out there.
- The customization choices is likely to be slim when in comparison with different instruments.
- No free trial supplied.
SolarWinds execs and cons
Professionals
- Helps compliance reporting and audits for HIPAA, PCI DSS, SOX, and extra.
- Licensing value relies on the variety of log-emitting sources, not the log quantity.
- Permits customers to customise actions primarily based on menace intelligence findings.
- Can ship generated uncooked occasion log information in several codecs akin to CSV or by utilizing syslog protocols.
- Presents a 30-day free trial.
Cons
- Restricted AI and machine learning-enhanced capabilities.
- Restricted data on pricing.
Ought to your group use LogRhythm or SolarWinds?
For my part, LogRhythm provides a extra strong SIEM resolution with its superior AI and machine learning-backed menace detection and response capabilities. The answer makes menace detection workflows simpler as its SOAR characteristic is built-in into the dashboard. I like to recommend LogRhythm in case your group has advanced safety wants and operates a devoted SOC crew.
Alternatively, SolarWinds provides a extra primary and user-friendly interface design. Though it may well make it easier to monitor and handle safety occasions successfully and generate compliance stories, it’d lack a few of the superior options and customization choices present in LogRhythm. For that motive, I feel that SolarWinds is a better option for smaller organizations on the lookout for a easy SIEM instrument that’s extra user-friendly.
If you need extra basic steerage for choosing the proper SIEM instrument, see our SIEM purchaser’s information. And if you need readability on what SIEM instruments can and might’t do to guard your enterprise, take a look at our article explaining the six SIEM myths.
Methodology
I in contrast each SIEM options for this SolarWinds vs. LogRhythm assessment by consulting product documentation, demo movies, and consumer suggestions from respected assessment websites akin to Gartner Peer Insights. I thought of options akin to menace monitoring, menace analytics, notification settings, automation instruments, and incident response instruments. I additionally weighed different components akin to pricing, licensing choices, buyer assist, consumer interface design, and LogRhythm SIEM integrations vs. SolarWinds integrations.