LogPoint Reviews

We use it as a repository of most of the logs that are created within our office systems. It is mostly used for forensic purposes. If there is an investigation, we go look for the logs. We find those logs in LogPoint, and then we use them for further analysis.

We have close to 33 different sources of logs, and we were able to onboard most of them in less than three months. Its adoption is very quick, and once you have the logs in there, the ability to search for things is very good.

It is a very comprehensive solution for gathering data. It has got a lot of capabilities for collecting logs from different systems. Logs are notoriously difficult to collect because they come in all formats. LogPoint has a very sophisticated mechanism for you to be able to connect to or listen to a system, get the data, and parse it. Logs come in text formats that are not easily parseable because all logs are not the same, but with LogPoint, you can define a policy for collecting the data. You can create a parser very quickly to get the logs into a structured mechanism so that you can analyze them.

The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast.

Its reporting could be significantly improved. They have very good reports, but the ability to create ad-hoc reports can be improved significantly.

I have been using this solution for three years.

It has been stable, and I haven't had any issues with it.

There are no issues there. However much free space I give it, it'll work well.

It is being used by only two people: me and another security engineer. We go and look at the logs. We are collecting most of the information from the firm through this. If we were to grow, we'll make it grow with us, but right now, we don't have any plans to expand its usage.

Their support is good. If you call them for help, they'll give you help. They have a very good set of engineers to help you with onboarding or the setup process. You can consult them when you have a challenge or a question. They are very good with the setup and follow-up. What happens afterward is a whole different story because if you have to escalate internally, you can get in trouble. So, their initial support is very good, but their advanced support is a little more challenging.

I used a product called Logtrust, which is now called Devo. I switched because I had to get a consultant every time I had to do something in the system. It required a level of expertise. The system wasn't built for a mere human to use. It was very advanced, but it required consultancy in order to get it working. There are a lot of things that they claim to be simple, but at the end of the day, you have to have them do the work, and I don't like that. I want to be able to do the work myself. With LogPoint, I'm able to do most of the work myself.

It is very simple. There is a virtual machine that you download, and this virtual machine has everything in it. There is nothing for you to really do. You just download and install it, and once you have the machine up and running, you're good to go.

The implementation took three months. I had a complete listing of my log sources, so I just went down the list. I started with the most important logs, such as DNS, DHCP, Active Directory, and then I went down from there. We have 33 sources being collected currently.

I did it on my own. I also take care of its maintenance.

It is not easy to calculate ROI on such a solution. The ROI is in terms of having the ability to find what you need in your logs quickly and being confident that you're not going to lose your logs and you can really search for things. It is the assurance that you can get that information when you need it. If you don't have it, you're in a trouble. If you are compromised, then you have a problem. It is hard to measure the cost of these things.

As compared to other systems, I'm getting a good value for the money. I'm not paying a variable cost. I have a pretty predictable cost model, and if I need to grow, it is all up to me for the resources that I put, not to them. That's a really good model, and I like it.

It has a fixed price, which is what I like about LogPoint. I bought the system and paid for it, and I pay maintenance. It is not a consumption model. Most SIEMs or most of the log management systems are consumption-based, which means that you pay for how many logs you have in the system. That's a real problem because logs can grow very quickly in different circumstances, and when you have a variable price model, you never know what you're going to pay. Splunk is notoriously expensive for that reason. If you use Splunk or QRadar, it becomes expensive because there are not just the logs; you also have to parse the logs and create indexes. Those indexes can be very expensive in terms of space. Therefore, if they charge you by this space, you can end up paying a significant amount of money. It can be more than what you expect to pay. I like the fact that LogPoint has a fixed cost. I know what I'm going to pay on a yearly basis. I pay that, and I pay the maintenance, and I just make it work.

I had Logtrust, and I looked at AlienVault, Splunk, and IBM QRadar. Splunk was too expensive, and QRadar was too complex. AlienVault was very good and very close to LogPoint. I almost went to AlienVault, but its cost turned out to be significantly higher than LogPoint, so I ended up going for LogPoint because it was a better cost proposition for me.

It depends on what you're looking for. If you really want a full-blown SIEM with all the functionality and all the correlation analysis, you might be able to find products that have more sophisticated correlations, etc. If you just want to keep your logs and be able to find information quickly within your systems, LogPoint is more than capable. It is a good cost proposition, and it works extremely well and very fast.

I would rate it an eight out of 10. It is a good cost proposition. It is a good value. It has all the functionality for what I wanted, which is my log management. I'm not using a lot of the feature sets that are very advanced. I don't need them, so I can't judge it based on those, but for my needs, it is an eight for sure.

The use case with the business case actually is using LogPoint as a full-blown team system. And actually to orchestrate incident responses.

It's a SIEM system and if you incorporate detection rules and can set alerts, severities, stuff like that. It's the center of a SOC, basically. That's the main use case for it. Of course, it's also sued to fulfill regulatory compliance, which is making a report every week, every day, every month, according to the auditor, what he wants. That's the basic use case.

It improves security. You have more oversight of security incidents and everything that's wrong with the infrastructure you can see in LogPoint if you do it right. You can also document it. You can document the state of your organizational security. If you look at your report, your quarterly or monthly report, it gives you an overview of what's the current status, and then it gives you a delta of the status for the last month. That's actually very, very nice. For a CSO, they can track the improvements. 

The solution's most valuable aspect is the combination of the software and the support that they have. If you use SIEM systems, you always have a problem. You want to onboard an application, yet the logs from that application cannot be understood by the SIEM system. You sometimes have that. If you want to onboard, let's say, a common application to your SIEM system, it usually just works out of the box. However, if you have an exotic application that no one knows, the SIEM system most of the time cannot understand it. But LogPoint offers a translation service. You ship the log files to them and their guys make sure that LogPoint is able to translate it and ingest it. That service is actually really, really nice. And you don't pay for that.

One of the downsides is it is not a SaaS solution. It must be on-premises. It's a downside for the industry as it makes no sense to have just the solution as deployable via on-prem hardware. Nowadays, it must come as a solution that you can deploy in the cloud, either in Google, AWS, or Microsoft. It is possible, however, it's not cloud-native. That's a downside and that's a problem. When you can deploy a SaaS, cloud-native solution, then it's much easier than spinning that thing up with an image and stuff like that. SaaS is easier to manage and there are cost savings involved.

It needs to improve performance. That's somehow something that others do better. They need pure speed. Just speed. How they process data, it's not top-notch. It's just average.

I've been using the solution for half a year or so, about six months.

The solution is pretty stable. However you can crash the system if you did not do the math to calculate the right sizing of the hardware. LogPoint doesn't forgive any undersized storage, memory or compute power.

The support itself was good, however, it was sometimes a bit on the slower side. They were too slow yet the answers were brilliant.

Positive

I'm with another company right now. Those guys where we used LogPoint, yes, they used something else, which was called AlienVault at the time. I'm not even sure if this still exists as AlienVault anymore.

LogPoint comes with a scheme that goes with endpoints, which, if you have an IP that gives logs business, one counts as one. And if you have 100 servers, you pay just for the 100 servers. How much data they log is just, they do not care. You pay for the three endpoints. If you have one server in, let's say Splunk, and it logs one bite a day, you pay almost nothing. And if you have that same server logging one terabyte, you go bankrupt basically since you have to pay so much with something like AlienVault. They switched due to the fact that LogPoint does not care about the data. They just use the endpoint - which is good for security operation centers. 

Another company I worked for used DataDog, which is flexible and cloud-native. They are still with that solution.

The initial setup was straightforward. It was very easy, however, in the beginning, there were some errors and those errors were based on some bugs in the software. It's been worked on and so now it's fixed, however, beyond that, it was pretty straightforward, pretty easy.

You only need one person to do a deployment, however, I recommend three, it depends on your organization You basically need a system administrator that can deploy it. Configuration needs to be done by a security analyst.

There is continued maintenance required. Both of the roles that I just described are needed for maintenance, constant maintenance.

We did the installation ourselves. That said, we had decent training on that. Decent training is necessary and I highly recommended it. You basically cannot do this by yourself with no training. Back in the day, the training we received was facilitated by LogPoint. Nowadays, you can choose big consulting companies as well.

I did see an ROI when using the solution. The company that I work for, which is utilizing LogPoint, was using that as a basis for their SOC. They offered the SOC, the security operation services, to other companies. They generated revenue with that.

The pricing is pretty attractive. If you look, they have of course list prices, which are moderate. However, if you really go to them and say, "Hey, I need a discount and I am a public organization." YOu might be able to get lower prices. For an NGO or a foundation or something they likely offer a discount. They give you a special discount and they give good discounts. Also, if you say, okay, "Hey, your business model doesn't work for me as the break-even is 50 endpoints" they give you a decent discount and they're good.

I've looked into other SIEM solutions. In comparison, LogPoint works better in the European and German markets due to some unique features in data protection, compared to Splunk or some of the others, even Sentinel.

LogPoint is a very good product for mid-sized companies, especially in Europe. However, for big data chunks, big companies that are either in the cloud or not should use a solution like Splunk or an ELK-like elastic search-based SIEM solution due to the speed. 

I am just a customer and end-user.

We use various versions of the solution. The latest version was the one I was using, however, I can't recall the exact version number. 

I'd rate the product eight out of ten.

I'd advise potential new users to make sure that their use cases are designed beforehand. When you do a POC, then you need to have a success factor. People sometimes want to have a SIEM solution and then just look at the dashboard, which is total garbage. You need to know exactly what you want from that solution and if this is determined beforehand, then you can do a POC and then you will understand if the solution can deliver what you need - or not.

The main purpose was for compliance reasons because the pension funds need to comply with the Dutch Federal Bank rules. So, most of the use cases were much more focused on the separation of duties, privilege escalation, and access to sensitive data.

We were not using it as an active, real-time monitoring tool. The group of people looking after security was very small, and there were only daytime operations. So, the focus was not to look after external breaches, attacks, etc. That's the main reason why the responsibility of security monitoring was not ours anymore. Accountability and responsibility had shifted from the internal organization to a contracting firm.

The most beneficial was being able to prove, with proper reports, that from a compliance perspective, the company is in control. The service part of LogPoint did modifications or did some additional work to have the proper reports defined.

The ease of use is valuable. Also, especially when the projects started, the ability to integrate with the iSeries data was also valuable because that was a request. This functionality is not mandatory anymore because we moved from this platform.

One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues.

A challenge for every SIEM platform is when new series or devices are coming on the market, you need time to implement, but we are not facing this issue because this system is going to be decommissioned. We are not looking for enhancement or integrations.

In general, if customers are looking for new things, there could be much more with advanced threat diagnostics, AE based. There are a lot of features that the next-generation SIEM tools can have, such as automated remediation technologies. There's a whole list of features that you can think about, but in our case, we're not looking for that. We were not using it as a cybersecurity SIEM project. It was much more from a compliance reporting perspective.

It has been there in the company for more than six or seven years.

In seven years of operating it, we never had hiccups.

In our situation, it has been scalable. We didn't have a huge infrastructure. So, we didn't face limitations, but we are not representative of a large enterprise. There were only three people using the application. They were pure admins and the CSO.

Its usage is going to decrease. Until last year, I was a CSO of a company using that. Even last year, we enhanced the environment with a couple of use cases. They're still using it. They were probably one of the first customers in the Netherlands to use it. It is still in use, but some of their internal applications are going to be stopped because they are moving to a SaaS solution for their major ERP system. So, the focus is moving, and in two years' time, they will stop using the on-premise software and look for maybe an Azure solution or Microsoft Cloud Security solution.

The initial system was on an AS/400 or iSeries IBM. With the old software, they migrated to a SaaS solution. That means that the number of internal developers has completely decreased to a small number. There are more functional people today. The strategy of the company is no-own software development. The major ERP system is already fully running in SaaS for the last two years. So, there are fewer and fewer systems connected to the SIEM. I believe the strategy is to stop when the licenses are going to be finished. In general, they're buying them every two years, and the next year, when the software is at the end of its financial life, they will make a switch and move to the cloud to the Microsoft solution, especially because everybody is running Office 365. There are some other solutions also running from Microsoft, and there is no real reason anymore to have a very in-depth on-premise SIEM solution because there is less IT now in-house than before.

When we had issues, the tickets were picked up quite rapidly, and we got solutions from the vendor itself. So, from the support perspective, they have been pretty good. I would rate them a four out of five.

Positive

That was the first SIEM solution.

It was average. LogPoint is not as complex as some of the other more complex products, such as ArcSight and enVision. I would rate its initial setup a seven out of ten in terms of ease.

It took about six months with fine-tuning, et cetera. We had to bring it live and have all the angles corrected. It was up and running in a couple of weeks, but of course, it takes some time for specific development for the use case that we needed.

The vendor itself was engaged. We had our team, and the vendor also brought people in.

The maintenance is done partially by the operators, and that's a very small task.

It was on a yearly basis at about $100K. It was not a huge environment. We were running it on our own virtual server environment, which, of course, had a cost. There was hardware and some energy cost, and then there were Microsoft Windows licenses for servers. That's all, but there was nothing in comparison to the licensing costs.

I was not there at that moment, but they went to shortlist three other vendors. I didn't remember the names.

Knowing the market in 2022, I will not suggest on-premise implementations.

I would rate it a 7 out of 10. It is doing its job, but there is always room for improvement.

We do SMB and schools, K through 12. 

We have a storage cloud and cloud-based Cisco voiceover IP cloud services that we offer, as well as on-premise-based for those who still prefer that.

They basically charge you in a better way. Instead of starting to charge you more as you do more data, it is based on the different data modules that you had or items you were monitoring. 

It wasn't as if the flow increases a lot then you could kill, like some other products when you start using it more. It's nice at first and then it gets more expensive. This product was a little bit better on that, on adding users.

It wasn't one of the products we stressed for our customers just because it was a higher-end service. Our customers were not happy with firewalling and the endpoint antivirus. It needed 24-hour management. Many of our customers don't need that because they are a small-medium business. 

The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness.

It's pretty expensive. It's harder to make an impact and get changes as you might need it quickly or address the price issue.

It's a company owned by one person, and they were pretty solid on leaving the pricing the same. They are a little bit inflexible. That's how we felt with us not really specializing in that as much as other products we work with.

They're from Denmark and a lot of their staff is there. They have a real skeleton crew here.

We just switched over from LogPoint to IBM's QRadar as the SIM engine.

We liked the local rep that we had, but he was spread a little bit thin between New York, Connecticut, and Boston. 

He could get back to us relatively quickly if we had some feedback, but it's not like they had a lot of feet on the street in the U.S. It's a burgeoning market that they were trying to get into more.

LogPoint seemed like it was a good product, but it was expensive and there wasn't any room to move the pricing when customers needed a lower-costing solution.

We have our own cloud offering. We are always keeping an eye on what's out there to know what else we can offer to our clients. Things like AWS and Azure would not work in our favor because they're so big. 

It keeps me aware of what's up and coming, and I share that information with our engineering staff so that they could either incorporate some of the features into what we have, or if there's any kind of partnership, and is it just a matter of something we should offer.

We do a combination of MSP and VAR services. We're a hybrid between the two. We are not a pure MSP. 

People don't seem to like having to pay a monthly fee whether or not people end up showing up or helping. We try to offer it as an "if you need it" basis, we can do it, but we don't have to charge you. 

We can sell them a bundle of hours, and that way they only use them when they need them, which is pretty popular with many of our clients, especially small to mid-size companies. 

We'll do a combination of, for instance, Sentinel One and Point Antivirus, which is an MSP service. It has 24-hour-a-day monitoring if they want. 

If they don't want that, we could do more of a typical kind of a semantic or any one of a number of Point Antiviruses that they want. 

We also have a Secure SIEM, it's our own product, www. securesiem.com.  If they want to have a managed SIEM service, 

We also have, for those that have next-generation firewalls, we have a product called securengf.com. That basically shores up their next-generation firewall with our managed services. We use a help desk that lets them have 24-hour responsiveness to any issues instead of just having the firewall and having to go to look online. 

This will be somebody monitoring the firewall to make sure there are no breaches.

If somebody needs wireless Wi-Fi, WLAN type of services, we can help them improve their signal strength and location of their access points.

We're using QRadar as the engine. We are working as a partner with them to have our service use QRadar to achieve the best results for our customers. I believe we use some of their services of the monitoring itself.

I would rate LogPoint an eight out of ten, because the technology seemed to be fairer to the customers, even with all the issues that I have indicated. 

The most valuable features are the ones that we use the most, which are the search and report facilities.

There is room for improvement on both our side and on the side of LogPoint.

We could improve on what we decided to put into LogPoint for it to work on and LogPoint Is improving with its addition of the MITRE ATT&CK framework.

I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products.

If there were one price that you paid and that included all of the features, instead of having to pay a bit more to get advanced features. It would make things simpler when you purchase.

I have been using LogPoint for approximately six years.

We're currently migrating from version 6.6 to 6.9.

It's a stable solution.

It's a scalable solution. We can add more LogPoint boxes, repositories, and sources.

We have 20 or 30 people who are using the information from it, in our organization.

Technical support is very good.

We used to use LogRhythm.

We made a significant investment in LogRhythm, and it didn't cope with the size of our estate, so we decided to go elsewhere.

The initial setup was quite straightforward.

It took us a couple of weeks to set up all of the log sources and to configure them.

To maintain this solution it's one person and half their time to work on it.

The implementation was very good from our point of view, but we had one of the top people come out and install it with us.

I think we were the first local authority and the council in the country to touch the LogPoint.

They came out and made sure that it was installed properly and that it worked properly with us, which I'm not sure everybody would get.

It's getting more expensive, which is one of the reasons we're looking around just to see if there's anything better value. It's still good, but it's I think it's becoming more expensive.

We are looking to see what else may be available. There might be something better that we are not aware of yet.

I would say that it's a good product. It's very stable, and the support is very good. We use it a lot. 

As I say, I'm looking to see whether or not it's still the product that we should be using or whether there's something out there now.

I would rate LogPoint an eight out of ten.

It monitors the users as well as the endpoints and provides data for that. It basically studies the activities, tries to understand the activities, and then does a little bit baseline for that. It then monitors the user or the endpoint to see if there is any deviation. If there is any deviation, it triggers an alarm.

It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline.

In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved. 

We installed it on our system about six months ago. We also integrated UEBA with it.

It is very stable. It is recognized by Gartner in the Quad evaluation of SIEM tools. They are a strong player, and their product is very solid and stable.

It is being used by 150 people in three different locations in two states.

They have excellent tech support. That's the whole thing. Even though their documentation is lacking, their tech support is excellent.

We didn't use any. We didn't have any in place.

Setting up a SIEM tool is never easy. It is very complex because of the components that are involved. You have to onboard all the devices that will be communicating with the tool. It is tedious. You need to get it right. That's the whole strategy.

For its maintenance, we have a two-man IT department, which includes me and somebody else.

It is highly recommended. It is a solid SIEM tool. It is very dependable and well-recognized. In terms of functionality, the queries work in the same way as Splunk. The only drawback is they are predominantly a European provider. Their headquarter is in Denmark and not in the US. Most of their market is in the European Union, but nonetheless, their customer service is excellent. You can get answers to any issue or question that you have related to the implementation right away.

The learning curve is kind of on the medium side, and you need somebody on a full-time basis for UEBA.

I would rate LogPoint a nine out of 10. It only needs better documentation.

We use it for our network and security devices. We also use it for all the infrastructure services, such as Active Directory, domain controllers, Exchange servers, hypervisors, and antivirus servers. In general, it is more dedicated to security than to logs.

The search feature is valuable. The dashboards are also valuable for our bosses. Another valuable feature, which is the main feature of the product, is the centralization of all the logs.

It is a good product, but its interface or GUI could be better.

I have been using this solution for one and a half years to two years.

Its stability is good.

Its scalability is good.

Their support is good. They are very good, and they react quickly to our issues.

We had the vendor for the setup, but it wasn't very complicated. Even though our architecture is a little bit complicated, the setup was quite easy. 

We first started with the PoC, and then we kept the PoC and added two more services. So, it took a long time because we tested the solution very thoroughly before buying it. The vendor let us test it for a very long time. It took us about a year.

The vendor did the setup.

We did two PoCs. We had one for Rapid7 and one for LogPoint. We chose LogPoint in the end. A good point for LogPoint is that it is not based on the volume. It is based on the number of devices, whereas Rapid7 is based on the volume, which was why we chose LogPoint instead of Rapid7. We didn't know how much volume we would generate, and we were afraid that it would cost us a lot of money. So, we chose something that we can manage and monitor and is limited to the number of devices. It is much easier to manage the licenses than to manage the volume. For on-premises, it is the best solution.

I would rate it an eight out of ten. 

We are using LogPoint for MSSP. 

The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform.

LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for.

I have been using LogPoint for approximately two months.

LogPoint has had a few bugs, the stability could improve.

We have six people using this solution.

The support is good for LogPoint, they are very responsive.

We did the Azure setup of LogPoint and it was very easy and straightforward. The process took us less than 15 minutes.

When we were evaluating other solutions LogPoint was the least expensive solution in the market.

We evaluated other options and it made sense for us to choose LogPoint because they have both the SIEM and SOAR together.

My recommendation would be for others to try LogPoint out before making a decision, because it's a fairly new company, and you'll want to give them a try before you decide to purchase.

I rate LogPoint a seven out of ten.

There are some bugs that need to be fixed.