What is our primary use case?
I'm using LogPoint as a commercial product. My company uses LogPoint for data aggregation, which is also used for creating custom use cases based on organizational leads. Then, my company triggers and escalates to the IT team responsible for solving loopholes and problems seen via LogPoint.
What is most valuable?
What I like best about LogPoint is its cost-effectiveness compared to other solutions.
LogPoint also has better dashboards which I find valuable. I also like that you can create use cases based on your assets. For example, if you have some servers. DMZs, or different types of servers, such as core banking servers, you can apply the use cases to the targeted groups or the whole system.
What needs improvement?
What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated. For example, it lacks color. IBM QRadar and LogRhythm have better UI than LogPoint. The solution needs a custom dashboard feature to make it better.
LogPoint also needs to improve its network hierarchy diagram. You can't create the whole network diagram if you have the entire subnet system of your server form or your DMZs. This means that in LogPoint, it's pretty difficult to visualize the network hierarchy diagrams, so this is another area for improvement in the solution.
Handling multiple types of logs also has room for improvement in LogPoint. Sometimes, it discards logs, and it has difficulty processing various logs.
An additional feature I'd like the product to have in its next release is the multiple log processing feature.
For how long have I used the solution?
I've used LogPoint for two years, but the last time I used the solution was more than six months ago.
What do I think about the stability of the solution?
There were some glitches in LogPoint, so it wasn't as stable. For example, if we exceed our EPS, or if there are data not normalized by the editor, or logs generated by assets that LogPoint doesn't normalize, those logs won't be processed.
LogPoint can't handle multiple types of logs. For example, for IAS servers that generate various kinds of logs, such as system and security logs, at some point, LogPoint still needs to manage and understand the different logs. Sometimes, the solution discards the logs. This is why we moved to LogRhytm.
How are customer service and support?
I opened some tickets with LogPoint support when I was still using the product. It was easy to open tickets and connect with the LogPoint support team. The higher level team, the L2 group, was quite competitive, but the lower level team, the L1, needed work because the L1 staff sometimes failed to understand my problems with LogPoint.
The L1 support team usually escalates the issues to the L2 support team, so the level of escalations in LogPoint is higher than in IBM QRadar.
The IBM QRadar L1 team is more competitive than the LogPoint L1 team.
I feel that LogPoint has outsourced L1 issues. That should be done in-house.
On a scale of one to five, I rate LogPoint technical support as two.
Which solution did I use previously and why did I switch?
I've suspended using LogPoint because I shifted to LogRhythm. I'm now using LogRhythm because it's more user-friendly with a better UI than what LogPoint has. LogPoint also can't handle multiple log types. Though LogPoint is cost-friendly, LogRhythm provides features that both LogPoint and IBM QRadar and other solutions can't offer.
How was the initial setup?
The initial setup for LogPoint is pretty straightforward. It's relatively easy to learn and understand, especially for small organizations. I belong to a small organization that can't afford more expensive products. You won't see LogPoint in review site scoreboards, for example, in Gartner, and the product isn't found under Leaders and Visionaries, but it's still quite effective. It's comparable to going for open-source systems.
Deploying LogPoint was relatively easy. I've been deploying it for a long time. The process is easy, but it's based on how many systems you need to connect to LogPoint. For example, my company has more than fifty assets that need to be integrated with LogPoint, so that could take some time, though the deployment process is much easier. I was able to deploy it within one hour, though.
What about the implementation team?
LogPoint was implemented in-house. I also did some of the implementations, which was relatively easy.
What's my experience with pricing, setup cost, and licensing?
My company used to pay for LogPoint costs annually. It's a cost-effective solution.
I'm not part of the Finance team, though, so I'm not sure exactly what the licensing fee is or what license my company had.
Which other solutions did I evaluate?
I've evaluated IBM QRadar and LogRhythm.
What other advice do I have?
I have experience with IBM QRadar for more than three years. I also have experience with LogPoint. I've used LogRhythm as well for more than two years now.
My company is a partner of LogPoint, but first, it was a vendor, then it became a partner that collectively collaborated with LogPoint, recommending LogPoint seminars to customers.
Fifty percent of people in the organization use LogPoint, mostly security engineers. One person can handle the maintenance for LogPoint, specifically for a small organization.
As I've not used LogPoint in the last four to six months, I'm no longer updated on what changes were made to the product. If LogPoint works much better for you, then I'd recommend it. Still, if you're considering the product commercially, it's better to go with another solution that works better, with fewer issues, at least from a smaller organization standpoint.
My rating for LogPoint is four out of ten. I didn't give it a higher mark because it needs to improve in several areas, including the GUI, network hierarchy diagrams, and log optimization.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner