Logpoint Reviews

We're a health care organization and we had a specific case where LogPoint was able to help develop a special collector for an earlier version of our storage system, where we had issues with migration. Some files were missing when we migrated to the new system, and we had trouble finding out why. LogPoint was very helpful in designing some drivers which could collect the log data, so we could identify the problem. We're customers of LogPoint and I'm a security consultant.

The most valuable features for us have been the log collection, dashboards, and reporting.

My issues with the product are mainly with regard to how it handles collecting logs. I'm currently thinking about implementing a new lever feature.

Additional features I'd like to see would be standard help features in developing dashboards and reports, and some of the alerts you can setup.

I've been using this solution for 10 years. 

This is a stable solution. 

This is a scalable solution and we're currently expanding. We have 10 users but hoping to expand to 100. 

The technical support is comprehensive, but you have the same issues as every company that uses India as a support center. 

I believe the initial setup was straightforward but there have been some issues with some of the vendors we are using such as Dell EMC Isilon storage systems. They have a very cool setup for sending logs to a log management system.

I would advise people to be aware of their needs, and test some specific use cases, so that you get the benefits from the start, because you don't gain anything out of a SIEM system, if you don't have the right amount of data, from the right sources.

I would rate this product an eight out of 10. I'm Danish so nobody gets a 10! There's always room for improvement. 

We use LogPoint for log collection. We have a specific use case around a system that was not able to provide this kind of correlation. However, we are going to get rid of the legacy platform within the year and will be moving away from LogPoint.

The most valuable feature is the log creating according to specific rules.

LogPoint is complex and we don't have the skills to maintain use cases or even to extend the use cases. Because of this, we are unable to take advantage of the SIEM platform. We need something more self-running, hosted, and automatically recognizes problems the way the AI platforms are providing.

The interface needs things like wizards that will assist with creating complex correlation rules.

The platform is very resource-demanding, although this is typical of SIEM solutions.

We have been using LogPoint for three or four years.

We did have problems with stability in the past and we had one ticket that was open for a couple of months. It was due to their platform having trouble reading sources coming from different kinds of services.

We are using LogPoint on a very small scale. I did some complex reports and it was working but it needed a lot of memory on the local server.

We have about 150 employees and there are two or three operators.

Technical support is responsive and very friendly. We have no issues with that.

I have a lot of experience with Splunk, Radar, ArcSight, and the EMC platform. All of them consume a lot of system resources.

We did not use another SIEM solution in-house prior to LogPoint, although we did do some management using Rapid7 technology.

The initial setup was complex.

Our licensing fees are about $10,000 USD per month, which I think is fair. The licensing fees include product enhancements, support, and it satisfies some mandatory regulatory aspects that we need to fulfill. We are also not taking full advantage of the capabilities, such as advanced analytics.

If we wanted to take full advantage of the capabilities then we would need to invest between $20,000 and $50,000 in consulting fees.

LogPoint was selected before I was in this position, so I was not part of the process. My understanding is that several products were considered but LogPoint was chosen because the price of the license was attractive.

At this point, we are thinking about moving to Darktrace.

We are moving away from this solution and are looking for something automated, like Darktrace.

My advice for anybody who is implementing this solution is to first have a very clear understanding of the use cases, what you want to use it for, and what you want to report. 

Don't be afraid to look for a cloud-based solution, especially when it comes to SIEM products. It removes a lot of trouble related to internal servers and the complexity of accessing the SIEM from outside. If you have to implement your own MSA then I would suggest reconsidering any case of using an internal SIEM. Especially for smaller companies, this will provide much more value.

I would rate this solution a seven out of ten.

We use the solution for SIEM and SOAR.

The product is easy to use. It provides unlimited EPS.

Sometimes, the product is not stable.

I have been using the solution for more than five years.

There are some bugs. I think the newer version will not have such issues.

The tool is scalable.

Support is very good.

Neutral

I have used IBM QRadar. One of the main reasons why we switched to Logpoint was cost.

We took a month to deploy the solution.

The product should provide a perpetual license.

We evaluated FortiSIEM. We chose Logpoint because it was technically sound.

Overall, I rate the tool a seven out of ten.

On a high-level, we primarily use the solution for creating security operation centers.

The flexibility of the search feature and the solution's analytics features are the most valuable parts of the solution.

It's also very user-friendly.

The solution should offer more integrations with third-party solutions, like incident response platforms, or allow access to third-party big data.

The solution is stable.

The solution is scalable.

The initial setup is straightforward. Deployment takes about one month, but it depends on the scope of the project.

We are a reseller, so we recommend a variety of solutions, including this one, to our clients.

I really like the solution's licensing model. It's very useful.

I would rate this solution eight out of ten. I would recommend it to others.

The primary use case is standard compliance to help the user's ability to navigate PCI DSS compliance or GDPR compliance. Besides that, if a user needs to do the log collection and correlation, the solution makes it easy.

The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report. I understand that you can't define the custom reporting features, however.

Overall, the platform has a very good dashboard and a nice correlation engine as well.

Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.

The solution is quite stable as long as your server and the hardware is supporting it because it is a virtual kind of software solution. So the software depends on the hardware. If your hardware is supporting it, obviously the solution will be stable. Once you install it, you don't have to worry about it.

Scalability wise, if you are expanding the scope of the SSI devices, you just need to add the number of endpoints or number of servers, and licenses. 

We found technical support very good. But to be very honest, we did not come across any major issue as of yet. If there's that something that we cannot solve ourselves completely, then we are totally reliant on them.

We are the resellers for multiple solutions, so we don't only sell LogPoint. It is a solution we pitch to our smaller customers.

The initial setup was straightforward. Usually, we can deploy the solution within three days. We usually take two days and keep an extra day for a buffer, just for fine-tuning some policies and things like that. For a small deployment, one person is enough.

For the first two deployments, we did have help. After that, we did not need it because there is direct support from LogPoint. We can use tickets and get help if necessary.

As long as the solution is working, and you are in compliance with all the internal audit policies, you will see a return on investment. 

The licensing structure is super. It's not like other complex environments. They work on the EPS or MPS, but they also work on a number of devices. It's very straightforward. They have a different pricing structure for the lighter devices, so that makes it a very cost-effective solution.

For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based license. There are separate costs as well, for example, if a customer asks for training for their staff. 

We are a reseller of the solution.

I would recommend the solution. Go with the trial version and evaluate it first, because individual tastes may differ. I'm not the end-user, I'm the reseller. We have managed to meet the customer's requirements for adhering to their compliance or getting the solution onboard to their satisfaction. In the end, however, when an end-user uses the solution, they will ultimately have a clearer idea about the pitfalls or upsides of it.

I would rate the solution eight out of ten.

It's a product that will get the job done as a simple version of a SIEM or an advanced logger, and the price makes it a very competitive product.

LogPoint is a good logger. It's a product that you can get up and running in a few hours. It's fast.

As LogPoint is fairly new, it is swamped with small and fairly large problems. Most of these are eventually fixed by patches or by manually editing the system.

Also, they need to listen more to the technical users to evolve this to a real SIEM and not "SIEM but different".

Yes. As the product is fairly new, they do have some problems with stability.

The syslog_collector service needs some work.

The ODBC_Fetcher needs a lot of work and they do have other problems.

This is something that LogPoint is good at. It's very modular so it's very forgiving if you have the need to change something.

Customer Service:

This is a HUGE problem. Their customer service is getting better, but sometimes it can take several days before I even got a first reply on a critical error.

Technical Support:

As I worked a lot with them and they are not that many, their technical competence and ways to attack a problem differ greatly. A few have a 7/10 skill and some have a 10/10 skill.

There are no levels of support, and if they can't help, R&D had to get involved.

The common thing they all have is a 3/10 English skill and this is a problem. I'm not saying I'm 10/10, but this made it very difficult and there were many misunderstandings.

We used a different solution, and we switched because of the price.

At first glance, LogPoint is easy to set up. But when you lift the hood, this is where problems start and the learning curve is very steep.

I am a certified LogPoint Technical Specialist, and I had help from colleagues who are also certified, LogPoint support, and the local sales engineer.

Price and licensing are very good and simple, but they have been known to change it.

Yes, we evaluated some of the larger SIEM software solutions.

Even if I bash a lot on LogPoint, I must say that it's a "bang for the buck" product. Yes, they do have a lot of problems, they will paint the landscape as the perfect world, and they will say "Yes" to a lot of questions, some of which may work and some of which may not.

If you understand your needs, if you know the size of your wallet, and talk to someone who knows this product and understands its limitations, this can be a good enough solution for you.

We have certain vendors, and our work is to deploy the SIEM solution.

We like the user and entity behaviour analytics (UEBA) and find it valuable. The interface is also user-friendly and good.

Log management could be better because transporting the log from a password to the client system takes time.

We have been using this solution for six months, and we are using the latest version.

I rate the stability a nine out of ten.

I rate the scalability a nine out of ten. We have over 50,000 people using this solution.

I rate the technical support an eight out of ten.

We didn't use another solution before LogPoint.

I rate the setup an eight out of ten. The solution is deployed on cloud, and it takes a few hours to deploy with a team of five people made up of some engineers.

There is a good ROI monetarily. We have seen approximately a 40% ROI.

I rate the pricing an eight out of ten because it is quite expensive. There are no additional costs that I know of.

I rate this solution a nine out of ten. It is a good product, and while it has complex security, it has many features.