2022 Magic Quadrant™ for SIEM released by Gartner® — LogRhythm Responds with New Cloud-Native Offering 

2022 Gartner Magic Quadrant for SIEM graphic

The 2022 Gartner Magic Quadrant for Security Information and Event Management (SIEM) report is out, and LogRhythm is recognized as a Challenger. Gartner based its criteria on products that were generally available by Feb. 1, 2022. Back in February, LogRhythm did not have a cloud-native SaaS platform, but a lot has changed since then.

On Oct. 3, we introduced our new, cloud-native security operations platform to the market — LogRhythm Axon. Unlike other vendors in the market, we didn’t just add on to or simply put a new name on an existing product. We’ve built LogRhythm Axon from the ground up with the latest, proven cloud-native technologies. This announcement reflects our response to customer and market demands and our ongoing promise to solve security challenges that customers face every day.

LogRhythm Axon, our new cloud-native security operations platform

Security teams want to focus on efficiency and identifying security activities that pose the biggest threats to their organization. This is where Axon shines. While the initial launch of LogRhythm Axon focuses on log management, we have a broad vision for our platform. As we continue to expand Axon with advanced security analytics, threat detection, and response, Axon will seamlessly evolve into a full cloud-native security operations platform.

A trusted security partner

We’re a mature and trusted security vendor with almost 20 years of experience in delivering a robust product offering. A vendor’s Ability to Execute is based on multiple factors including, but not limited to its Overall Viability, Market Responsiveness, Product/Service, Sales Execution, and Customer Experience. Our team has been investing energy and resources into the LogRhythm SIEM Platform for years. We know security and having the best security partners matter, absolutely, when playing to win in the digital age.

Beyond SIEM, adapting to the changing threat landscape  

As cybersecurity threats continue to evolve and increase in complexity, your needs are changing. Beyond SIEM, you also require robust detection and response capabilities that include user entity behavioral analytics (UEBA), security orchestration, automation, and response (SOAR), and network detection and response (NDR) solutions. No longer just a SIEM vendor, LogRhythm has adapted to meet the changing market demands and has expanded our solution offering with cloud-native LogRhythm NDR and LogRhythm UEBA to transform from a SIEM platform to a comprehensive security operations solution.  

Our execution will increase as we continue our quarterly go-to-market cadence of new products and features that help increase the efficiency of the security operations center (SOC) — fulfilling promises to our customers. We’re continuing to fulfill our vision of enabling fast, agile, and high-performing security teams armed with intelligent analytics and automated responses to reduce cybersecurity exposure.

New, robust product offerings in 2022 

In addition to LogRhythm Axon, LogRhythm has delivered many additional enhancements. To better serve customers, our team prioritized product updates in high-need areas, including NDR, UEBA, and SIEM in both July and October. As part of a regular and ongoing promise to deliver excellence and outcomes that matter, here are some highlights from our October launch: 

Ease the analyst experience with the LogRhythm SIEM

  • On the SIEM side, LogRhythm is now Federal Information Processing Standards (FIPS) compliant starting with version 7.10, enabling customers to run servers in a FIPS compliant/certified mode using LogRhythm.  We’ve added support for Amazon Web Services (AWS) S3 log data to the existing connections for Google Cloud Public (GCP) and Microsoft Azure and enhanced automation capabilities by releasing new and improved LogRhythm SmartResponses. LogRhythm 7.10 also offers additional automation functionality through new Admin API endpoints and a new Metrics API. 
  • We improved the Admin API by adding System Monitoring (LogRhythm SysMon) Management endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching. The Admin API lets users update existing SysMon agents and onboard new SysMon agents, reducing administrative overhead. In addition, we added more filtering capabilities, allowing users to filter logs and apply security prioritization to data at the agent. Our Event Log Filtering feature lets analysts target specific types of Windows Event logs the agent queries and accelerate the time to process logs, removing burden on the collection pipeline. 

Improve the analyst workflow with  LogRhythm NDR

  • Our latest LogRhythm NDR release now improves the analyst workflow with refreshed user interface and sleek design. The new UI improves navigation to access the MITRE AT&CK framework widget. This simplifies the analyst workflow, enabling you to respond quicker and do your job more efficiently. LogRhythm NDR also features detection improvements and now allows you to ingest data from NetFlow, a network protocol system by Cisco. 
  • We added an additional level of incident telemetry to LogRhythm NDR. LogRhythm NDR now enables you to pull in more context to accelerate investigations and help you hunt better. Users can enable packet capture in the UI and download PCAP files for specific Incidents and Cases. In addition, LogRhythm NDR now features analytic capabilities that detect a wider array of ransomware attacks. For example, our existing, out-of-the box detection capabilities for Log4j now provides associated outbound LDAP connections tied to Log4j activity to enhance the fidelity of alerting against this threat.  
  • LogRhythm NDR also added a new extended detection and response (EDR) integration — Cisco Secure Endpoint (formerly AMP). Cisco joins our other EDR integrations with CrowdStrike, Sentinel One, Carbon Black, Sophos, and Cybereason, offering a force multiplier of network and endpoint threat detection.

Advance your threat detection with LogRhythm UEBA

  • This month, we released a new model in LogRhythm UEBA that tracks when a user authenticates with a new log source type. LogRhythm UEBA now identifies 0365 services hosts in logs and understands not to use log location information for user location tracking. In addition, our team introduced user interface improvements in the UEBA lab (Cloud AI lab) that help streamline the analyst workflow. 
  • We added new LogRhythm UEBA models that can help security team detect better and alert less to reduce alert fatigue. The new models include new across IDs (e.g., the new location or host that is new across all monitored identities) and improbable travel between origin locations. LogRhythm UEBA features more contextualization in the logs to improve the analyst workflow. Our solution also offers enhanced score normalization across all users within the same company to better highlight the most anomalous users. 

LogRhythm’s vision forward 

We’ve made a lot of strides in 2022, but we’re just getting warmed up. We’re thrilled about what we offer today, and we’re excited about what’s to come. Stay tuned for more in January! Our future together is bright, and we’ve never been more ready, willing, and able to help.  

Interested in reading the Gartner SIEM Magic Quadrant 2022 PDF? Download the full report here. 


Gartner, Magic Quadrant for Security Information and Event Management, 10 October 2022, Pete Shoard, Andrew Davies, Mitchell Schneider. 

GARTNER and Magic Quadrant  are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. 

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.