LogRhythm NextGen SIEM and SolarWinds Safety Occasions Supervisor present safety data and occasion administration instruments to customers who want to guarantee their organizational networks’ safety and digital units’ safety. Whereas each merchandise present SIEM capabilities, primarily based on my evaluation, I consider that every platform is optimized for various audiences:
- LogRhythm: Greatest for mature firms with deep safety wants and a devoted safety operations middle workforce.
- SolarWinds: Greatest for smaller groups or these in search of ease of reporting.
LogRhythm vs SolarWinds: Comparability desk
| Options | ||
|---|---|---|
| Pricing | ||
| Free trial | ||
| Actual-time monitoring | ||
| Logging | ||
| Analytics | ||
| Reporting | ||
| Menace administration | ||
| Incident response | ||
| Customization | ||
Pricing
LogRhythm
LogRhythm provides perpetual licensing and subscription-based pricing plans, however the firm doesn’t publicly disclose pricing data. I discovered the dearth of pricing data disappointing, particularly since LogRhythm doesn’t provide a free trial both. The licensing permits limitless customers and log sources, and may be run through the cloud, {hardware}, and digital machines. To get an actual quote on pricing, contact LogRhythm.
For extra data, try our LogRhythm vs Splunk comparability and our information to adopting Splunk’s SIEM platform.
SEE: Every part You Have to Know concerning the Malvertising Cybersecurity Menace (TechRepublic Premium)
SolarWinds
SolarWinds worth begins at $2,992, with an choice to get a customized pricing plan. Customers can select from the perpetual licensing choice, which permits for indefinite license use, or the subscription-based mannequin. Whereas the price of subscription-based licensing is initially far lower than the price of buying the perpetual license, the long-term price is larger. A 30-day free trial is accessible from SolarWinds, which stood out to me since LogRhythm doesn’t provide a free trial.
LogRhythm vs SolarWinds: Characteristic comparability
Menace monitoring
LogRhythm displays the info and occasions of organizations to detect anomalies all through their networks and endpoints. The system collects safety information, log information, and movement information to supply holistic real-time visibility and efficient risk detection. The chance-based monitoring eliminates blind spots and identifies threats rapidly, so customers can reply to them earlier than they trigger extreme injury.
LogRhythm’s Endpoint Menace Detection Module makes use of risk intelligence, machine studying, and habits analytics to seek out potential threats. I additionally appreciated that LogRhythm SIEM options a number of strategies for risk detection, together with figuring out irregular communication patterns, lateral motion, and adjustments to delicate recordsdata.
The SolarWinds SIEM resolution offers steady risk detection and real-time monitoring throughout customers’ units, companies, recordsdata, and folders with its on-premises and multicloud deployments. Its intuitive dashboard and person interface make navigating the instrument’s options straightforward for customers. The centralized repository collects log information with the SIEM log collector instrument, and uncooked community log information is organized and normalized for customers within the system.
This is among the fundamental causes we named it the only option for log aggregation on our listing of the finest SIEM instruments. Moreover, I respect that SolarWinds options event-time correlation and superior search capabilities, that are useful when conducting forensic evaluation and safety investigation.
Menace analytics
The LogRhythm NextGen SIEM platform makes use of multidimensional analytics to detect and cease safety threats. Knowledge collected by the system is normalized and correlated to determine doubtlessly harmful exercise, which offers extra accuracy. I additionally preferred that community site visitors and packet information are analyzed for patterns and behavioral outliers.
The behavioral evaluation options can course of customers’ exercise inside a community and determine deviations from regular baseline habits; that is made doable by machine studying and may also help guarantee safety from insider entry abuse and information exfiltration. Moreover, the system permits for each contextual and unstructured searches.
SolarWinds SIEM processes information and occasions for indicators of safety threats. The occasion log analyzer collects and analyzes log information, offering customers perception with real-time visibility and context. Occasions are monitored to determine suspicious exercise, comparable to permission adjustments and information modification. This information is then correlated by built-in and customized occasion correlation guidelines.
I respect the automated insights supplied by these SolarWinds options, which may be useful in serving to customers and community directors diagnose system vulnerabilities, troubleshoot community issues, and enhance their useful resource administration.
Notifications
When a risk is detected, the LogRhythm SIEM platform notifies its customers primarily based on their settings and the occasion’s severity. The Alarming and Response Supervisor can notify customers when threats are detected or alert them of suspicious exercise. The LogRhythm DetectX resolution makes use of analytics to find out the prioritization of threats primarily based on their severity stage.
I additionally preferred that the safety analytics may be custom-made, or fully developed by customers, in order that no notifications slip by the cracks. As well as, customers can combine their instruments with open-source or STIX/TAXII-compliant suppliers for much more alert precision.
SolarWinds lets customers set customized alerts or view SEM alert feeds, so they’re at all times conscious of safety threats. Customers can handle their programs to supply threshold-based alarms and notifications for safety system occasion stream triggers, system errors, IDS/IPS programs with an infection signs, crash studies, and so on.
I used to be additionally glad to see that its fine-tuned file integrity monitoring filters may be adjusted to make sure that solely high-priority, file-related occasions create studies. When safety occasions happen, or threats are recognized, SolarWinds Log & Occasion Supervisor can ship customers notifications through e mail.
Automation and response
LogRhythm SIEM displays organizational information and occasions for suspicious exercise and takes actions to attenuate the influence with its automated response options. Its embedded resolution, RespondX, can coordinate these response actions into repeatable processes to handle occasions rapidly and effectively.
I additionally preferred that the instrument has preconfigured modules and studies, which implies that customers have full visibility into threats and considerations and by no means need to search out the knowledge they should reply appropriately. Moreover, the platform provides playbooks for streamlining operational workflows.
As soon as the SolarWinds SIEM instrument identifies safety incidents and threats that require motion, it may reply in varied methods. Customers can set custom-made responses to flagged safety occasions or suspicious exercise by automation. This may embrace blocking or quarantining contaminated units, killing processes, restarting servers, logging off customers, and even disabling an agent’s entry to the community. I wish to see these computerized responses, as a result of it means you don’t need to depend on your IT workforce manually addressing each single suspicious incident.
As well as, I respect that Lively Response lets customers mitigate dangers with both customizable or preconfigured settings for a extra hands-off expertise. Customers may set their notification choices to be alerted to important occasions.
LogRhythm professionals and cons
Professionals
- Permits customers to match their safety and IT operations with established safety frameworks comparable to MITRE ATT&CK and NIST.
- Simplifies the method of gathering and analyzing information from varied sources by a centralized log administration system.
- Gives Consumer and Entity Habits Analytics capabilities.
- Can automate repetitive duties with its embedded safety orchestration, automation, and response capabilities.
- Dietary supplements conventional log assortment with endpoint monitoring.
- Makes use of Machine Knowledge Intelligence functionality to assist customers to contextualize and simplify complicated information.
Cons
- Pricing data isn’t publicly out there.
- The customization choices is likely to be slender when in comparison with different instruments.
- No free trial supplied.
SolarWinds professionals and cons
Professionals
- Helps compliance reporting and audits for HIPAA, PCI DSS, SOX, and extra.
- Licensing price relies on the variety of log-emitting sources, not the log quantity.
- Permits customers to customise actions primarily based on risk intelligence findings.
- Can ship generated uncooked occasion log information in several codecs comparable to CSV or by utilizing syslog protocols.
- Gives a 30-day free trial.
Cons
- Restricted AI and machine learning-enhanced capabilities.
- Restricted data on pricing.
Ought to your group use LogRhythm or SolarWinds?
In my view, LogRhythm provides a extra strong SIEM resolution with its superior AI and machine learning-backed risk detection and response capabilities. The answer makes risk detection workflows simpler as its SOAR characteristic is built-in into the dashboard. I like to recommend LogRhythm in case your group has complicated safety wants and operates a devoted SOC workforce.
However, SolarWinds provides a extra primary and user-friendly interface design. Though it may assist you to monitor and handle safety occasions successfully and generate compliance studies, it would lack a number of the superior options and customization choices present in LogRhythm. For that motive, I feel that SolarWinds is a more sensible choice for smaller organizations in search of a easy SIEM instrument that’s extra user-friendly.
If you would like extra normal steering for selecting the best SIEM instrument, see our SIEM purchaser’s information. And if you would like readability on what SIEM instruments can and may’t do to guard what you are promoting, try our article explaining the six SIEM myths.
Methodology
I in contrast each SIEM options for this SolarWinds vs. LogRhythm evaluation by consulting product documentation, demo movies, and person suggestions from respected evaluation websites comparable to Gartner Peer Insights. I thought-about options comparable to risk monitoring, risk analytics, notification settings, automation instruments, and incident response instruments. I additionally weighed different components comparable to pricing, licensing choices, buyer help, person interface design, and LogRhythm SIEM integrations vs. SolarWinds integrations.
