Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Big Data and Analytics
    • Big Data and Analytics
    • Cloud
    • Cybersecurity
    • IT Management

    Splunk vs. LogRhythm: SIEM Head-to-Head

    Written by

    Chris Preimesberger
    Published July 2, 2019
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Download our free SIEM Vendor Report based on nearly 300 real user experiences with the top SIEM products in the marketplace.

      SIEM Defined: SIEM, the modern tools of which have been in existence for about a dozen years, is an approach to security management that combines the SIM (security information management) and SEM (security event management) functions into one security management system. SIM collects, analyzes and reports on log data; SEM analyzes log and event data in real time to provide threat monitoring, event correlation and incident response. Due to its 24/7, real-time nature, SIEM is now a required technology for large enterprises.

      Both SIM and SEM functions provide on-demand analysis of security alerts generated by applications and network hardware. Security providers that can combine these two functions are in the inside lane for new business. Key features for enterprise SIEM include ingestion of data from multiple sources; interpretation of data; incorporation of threat intelligence feeds; alert correlation; analytics; profiling; automation; and summation of potential threats.

      LogRhythm vs. Splunk: Two Worthy Competitors

      If you’re an IT manager seeking a reliable SIEM package, both LogRhythm and Splunk have a great deal to offer. Both have loyal support from customers and good-to-excellent reviews from industry analysts.

      Nonetheless, while LogRhythm provides an integrated user experience with a support team that consistently gets A-level reviews, the platform comes with a relatively steep learning curve and really is designed for experienced security administrators. On the other side, Splunk is highly customizable, and, as always, you get what you pay for: Some users have expressed frustration with the cost of implementation.

      Here is a face-to-face compilation of pros and cons for two excellent SIEM tools: LogRhythm and Splunk.

      LogRhythm SIEM

      What LogRhythm Brings to the Table: LogRhythm’s SIEM toolset is designed for midrange or large organizations and consists of a fully featured platform used to build a corporate-wide threat detection and response system. LogRhythm’s SIEM package combines everything into a so-called single pane of glass controller: enterprise log management, security analytics, user entity and behavioral analytics (UEBA), network traffic and behavioral analytics (NTBA) and security automation and orchestration. The product is built on a machine analytics/data lake technology foundation designed to scale with each workload, and it has an open platform that enables integration with enterprise security and IT infrastructure.

      LogRhythm users in various reviews have said the most valuable feature of the solution is its ability to correlate logs throughout many different log sources. The company’s support team also gets rave reviews.

      Key Reasons to Consider LogRhythm:

      • LogRhythm offers a versatile and extensive SIEM platform with optional pre-set configurations for a wide selection of use cases. Thus admins can pick the one closest to their own use case and fine-tune it when handling installation.
      • LogRhythm is a great fit for companies seeking a contained platform that includes core SIEM functionality as well as complementary host and network monitoring capabilities. The product is also a match for organizations that need to monitor the security of their ICS/SCADA or OT environments, or that want to merge security event monitoring of IT and OT environments.
      • LogRhythm includes effective support for network data monitoring, with a large number of application-flow signatures to parse flow data.

      How LogRhythm is Deployed:

      • LogRhythm SIEM is available as hardware virtual appliances and software packages based on the customer’s event velocity (number of EPS across the data sources in scope). Deployments can be on premises, cloud or hybrid. Third-party providers offer fully hosted and managed solutions.

      How LogRhythm’s Pricing Works:

      • Pricing for additional components in the LogRhythm Security Intelligence Platform depends on their respective metrics (e.g., number of data flows).

      To Take Under Advisement:

      • Be aware that LogRhythm doesn’t have an app store like Splunk, IBM and others do.
      • Gartner researchers report that while LogRhythm does have a partner program to help facilitate custom integrations, LogRhythm’s APIs are less amenable to third partners. In the same vein, Gartner believes companies with third-party threat intelligence feeds should be sure to first confirm support with LogRhythm, because it supports a limited number of feeds off the top. Services can add other implementations, but it comes at an additional cost.
      • The research firm also reported that some customers have expressed concerns about LogRhythm’s ability to scale to support very high event volume environments. Experts advise that potential buyers should first validate LogRhythm’s ability to support their workload use-case volumes.

      Who uses it: midrange to large enterprises
      How it is deployed: options for subscription cloud service, virtual appliance, physical servers
      eWEEK aggregate score: 4.7/5.0

      Splunk Security Portfolio

      What Splunk Brings to the Table: Splunk’s SIEM system is highly rated and popular among IT managers and developers. Enterprises looking at SIEM solutions that can share architecture and vendor management across SIEM and use cases are good customers for Splunk. Those seeking a scalable solution with a full range of options from basic log management through advanced analytics and response, also should evaluate Splunk. The company’s Security Operations Suite is composed of Splunk Enterprise and added three packages: Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA) and Splunk Phantom.

      Splunk Enterprise provides event and data collection, search and visualizations for various uses in IT operations and some security use cases. The premium ES solution delivers most of the security-monitoring-specific capabilities, including security-specific queries, visualizations and dashboards, and some case management, workflow and incident response capabilities.

      Organizations seeking SIEM solutions that can share architecture and vendor management across SIEM and other IT use cases, and seeking a scalable solution with a full range of options from basic log management through advanced analytics and response, should consider Splunk.

      Splunk’s security portfolio has been ranked as a leading technology for six consecutive years by Gartner Research; this is not a trivial accomplishment. The platform helps customers to optimize their security nerve centers and address a wide range of security monitoring and threat-detection use cases.

      Key Reasons to Consider Splunk:

      • Splunk provides a full suite of singularly controlled security event management solutions that enable users to grow into the platform over time. This starts with Core, then adds ES and UBA; Splunk’s app store uses the company’s large partner ecosystem to provide a wide range of integration and Splunk-specific content.
      • Splunk’s Security Operations Suite is centrally run and has an intuitive user interface. The platform is composed of Splunk Enterprise and three solutions: Splunk Enterprise Security (ES), Splunk User Behavior Analytics (UBA) and Splunk Phantom. Splunk Enterprise provides event and data collection, search, and visualizations for various uses in IT operations and some security use cases.
      • The vendor has a strong ecosystem of technology integrations available in the Splunk application marketplace, although users of other technologies that compete with Splunk (for example, in the user analytics space) should validate the depth of integration.
      • Splunk’s premium ES solution delivers most of the security-monitoring-specific capabilities, including security-specific queries, visualizations and dashboards, and some case management, workflow and incident response capabilities. UBA adds ML-driven, advanced analytics. Phantom provides SOAR capabilities. Additional apps for security use cases are available through Splunkbase.
      • Splunk’s offerings provide organizations with multiple entry points into security monitoring with a path that can start with basic event collection and simple use cases with Splunk Enterprise through to richer SIEM functionality with ES, more advanced analytics with UBA and SOAR capabilities with Phantom.
      • PII protection features are strong; obfuscation and PII masking are supported down to the field level, and can be applied based on user identities, locations and other characteristics.

      How Splunk is Deployed:

      • Splunk Cloud is a company-hosted and -operated SaaS solution using AWS infrastructure. Splunk Enterprise and Splunk Cloud components consist of Universal Forwarders, Indexers and Search Heads supporting n-tier architectures. Also available as serverware.

      How Splunk’s Pricing Works:

      • Splunk’s licenses are based on the amount of data ingested into the platform, with pricing discounts for DNS and NetFlow data. ES is also licensed by gigabytes per day, whereas UBA is licensed by the number of user accounts in an organization, and all these are available either as perpetual or term licenses, with various options for enterprisewide pricing and true-ups. Phantom is priced by the number of events on which users take action.

      To Take Under Advisement:

      • Splunk doesn’t offer an appliance version of the solution, so companies that want an on-premises appliance will have to work with a partner that can provide integration on supported hardware. Gartner clients have also expressed concerns about Splunk’s licensing model and the overall cost of implementation; Splunk has introduced new licensing options to address those concerns.
      • In another example of “you generally get what you pay for,” Splunk is generally more expensive than its competitors. Customers and prospective buyers tend to express concerns about pricing models and total cost. The addition of Phantom, and the introduction of the “nerve center” concept (separate SIEM, UBA and SOAR products), results in three pricing models with different measurement approaches.
      • Splunk UBA is an on-premises or customer cloud-only solution at this point, which can create friction with Splunk Cloud customers wishing to remain in a SaaS model.
      • Splunk has no native agent support for FIM or EDR, although there are integrations with numerous third-party solutions.

      Who uses it: midrange to large enterprises
      How it is deployed: options for subscription cloud service, physical servers
      eWEEK aggregate score: 4.8/5.0

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×