LogPoint Questions

Miriam Tover
Content Specialist
IT Central Station
Feb 04 2021

Hi Everyone,

What do you like most about LogPoint?

Thanks for sharing your thoughts with the community!

Miriam Tover
Content Specialist
IT Central Station
Feb 04 2021

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station
Feb 04 2021

Please share with the community what you think needs improvement with LogPoint.

What are its weaknesses? What would you like to see changed in a future version?

Julia Frohwein
Content and Social Media Manager
IT Central Station
Feb 04 2021

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Julia Frohwein
Content and Social Media Manager
IT Central Station
Feb 04 2021

If you were talking to someone whose organization is considering LogPoint, what would you say?

How would you rate it and why? Any other tips or advice?

Security Information and Event Management (SIEM) Questions
William Milton
User at VAE-MARMARA8
Apr 16 2021

Hi, I'm looking for a technical comparison between Splunk Phantom SOAR and FireEye SOAR solutions.

Can anyone help with insights?

Electronics Engineering Lab Technician(R&D) at a engineering company with 11-50 employees
Mar 16 2021

I have slowly switched our entire network over to Fortinet products over the past few years and been pleased with the products overall. I would like to utilize FortiSIEM for more robust monitoring and response, but the cost is extremely prohibitive for my company (<25 employees). Suggestions?

Rony_Sklar
IT Central Station
Jan 13 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 

What are some of the threats that may be associated with using 'fake' cybersecurity tools?

What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
Rony_Sklar
IT Central Station

How do log management and SIEM differ? Is it necessary to have separate tools for each function or can these functions be rolled into one solution?

Which products are best for SIEM, and which are better for log management? Do you have recommendations of products that effectively combine both log management and SIEM?

Lindsay MiethRony, Daniel's answer is right on the money.  There are many solutions for each… more »
Daniel SichelLog Management is just that, it looks at logs from devices and attempts to make… more »
David Rivas HueteIn short, Log Management refers to the collection, storage, and organizing of… more »
Rony_Sklar
IT Central Station
Jan 04 2021

Do you have recommendations for the best SIEM tool to invest in for a large financial services provider? What particular features of your recommended tool make it the best choice?

Abhishek RVRK SharmaHello, First off, look for a SIEM that offers customized content for financial… more »
Daniel SichelI would take a long hard look at IBM QRadar. The user behavior analytics will… more »
Dan Feraru
Owner at Infodava
Mar 23 2021

I'm the owner of a small tech services company. 

I'm looking for help with a template for a SIEM PoC (high-level, generic document). Can anyone help? 

Thank you, Dan

Abhishek RVRK SharmaHello Dan,  Most SIEM vendors have a PoC script that they will run you… more »
Rony_Sklar
IT Central Station
Mar 23 2021

What are the differences between how NDR and SIEM work to improve network security? What are the pros and cons of each? 
Is it necessary to have both types of tools?

DK ShrivastavaNDR is just analysis of network behaviour and forms a part of SIEM strategy. it… more »
Jairo Willian PereiraSIEM aggregates data from multiple systems (like an EDR solution, IDS/IPs etc.)… more »
Lindsay MiethYour SIEM should receive and process traffic generated by your NDR as well as… more »
Sanguan Treejareonwiwat
President at Chunbok Company Limited
Mar 08 2021

Can anyone advise on which SIEM will work best with Palo Alto Cortex XDR?

Thanks!

Jairo Willian PereiraI think most of them understand "de-facto standards" very well (including Palo… more »
Michael DeanI would advise not using LogRhythm. They do not have a log parser for the… more »
reviewer1406157 Palo Alto Networks and IBM have partnered to deliver logging extensions for… more »
Menachem D Pritzker
Director of Growth
IT Central Station

Buying a SIEM solution, especially for a large enterprise, is a massive decision.

How long does your organization spend on making this decision? How long does it then take to implement?

What are your considerations before pulling the trigger on a particular solution?

What's your shortlist process like?

How do you do your research?

What are your primary considerations?

How do independent user review sites like IT Central Station, or independent analyst reviews, influence your decision?

Would love to hear your thoughts. Thanks in advance :)

KevinGrahamHow long does your organization spend on making this decision? How long does it… more »
Malola Varadhan
User at First Abu Dhabi Bank P.j.s.c

I work at mid-sized enterprise bank. I am researching SIEM solutions. Which is the best tool for security information and event management: Arcsight or Securonix?

Abhishek RVRK SharmaThat is kind of like asking - I want a car, what would you recommend? your… more »
Consulta85d2Neither, or both.  Having done literally thousands of SIEM deployments, I can… more »
Himanshu ShahArcsight is a legacy SIEM a Ro-bust log management tool however works on EPS (… more »
Rony_Sklar
IT Central Station

SIEM and SOAR have a lot of components in common. How do they differ in the role they play in Cyber Security?

If you've been working in cybersecurity, you've likely come across SOAR and SIEM technologies. There are differences between their capabilities, although they have a fair amount of commonalities. They both collect data, but the quantity of data, type of data, and type of response is where they differ. As threats have advanced, security professionals may be in need of both.

That's where SOAR and SIEM come to the rescue, although there has been some confusion as to the difference between the two. The two technologies have different competencies, but can be combined to increase a security team's or SOC's effectiveness.

We've evaluated the differences of the best SIEM tools and top SOAR tools to clear up the differences between each.

SIEM vs SOAR

In short, SIEM aggregates and correlates data from multiple security systems to generate alerts while SOAR acts as the remediation and response engine to those alerts.

SIEM is the collection and aggregation of security data sourced from integrated platforms logging event-related data - firewalls, network appliances, intrusion detection and prevention systems, etc. - then correlates data across devices, categorizes, and analyzes incidents before issuing alerts. The alerts are identified by using sophisticated analytical techniques and machine learning, which require fine tuning. This leaves a lot of alerts for a security team or SOC to prioritize and remediate; a difficult, time-consuming process.

SOAR, on the other hand, is designed to help security teams automate the response process by gathering alerts, managing cases, and responding to the endless alerts generated by SIEM. With SOAR, security teams can integrate with security alerts and create adaptive, automated incident response workflows. This gives SecOps the ability to prioritize threats and deliver faster results.

Shastri SooknananSIEM is the log file collection of I.T assets and various intel feeds that… more »
Marcus GaitherWhat is SIEM? Firewalls, network appliances, and intrusion detection systems… more »
Gregg WoodcockThe SIEM is the detection/surveillance engine whereas the SOAR is the… more »
Rony_Sklar
IT Central Station
May 29 2021

Are event correlation and aggregation both needed for effective event monitoring and SIEM? 

David CollierBoth are techniques aimed at reducing the number of active alerts an operator… more »
Willa OuYes, both of them are needed. Since their concepts have been well discussed… more »
Ertugrul AkbasThey are not same. For evet monitoring (log management) aggregation is enough… more »