Logpoint Reviews

The main purpose was for compliance reasons because the pension funds need to comply with the Dutch Federal Bank rules. So, most of the use cases were much more focused on the separation of duties, privilege escalation, and access to sensitive data.

We were not using it as an active, real-time monitoring tool. The group of people looking after security was very small, and there were only daytime operations. So, the focus was not to look after external breaches, attacks, etc. That's the main reason why the responsibility of security monitoring was not ours anymore. Accountability and responsibility had shifted from the internal organization to a contracting firm.

The most beneficial was being able to prove, with proper reports, that from a compliance perspective, the company is in control. The service part of LogPoint did modifications or did some additional work to have the proper reports defined.

The ease of use is valuable. Also, especially when the projects started, the ability to integrate with the iSeries data was also valuable because that was a request. This functionality is not mandatory anymore because we moved from this platform.

One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues.

A challenge for every SIEM platform is when new series or devices are coming on the market, you need time to implement, but we are not facing this issue because this system is going to be decommissioned. We are not looking for enhancement or integrations.

In general, if customers are looking for new things, there could be much more with advanced threat diagnostics, AE based. There are a lot of features that the next-generation SIEM tools can have, such as automated remediation technologies. There's a whole list of features that you can think about, but in our case, we're not looking for that. We were not using it as a cybersecurity SIEM project. It was much more from a compliance reporting perspective.

It has been there in the company for more than six or seven years.

In seven years of operating it, we never had hiccups.

In our situation, it has been scalable. We didn't have a huge infrastructure. So, we didn't face limitations, but we are not representative of a large enterprise. There were only three people using the application. They were pure admins and the CSO.

Its usage is going to decrease. Until last year, I was a CSO of a company using that. Even last year, we enhanced the environment with a couple of use cases. They're still using it. They were probably one of the first customers in the Netherlands to use it. It is still in use, but some of their internal applications are going to be stopped because they are moving to a SaaS solution for their major ERP system. So, the focus is moving, and in two years' time, they will stop using the on-premise software and look for maybe an Azure solution or Microsoft Cloud Security solution.

The initial system was on an AS/400 or iSeries IBM. With the old software, they migrated to a SaaS solution. That means that the number of internal developers has completely decreased to a small number. There are more functional people today. The strategy of the company is no-own software development. The major ERP system is already fully running in SaaS for the last two years. So, there are fewer and fewer systems connected to the SIEM. I believe the strategy is to stop when the licenses are going to be finished. In general, they're buying them every two years, and the next year, when the software is at the end of its financial life, they will make a switch and move to the cloud to the Microsoft solution, especially because everybody is running Office 365. There are some other solutions also running from Microsoft, and there is no real reason anymore to have a very in-depth on-premise SIEM solution because there is less IT now in-house than before.

When we had issues, the tickets were picked up quite rapidly, and we got solutions from the vendor itself. So, from the support perspective, they have been pretty good. I would rate them a four out of five.

Positive

That was the first SIEM solution.

It was average. LogPoint is not as complex as some of the other more complex products, such as ArcSight and enVision. I would rate its initial setup a seven out of ten in terms of ease.

It took about six months with fine-tuning, et cetera. We had to bring it live and have all the angles corrected. It was up and running in a couple of weeks, but of course, it takes some time for specific development for the use case that we needed.

The vendor itself was engaged. We had our team, and the vendor also brought people in.

The maintenance is done partially by the operators, and that's a very small task.

It was on a yearly basis at about $100K. It was not a huge environment. We were running it on our own virtual server environment, which, of course, had a cost. There was hardware and some energy cost, and then there were Microsoft Windows licenses for servers. That's all, but there was nothing in comparison to the licensing costs.

I was not there at that moment, but they went to shortlist three other vendors. I didn't remember the names.

Knowing the market in 2022, I will not suggest on-premise implementations.

I would rate it a 7 out of 10. It is doing its job, but there is always room for improvement.

It monitors the users as well as the endpoints and provides data for that. It basically studies the activities, tries to understand the activities, and then does a little bit baseline for that. It then monitors the user or the endpoint to see if there is any deviation. If there is any deviation, it triggers an alarm.

It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline.

In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved. 

We installed it on our system about six months ago. We also integrated UEBA with it.

It is very stable. It is recognized by Gartner in the Quad evaluation of SIEM tools. They are a strong player, and their product is very solid and stable.

It is being used by 150 people in three different locations in two states.

They have excellent tech support. That's the whole thing. Even though their documentation is lacking, their tech support is excellent.

We didn't use any. We didn't have any in place.

Setting up a SIEM tool is never easy. It is very complex because of the components that are involved. You have to onboard all the devices that will be communicating with the tool. It is tedious. You need to get it right. That's the whole strategy.

For its maintenance, we have a two-man IT department, which includes me and somebody else.

It is highly recommended. It is a solid SIEM tool. It is very dependable and well-recognized. In terms of functionality, the queries work in the same way as Splunk. The only drawback is they are predominantly a European provider. Their headquarter is in Denmark and not in the US. Most of their market is in the European Union, but nonetheless, their customer service is excellent. You can get answers to any issue or question that you have related to the implementation right away.

The learning curve is kind of on the medium side, and you need somebody on a full-time basis for UEBA.

I would rate LogPoint a nine out of 10. It only needs better documentation.

The primary use case is standard compliance to help the user's ability to navigate PCI DSS compliance or GDPR compliance. Besides that, if a user needs to do the log collection and correlation, the solution makes it easy.

The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report. I understand that you can't define the custom reporting features, however.

Overall, the platform has a very good dashboard and a nice correlation engine as well.

Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.

The solution is quite stable as long as your server and the hardware is supporting it because it is a virtual kind of software solution. So the software depends on the hardware. If your hardware is supporting it, obviously the solution will be stable. Once you install it, you don't have to worry about it.

Scalability wise, if you are expanding the scope of the SSI devices, you just need to add the number of endpoints or number of servers, and licenses. 

We found technical support very good. But to be very honest, we did not come across any major issue as of yet. If there's that something that we cannot solve ourselves completely, then we are totally reliant on them.

We are the resellers for multiple solutions, so we don't only sell LogPoint. It is a solution we pitch to our smaller customers.

The initial setup was straightforward. Usually, we can deploy the solution within three days. We usually take two days and keep an extra day for a buffer, just for fine-tuning some policies and things like that. For a small deployment, one person is enough.

For the first two deployments, we did have help. After that, we did not need it because there is direct support from LogPoint. We can use tickets and get help if necessary.

As long as the solution is working, and you are in compliance with all the internal audit policies, you will see a return on investment. 

The licensing structure is super. It's not like other complex environments. They work on the EPS or MPS, but they also work on a number of devices. It's very straightforward. They have a different pricing structure for the lighter devices, so that makes it a very cost-effective solution.

For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based license. There are separate costs as well, for example, if a customer asks for training for their staff. 

We are a reseller of the solution.

I would recommend the solution. Go with the trial version and evaluate it first, because individual tastes may differ. I'm not the end-user, I'm the reseller. We have managed to meet the customer's requirements for adhering to their compliance or getting the solution onboard to their satisfaction. In the end, however, when an end-user uses the solution, they will ultimately have a clearer idea about the pitfalls or upsides of it.

I would rate the solution eight out of ten.

We do SMB and schools, K through 12. 

We have a storage cloud and cloud-based Cisco voiceover IP cloud services that we offer, as well as on-premise-based for those who still prefer that.

They basically charge you in a better way. Instead of starting to charge you more as you do more data, it is based on the different data modules that you had or items you were monitoring. 

It wasn't as if the flow increases a lot then you could kill, like some other products when you start using it more. It's nice at first and then it gets more expensive. This product was a little bit better on that, on adding users.

It wasn't one of the products we stressed for our customers just because it was a higher-end service. Our customers were not happy with firewalling and the endpoint antivirus. It needed 24-hour management. Many of our customers don't need that because they are a small-medium business. 

The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness.

It's pretty expensive. It's harder to make an impact and get changes as you might need it quickly or address the price issue.

It's a company owned by one person, and they were pretty solid on leaving the pricing the same. They are a little bit inflexible. That's how we felt with us not really specializing in that as much as other products we work with.

They're from Denmark and a lot of their staff is there. They have a real skeleton crew here.

We just switched over from LogPoint to IBM's QRadar as the SIM engine.

We liked the local rep that we had, but he was spread a little bit thin between New York, Connecticut, and Boston. 

He could get back to us relatively quickly if we had some feedback, but it's not like they had a lot of feet on the street in the U.S. It's a burgeoning market that they were trying to get into more.

LogPoint seemed like it was a good product, but it was expensive and there wasn't any room to move the pricing when customers needed a lower-costing solution.

We have our own cloud offering. We are always keeping an eye on what's out there to know what else we can offer to our clients. Things like AWS and Azure would not work in our favor because they're so big. 

It keeps me aware of what's up and coming, and I share that information with our engineering staff so that they could either incorporate some of the features into what we have, or if there's any kind of partnership, and is it just a matter of something we should offer.

We do a combination of MSP and VAR services. We're a hybrid between the two. We are not a pure MSP. 

People don't seem to like having to pay a monthly fee whether or not people end up showing up or helping. We try to offer it as an "if you need it" basis, we can do it, but we don't have to charge you. 

We can sell them a bundle of hours, and that way they only use them when they need them, which is pretty popular with many of our clients, especially small to mid-size companies. 

We'll do a combination of, for instance, Sentinel One and Point Antivirus, which is an MSP service. It has 24-hour-a-day monitoring if they want. 

If they don't want that, we could do more of a typical kind of a semantic or any one of a number of Point Antiviruses that they want. 

We also have a Secure SIEM, it's our own product, www. securesiem.com.  If they want to have a managed SIEM service, 

We also have, for those that have next-generation firewalls, we have a product called securengf.com. That basically shores up their next-generation firewall with our managed services. We use a help desk that lets them have 24-hour responsiveness to any issues instead of just having the firewall and having to go to look online. 

This will be somebody monitoring the firewall to make sure there are no breaches.

If somebody needs wireless Wi-Fi, WLAN type of services, we can help them improve their signal strength and location of their access points.

We're using QRadar as the engine. We are working as a partner with them to have our service use QRadar to achieve the best results for our customers. I believe we use some of their services of the monitoring itself.

I would rate LogPoint an eight out of ten, because the technology seemed to be fairer to the customers, even with all the issues that I have indicated. 

The most valuable features are the ones that we use the most, which are the search and report facilities.

There is room for improvement on both our side and on the side of LogPoint.

We could improve on what we decided to put into LogPoint for it to work on and LogPoint Is improving with its addition of the MITRE ATT&CK framework.

I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products.

If there were one price that you paid and that included all of the features, instead of having to pay a bit more to get advanced features. It would make things simpler when you purchase.

I have been using LogPoint for approximately six years.

We're currently migrating from version 6.6 to 6.9.

It's a stable solution.

It's a scalable solution. We can add more LogPoint boxes, repositories, and sources.

We have 20 or 30 people who are using the information from it, in our organization.

Technical support is very good.

We used to use LogRhythm.

We made a significant investment in LogRhythm, and it didn't cope with the size of our estate, so we decided to go elsewhere.

The initial setup was quite straightforward.

It took us a couple of weeks to set up all of the log sources and to configure them.

To maintain this solution it's one person and half their time to work on it.

The implementation was very good from our point of view, but we had one of the top people come out and install it with us.

I think we were the first local authority and the council in the country to touch the LogPoint.

They came out and made sure that it was installed properly and that it worked properly with us, which I'm not sure everybody would get.

It's getting more expensive, which is one of the reasons we're looking around just to see if there's anything better value. It's still good, but it's I think it's becoming more expensive.

We are looking to see what else may be available. There might be something better that we are not aware of yet.

I would say that it's a good product. It's very stable, and the support is very good. We use it a lot. 

As I say, I'm looking to see whether or not it's still the product that we should be using or whether there's something out there now.

I would rate LogPoint an eight out of ten.

I use the product for my research and development to enhance my work. We are transitioning to a new technology, and Logpoint has proven valuable for my purposes.

The solution is user-friendly. 

Logpoint is not flexible. Its documentation is not user-friendly. 

I have been working with the product for six months. 

I rate Logpoint's stability a seven out of ten. 

I rate the tool's scalability a nine out of ten. 

I rate the tool's deployment an eight out of ten. 

I rate Logpoint an eight out of ten. 

We use the solution for SIEM and SOAR.

The product is easy to use. It provides unlimited EPS.

Sometimes, the product is not stable.

I have been using the solution for more than five years.

There are some bugs. I think the newer version will not have such issues.

The tool is scalable.

Support is very good.

Neutral

I have used IBM QRadar. One of the main reasons why we switched to Logpoint was cost.

We took a month to deploy the solution.

The product should provide a perpetual license.

We evaluated FortiSIEM. We chose Logpoint because it was technically sound.

Overall, I rate the tool a seven out of ten.

I'm using LogPoint as a commercial product. My company uses LogPoint for data aggregation, which is also used for creating custom use cases based on organizational leads. Then, my company triggers and escalates to the IT team responsible for solving loopholes and problems seen via LogPoint.

What I like best about LogPoint is its cost-effectiveness compared to other solutions.

LogPoint also has better dashboards which I find valuable. I also like that you can create use cases based on your assets. For example, if you have some servers. DMZs, or different types of servers, such as core banking servers, you can apply the use cases to the targeted groups or the whole system.

What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated. For example, it lacks color. IBM QRadar and LogRhythm have better UI than LogPoint. The solution needs a custom dashboard feature to make it better.

LogPoint also needs to improve its network hierarchy diagram. You can't create the whole network diagram if you have the entire subnet system of your server form or your DMZs. This means that in LogPoint, it's pretty difficult to visualize the network hierarchy diagrams, so this is another area for improvement in the solution.

Handling multiple types of logs also has room for improvement in LogPoint. Sometimes, it discards logs, and it has difficulty processing various logs.

An additional feature I'd like the product to have in its next release is the multiple log processing feature.

I've used LogPoint for two years, but the last time I used the solution was more than six months ago.

There were some glitches in LogPoint, so it wasn't as stable. For example, if we exceed our EPS, or if there are data not normalized by the editor, or logs generated by assets that LogPoint doesn't normalize, those logs won't be processed.

LogPoint can't handle multiple types of logs. For example, for IAS servers that generate various kinds of logs, such as system and security logs, at some point, LogPoint still needs to manage and understand the different logs. Sometimes, the solution discards the logs. This is why we moved to LogRhytm.

I opened some tickets with LogPoint support when I was still using the product. It was easy to open tickets and connect with the LogPoint support team. The higher level team, the L2 group, was quite competitive, but the lower level team, the L1, needed work because the L1 staff sometimes failed to understand my problems with LogPoint.

The L1 support team usually escalates the issues to the L2 support team, so the level of escalations in LogPoint is higher than in IBM QRadar.

The IBM QRadar L1 team is more competitive than the LogPoint L1 team.

I feel that LogPoint has outsourced L1 issues. That should be done in-house.

On a scale of one to five, I rate LogPoint technical support as two.

I've suspended using LogPoint because I shifted to LogRhythm. I'm now using LogRhythm because it's more user-friendly with a better UI than what LogPoint has. LogPoint also can't handle multiple log types. Though LogPoint is cost-friendly, LogRhythm provides features that both LogPoint and IBM QRadar and other solutions can't offer.

The initial setup for LogPoint is pretty straightforward. It's relatively easy to learn and understand, especially for small organizations. I belong to a small organization that can't afford more expensive products. You won't see LogPoint in review site scoreboards, for example, in Gartner, and the product isn't found under Leaders and Visionaries, but it's still quite effective. It's comparable to going for open-source systems.

Deploying LogPoint was relatively easy. I've been deploying it for a long time. The process is easy, but it's based on how many systems you need to connect to LogPoint. For example, my company has more than fifty assets that need to be integrated with LogPoint, so that could take some time, though the deployment process is much easier. I was able to deploy it within one hour, though.

LogPoint was implemented in-house. I also did some of the implementations, which was relatively easy.

My company used to pay for LogPoint costs annually. It's a cost-effective solution.

I'm not part of the Finance team, though, so I'm not sure exactly what the licensing fee is or what license my company had.

I've evaluated IBM QRadar and LogRhythm.

I have experience with IBM QRadar for more than three years. I also have experience with LogPoint. I've used LogRhythm as well for more than two years now.

My company is a partner of LogPoint, but first, it was a vendor, then it became a partner that collectively collaborated with LogPoint, recommending LogPoint seminars to customers.

Fifty percent of people in the organization use LogPoint, mostly security engineers. One person can handle the maintenance for LogPoint, specifically for a small organization.

As I've not used LogPoint in the last four to six months, I'm no longer updated on what changes were made to the product. If LogPoint works much better for you, then I'd recommend it. Still, if you're considering the product commercially, it's better to go with another solution that works better, with fewer issues, at least from a smaller organization standpoint.

My rating for LogPoint is four out of ten. I didn't give it a higher mark because it needs to improve in several areas, including the GUI, network hierarchy diagrams, and log optimization.