LogRhythm NextGen SIEM and SolarWinds Safety Occasions Supervisor present safety info and occasion administration instruments to customers who want to guarantee their organizational networks’ safety and digital units’ safety. Whereas each merchandise present SIEM capabilities, based mostly on my evaluation, I consider that every platform is optimized for various audiences:
- LogRhythm: Finest for mature corporations with deep safety wants and a devoted safety operations middle group.
- SolarWinds: Finest for smaller groups or these on the lookout for ease of reporting.
LogRhythm vs SolarWinds: Comparability desk
| Options | ||
|---|---|---|
| Pricing | ||
| Free trial | ||
| Actual-time monitoring | ||
| Logging | ||
| Analytics | ||
| Reporting | ||
| Risk administration | ||
| Incident response | ||
| Customization | ||
Pricing
LogRhythm
LogRhythm affords perpetual licensing and subscription-based pricing plans, however the firm doesn’t publicly disclose pricing info. I discovered the shortage of pricing info disappointing, particularly since LogRhythm doesn’t provide a free trial both. The licensing permits limitless customers and log sources, and might be run through the cloud, {hardware}, and digital machines. To get a precise quote on pricing, contact LogRhythm.
For extra info, take a look at our LogRhythm vs Splunk comparability and our information to adopting Splunk’s SIEM platform.
SEE: All the things You Must Know in regards to the Malvertising Cybersecurity Risk (TechRepublic Premium)
SolarWinds
SolarWinds worth begins at $2,992, with an choice to get a customized pricing plan. Customers can select from the perpetual licensing choice, which permits for indefinite license use, or the subscription-based mannequin. Whereas the price of subscription-based licensing is initially far lower than the price of buying the perpetual license, the long-term price is larger. A 30-day free trial is offered from SolarWinds, which stood out to me since LogRhythm doesn’t provide a free trial.
LogRhythm vs SolarWinds: Function comparability
Risk monitoring
LogRhythm displays the information and occasions of organizations to detect anomalies all through their networks and endpoints. The system collects safety information, log information, and circulate information to supply holistic real-time visibility and efficient risk detection. The danger-based monitoring eliminates blind spots and identifies threats shortly, so customers can reply to them earlier than they trigger extreme injury.
LogRhythm’s Endpoint Risk Detection Module makes use of risk intelligence, machine studying, and conduct analytics to seek out potential threats. I additionally appreciated that LogRhythm SIEM options a number of strategies for risk detection, together with figuring out irregular communication patterns, lateral motion, and adjustments to delicate recordsdata.
The SolarWinds SIEM resolution offers steady risk detection and real-time monitoring throughout customers’ units, companies, recordsdata, and folders with its on-premises and multicloud deployments. Its intuitive dashboard and consumer interface make navigating the instrument’s options simple for customers. The centralized repository collects log information with the SIEM log collector instrument, and uncooked community log information is organized and normalized for customers within the system.
This is among the most important causes we named it the only option for log aggregation on our checklist of the greatest SIEM instruments. Moreover, I respect that SolarWinds options event-time correlation and superior search capabilities, that are useful when conducting forensic evaluation and safety investigation.
Risk analytics
The LogRhythm NextGen SIEM platform makes use of multidimensional analytics to detect and cease safety threats. Information collected by the system is normalized and correlated to establish probably harmful exercise, which offers extra accuracy. I additionally favored that community visitors and packet information are analyzed for patterns and behavioral outliers.
The behavioral evaluation options can course of customers’ exercise inside a community and establish deviations from regular baseline conduct; that is made potential by means of machine studying and will help guarantee safety from insider entry abuse and information exfiltration. Moreover, the system permits for each contextual and unstructured searches.
SolarWinds SIEM processes information and occasions for indicators of safety threats. The occasion log analyzer collects and analyzes log information, offering customers perception with real-time visibility and context. Occasions are monitored to establish suspicious exercise, similar to permission adjustments and information modification. This information is then correlated by means of built-in and customized occasion correlation guidelines.
I respect the automated insights supplied by these SolarWinds options, which might be useful in serving to customers and community directors diagnose system vulnerabilities, troubleshoot community issues, and enhance their useful resource administration.
Notifications
When a risk is detected, the LogRhythm SIEM platform notifies its customers based mostly on their settings and the occasion’s severity. The Alarming and Response Supervisor can notify customers when threats are detected or alert them of suspicious exercise. The LogRhythm DetectX resolution makes use of analytics to find out the prioritization of threats based mostly on their severity degree.
I additionally favored that the safety analytics might be custom-made, or solely developed by customers, in order that no notifications slip by means of the cracks. As well as, customers can combine their instruments with open-source or STIX/TAXII-compliant suppliers for much more alert precision.
SolarWinds lets customers set customized alerts or view SEM alert feeds, so they’re at all times conscious of safety threats. Customers can handle their programs to supply threshold-based alarms and notifications for safety system occasion stream triggers, system errors, IDS/IPS programs with an infection signs, crash experiences, and so on.
I used to be additionally glad to see that its fine-tuned file integrity monitoring filters might be adjusted to make sure that solely high-priority, file-related occasions create experiences. When safety occasions happen, or threats are recognized, SolarWinds Log & Occasion Supervisor can ship customers notifications through electronic mail.
Automation and response
LogRhythm SIEM displays organizational information and occasions for suspicious exercise and takes actions to reduce the impression with its automated response options. Its embedded resolution, RespondX, can coordinate these response actions into repeatable processes to handle occasions shortly and effectively.
I additionally favored that the instrument has preconfigured modules and experiences, which implies that customers have full visibility into threats and considerations and by no means need to seek out the knowledge they should reply appropriately. Moreover, the platform affords playbooks for streamlining operational workflows.
As soon as the SolarWinds SIEM instrument identifies safety incidents and threats that require motion, it could possibly reply in numerous methods. Customers can set custom-made responses to flagged safety occasions or suspicious exercise by means of automation. This could embrace blocking or quarantining contaminated units, killing processes, restarting servers, logging off customers, and even disabling an agent’s entry to the community. I wish to see these computerized responses, as a result of it means you don’t need to depend on your IT group manually addressing each single suspicious incident.
As well as, I respect that Lively Response lets customers mitigate dangers with both customizable or preconfigured settings for a extra hands-off expertise. Customers may set their notification choices to be alerted to important occasions.
LogRhythm execs and cons
Execs
- Permits customers to match their safety and IT operations with established safety frameworks similar to MITRE ATT&CK and NIST.
- Simplifies the method of accumulating and analyzing information from numerous sources by means of a centralized log administration system.
- Provides Consumer and Entity Habits Analytics capabilities.
- Can automate repetitive duties with its embedded safety orchestration, automation, and response capabilities.
- Dietary supplements conventional log assortment with endpoint monitoring.
- Makes use of Machine Information Intelligence functionality to assist customers to contextualize and simplify advanced information.
Cons
- Pricing info isn’t publicly obtainable.
- The customization choices is perhaps slender when in comparison with different instruments.
- No free trial supplied.
SolarWinds execs and cons
Execs
- Helps compliance reporting and audits for HIPAA, PCI DSS, SOX, and extra.
- Licensing price relies on the variety of log-emitting sources, not the log quantity.
- Permits customers to customise actions based mostly on risk intelligence findings.
- Can ship generated uncooked occasion log information in numerous codecs similar to CSV or by utilizing syslog protocols.
- Provides a 30-day free trial.
Cons
- Restricted AI and machine learning-enhanced capabilities.
- Restricted info on pricing.
Ought to your group use LogRhythm or SolarWinds?
For my part, LogRhythm affords a extra sturdy SIEM resolution with its superior AI and machine learning-backed risk detection and response capabilities. The answer makes risk detection workflows simpler as its SOAR characteristic is built-in into the dashboard. I like to recommend LogRhythm in case your group has advanced safety wants and operates a devoted SOC group.
However, SolarWinds affords a extra primary and user-friendly interface design. Though it could possibly allow you to monitor and handle safety occasions successfully and generate compliance experiences, it’d lack a number of the superior options and customization choices present in LogRhythm. For that motive, I believe that SolarWinds is a better option for smaller organizations on the lookout for a easy SIEM instrument that’s extra user-friendly.
If you need extra common steerage for choosing the proper SIEM instrument, see our SIEM purchaser’s information. And in order for you readability on what SIEM instruments can and may’t do to guard your online business, take a look at our article explaining the six SIEM myths.
Methodology
I in contrast each SIEM options for this SolarWinds vs. LogRhythm evaluate by consulting product documentation, demo movies, and consumer suggestions from respected evaluate websites similar to Gartner Peer Insights. I thought of options similar to risk monitoring, risk analytics, notification settings, automation instruments, and incident response instruments. I additionally weighed different elements similar to pricing, licensing choices, buyer assist, consumer interface design, and LogRhythm SIEM integrations vs. SolarWinds integrations.
