This is a natural evolution of the market, says analyst Jon Oltsik, Enterprise Strategy Group. "All log management and SIEM (security information event management) solutions need to understand when it's a virtual or physical asset; they need to be able to support both." While most companies are entering the virtualization world through VMware, he says ESG is seeing a lot more use of Microsoft Hyper-V, Citrix XenServer and Oracle. "In the future companies will have multiple virtualization platforms. The fact that LogRhythm supports all of them is a plus."
The company's solution combines log management, SIEM and file integrity monitoring (FIM) into a scalable and integrated solution. LogRhythm also throws in enterprise-wide network and user monitoring with end-point awareness technology that independently and securely captures both host-based and user-related activity information in real-time. According to a recent Gartner report on SIEM,broad adoption is being driven by compliance and security needs.
In 2009 the number of Gartner inquiry calls from end-user clients with funded SIEM projects grew by more than 35 percent over 2008, and many vendors reported substantial increases in customers in 2009; however, revenue growth was less than 15 percent. The 20 vendors covered in the report included LogRhythm, CA, IBM and Symantec. Although Gartner cautions that LogRhythm is relatively new in supporting large enterprise deployments, its strengths include providing a balance of log management, reporting, event management, privileged user and file integrity monitoring to support security operations and compliance use cases.
The appliance format and configuration wizards allow for fast deployment with minimal resources. The predefined reports included with the product and the custom report creation features get good marks from users.