Palo Alto Networks Cortex XSOAR and LogPoint are both contenders in the security automation and orchestration space. Palo Alto Networks Cortex XSOAR appears to have the upper hand due to its sophisticated automation and integration capabilities, making it more appealing for organizations seeking extensive security orchestration features.
Features: Palo Alto Networks Cortex XSOAR stands out for its automation features, extensive playbook library, and machine learning capabilities, supporting advanced security orchestration through diverse integrations. LogPoint, on the other hand, is known for its strong log management, user-friendly search capabilities, and analytics features, coupled with cost-effective pricing strategies.
Room for Improvement: LogPoint needs to enhance its log parsing efficiency, integration options, and user interface aesthetics. It also lacks SaaS deployment capabilities. Palo Alto Networks Cortex XSOAR faces challenges with licensing costs, setup complexity, and its integration processes need more streamlining. Improvements in administrative tasks related to licensing are also desired by users.
Ease of Deployment and Customer Service: Palo Alto Networks Cortex XSOAR provides flexible deployment options, including public, private, and hybrid clouds, while LogPoint primarily offers on-premises deployments, possibly limiting flexibility. LogPoint's technical support is responsive but sometimes lacks proficiency, whereas Cortex XSOAR users report issues with service responsiveness and support complexity. Both solutions require better customer service offerings.
Pricing and ROI: LogPoint features a straightforward pricing model with predictable, fixed costs, appealing to smaller and medium-sized businesses. Palo Alto Networks Cortex XSOAR, while more expensive with hefty licensing fees, potentially offers substantial ROI for larger enterprises that utilize its full capabilities effectively. In contrast, LogPoint suits clients seeking cost-effective, predictable spending.
The technical support for Logpoint is very good, and I would rate it as nine out of ten.
Logpoint's customer support is not sufficient with only one engineer in the US.
It is web-based and accommodates the expansion of our organization.
Logpoint is scalable and capable of expanding.
I have received reports indicating glitches and downtimes with Logpoint.
Dealing with foreign entities for support was a challenge, leading us to switch providers due to lack of adequate support.
Logpoint needs to be cloud-native, as currently, it is not.
The deployment requires integration and the development of integration modules.
I rate the pricing at eight, suggesting it's relatively good or affordable.
The UEBA enables us to monitor at the device level, and SOAR provides playbooks and templates that we can modify and incorporate into the platform.
It effectively facilitates logging and log storage and assists in security event management by ingesting security events.
Execution of automatic tasks for collecting, enriching, and correlating security events from hundreds of different technologies.
Logpoint is a cutting-edge security information and event management (SIEM) solution that is designed to be intuitive and flexible enough to be used by an array of different businesses. It is capable of expanding according to its users' needs.
Benefits of Logpoint
Some of the benefits of using Logpoint include:
Reviews from Real Users
Logpoint is a security and management solution that stands out among its competitors for a number of reasons. Two major ones are its data gathering and artificial intelligence (AI) capabilities. Logpoint enables users to not only gather the data, but also to maximize both the amount of data that can be gathered and its usefulness. It removes many of the challenges that users may face in data collection. The solution allows users to set rules for collection and then it pulls information from sources that meet the rules that have been set. This data is then broken into manageable segments and ordered. Users can then analyze these ordered segments with ease. Additionally, LogPoint utilizes both machine learning and AI technology. Users gain the ability to protect themselves from and if necessary resolve emerging threats as soon as they arise. The AI sets security parameters for a user’s system. These act as a baseline that are triggered and notify the user if anything deviates from the rules that it set up.
The chief infrastructure & security officer at a financial services firm writes, “It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. Logpoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parsed because all logs are not the same, but with Logpoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them.”
A. Secca., a Cyber Security Analyst at a transportation company, writes, “It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all of the user’s activities. It devises a baseline and monitors if there is any deviation from the baseline.”
Palo Alto Networks delivers a complete solution that helps Tier-1 through Tier-3 analysts and SOC managers to optimize the entire incident life cycle while auto documenting and journaling all the evidence. More than 100+ integrations enable security orchestration workflows for incident management and other critical security operation tasks.
Palo Alto Networks Cortex XSOAR is a piece of Security Orchestration, Automation, and Response software that redefines what it means for a program to orchestrate security in an automated manner. It is a next-generation solution that offers all of the features of dozens of siloed security operations center tools in one place. Cortex XSOAR combines case management, automation, real-time collaboration, and threat intelligence management to create a platform that can handle all aspects of system security. Teams that make use of Cortex XSOAR can expect to cut the number of issues that they will have to deal with by 75%. At the same time, the speed at which they resolve those issues that slip through will rise by 90%.
Cortex XSOAR ensures that all of the IT and security tools that you employ function as a unified system. It does this by employing hundreds of integrations that allow you to run a wide variety of programs at once without ever worrying about them interfering with each other. These integrations are limited only by your imagination. They can be used immediately as they are, if that is what you need. However, they can also be customized according to the requirements of your system. This approach provides you with the maximum levels of both flexibility and utility.
The model that this platform uses is based on a machine learning algorithm. The level of automation allows you to provide more than an unchanging and inflexible blanket of coverage. Cortex XSOAR takes all of the data that it gathers and uses it to expand its protective capabilities. This creates recommendations that you can use to create a threat playbook that can be deployed uniformly throughout your organization.
Benefits of Palo Alto Networks Cortex XSOAR
Some of Palo Alto Networks Cortex XSOAR’s benefits include:
Reviews from Real Users
Palo Alto Networks Cortex XSOAR’s centralized monitoring interface and automation are two features that help it stand out. This might help explain why one quarter of the Fortune 500 companies choose Palo Alto Networks Cortex XSOAR over the competition.
Peerspot users note the effectiveness of these features. One user wrote, “We were looking for a single pane of glass type of solution that would allow us to physically be in one appliance - be able to work in concert with other servers that we have within our environment. We wanted orchestration and automation. The single pane of glass was the most important part.” Another noted, "The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
