It monitors the users as well as the endpoints and provides data for that. It basically studies the activities, tries to understand the activities, and then does a little bit baseline for that. It then monitors the user or the endpoint to see if there is any deviation. If there is any deviation, it triggers an alarm.
A solid, dependable, and well-recognized SIEM tool with excellent support
Pros and Cons
- "It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline."
- "In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved."
What is our primary use case?
What is most valuable?
It is an AI technology because it is using machine learning technology. So far, there is nothing better out there for UEBA in terms of monitoring endpoints and user activity. It is using machine learning language, so it is right at the top. It provides that capability and monitors all the activities. It devises a baseline and monitors if there is any deviation from the baseline.
What needs improvement?
In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved.
For how long have I used the solution?
We installed it on our system about six months ago. We also integrated UEBA with it.
Buyer's Guide
Logpoint
November 2024
Learn what your peers think about Logpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is very stable. It is recognized by Gartner in the Quad evaluation of SIEM tools. They are a strong player, and their product is very solid and stable.
What do I think about the scalability of the solution?
It is being used by 150 people in three different locations in two states.
How are customer service and support?
They have excellent tech support. That's the whole thing. Even though their documentation is lacking, their tech support is excellent.
Which solution did I use previously and why did I switch?
We didn't use any. We didn't have any in place.
How was the initial setup?
Setting up a SIEM tool is never easy. It is very complex because of the components that are involved. You have to onboard all the devices that will be communicating with the tool. It is tedious. You need to get it right. That's the whole strategy.
For its maintenance, we have a two-man IT department, which includes me and somebody else.
What other advice do I have?
It is highly recommended. It is a solid SIEM tool. It is very dependable and well-recognized. In terms of functionality, the queries work in the same way as Splunk. The only drawback is they are predominantly a European provider. Their headquarter is in Denmark and not in the US. Most of their market is in the European Union, but nonetheless, their customer service is excellent. You can get answers to any issue or question that you have related to the implementation right away.
The learning curve is kind of on the medium side, and you need somebody on a full-time basis for UEBA.
I would rate LogPoint a nine out of 10. It only needs better documentation.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager Pre-sales Information Security at a tech services company with 201-500 employees
Excellent reporting features and a good dashboard
Pros and Cons
- "The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report."
- "Nowadays the trend is going towards the ransomware and the endpoint detection and response. So if they added something for that, that will be very, very good."
What is our primary use case?
The primary use case is standard compliance to help the user's ability to navigate PCI DSS compliance or GDPR compliance. Besides that, if a user needs to do the log collection and correlation, the solution makes it easy.
How has it helped my organization?
The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report. I understand that you can't define the custom reporting features, however.
What is most valuable?
Overall, the platform has a very good dashboard and a nice correlation engine as well.
What needs improvement?
Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.
For how long have I used the solution?
I've been reselling the solution for two years.
What do I think about the stability of the solution?
The solution is quite stable as long as your server and the hardware is supporting it because it is a virtual kind of software solution. So the software depends on the hardware. If your hardware is supporting it, obviously the solution will be stable. Once you install it, you don't have to worry about it.
What do I think about the scalability of the solution?
Scalability wise, if you are expanding the scope of the SSI devices, you just need to add the number of endpoints or number of servers, and licenses.
How are customer service and technical support?
We found technical support very good. But to be very honest, we did not come across any major issue as of yet. If there's that something that we cannot solve ourselves completely, then we are totally reliant on them.
Which solution did I use previously and why did I switch?
We are the resellers for multiple solutions, so we don't only sell LogPoint. It is a solution we pitch to our smaller customers.
How was the initial setup?
The initial setup was straightforward. Usually, we can deploy the solution within three days. We usually take two days and keep an extra day for a buffer, just for fine-tuning some policies and things like that. For a small deployment, one person is enough.
What about the implementation team?
For the first two deployments, we did have help. After that, we did not need it because there is direct support from LogPoint. We can use tickets and get help if necessary.
What was our ROI?
As long as the solution is working, and you are in compliance with all the internal audit policies, you will see a return on investment.
What's my experience with pricing, setup cost, and licensing?
The licensing structure is super. It's not like other complex environments. They work on the EPS or MPS, but they also work on a number of devices. It's very straightforward. They have a different pricing structure for the lighter devices, so that makes it a very cost-effective solution.
For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based license. There are separate costs as well, for example, if a customer asks for training for their staff.
What other advice do I have?
We are a reseller of the solution.
I would recommend the solution. Go with the trial version and evaluate it first, because individual tastes may differ. I'm not the end-user, I'm the reseller. We have managed to meet the customer's requirements for adhering to their compliance or getting the solution onboard to their satisfaction. In the end, however, when an end-user uses the solution, they will ultimately have a clearer idea about the pitfalls or upsides of it.
I would rate the solution eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Buyer's Guide
Logpoint
November 2024
Learn what your peers think about Logpoint. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Account Manager at a computer software company with 11-50 employees
Good billing model, representatives respond quickly, and fair to our customers
Pros and Cons
- "They basically charge you in a better way."
- "The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness."
What is our primary use case?
We do SMB and schools, K through 12.
We have a storage cloud and cloud-based Cisco voiceover IP cloud services that we offer, as well as on-premise-based for those who still prefer that.
What is most valuable?
They basically charge you in a better way. Instead of starting to charge you more as you do more data, it is based on the different data modules that you had or items you were monitoring.
It wasn't as if the flow increases a lot then you could kill, like some other products when you start using it more. It's nice at first and then it gets more expensive. This product was a little bit better on that, on adding users.
What needs improvement?
It wasn't one of the products we stressed for our customers just because it was a higher-end service. Our customers were not happy with firewalling and the endpoint antivirus. It needed 24-hour management. Many of our customers don't need that because they are a small-medium business.
The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness.
It's pretty expensive. It's harder to make an impact and get changes as you might need it quickly or address the price issue.
It's a company owned by one person, and they were pretty solid on leaving the pricing the same. They are a little bit inflexible. That's how we felt with us not really specializing in that as much as other products we work with.
They're from Denmark and a lot of their staff is there. They have a real skeleton crew here.
We just switched over from LogPoint to IBM's QRadar as the SIM engine.
How are customer service and technical support?
We liked the local rep that we had, but he was spread a little bit thin between New York, Connecticut, and Boston.
He could get back to us relatively quickly if we had some feedback, but it's not like they had a lot of feet on the street in the U.S. It's a burgeoning market that they were trying to get into more.
What's my experience with pricing, setup cost, and licensing?
LogPoint seemed like it was a good product, but it was expensive and there wasn't any room to move the pricing when customers needed a lower-costing solution.
Which other solutions did I evaluate?
We have our own cloud offering. We are always keeping an eye on what's out there to know what else we can offer to our clients. Things like AWS and Azure would not work in our favor because they're so big.
It keeps me aware of what's up and coming, and I share that information with our engineering staff so that they could either incorporate some of the features into what we have, or if there's any kind of partnership, and is it just a matter of something we should offer.
What other advice do I have?
We do a combination of MSP and VAR services. We're a hybrid between the two. We are not a pure MSP.
People don't seem to like having to pay a monthly fee whether or not people end up showing up or helping. We try to offer it as an "if you need it" basis, we can do it, but we don't have to charge you.
We can sell them a bundle of hours, and that way they only use them when they need them, which is pretty popular with many of our clients, especially small to mid-size companies.
We'll do a combination of, for instance, Sentinel One and Point Antivirus, which is an MSP service. It has 24-hour-a-day monitoring if they want.
If they don't want that, we could do more of a typical kind of a semantic or any one of a number of Point Antiviruses that they want.
We also have a Secure SIEM, it's our own product, www. securesiem.com. If they want to have a managed SIEM service,
We also have, for those that have next-generation firewalls, we have a product called securengf.com. That basically shores up their next-generation firewall with our managed services. We use a help desk that lets them have 24-hour responsiveness to any issues instead of just having the firewall and having to go to look online.
This will be somebody monitoring the firewall to make sure there are no breaches.
If somebody needs wireless Wi-Fi, WLAN type of services, we can help them improve their signal strength and location of their access points.
We're using QRadar as the engine. We are working as a partner with them to have our service use QRadar to achieve the best results for our customers. I believe we use some of their services of the monitoring itself.
I would rate LogPoint an eight out of ten, because the technology seemed to be fairer to the customers, even with all the issues that I have indicated.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager deputy head at a tech services company with 51-200 employees
Scalable platform with good support services
Pros and Cons
- "The main advantage of Logpoint is the support service. They reply within ten minutes to an hour to our queries."
- "It is complicated to collect daily logs from other systems."
What is our primary use case?
Logpoint works as a SIEM system. It provides SOAR functionality as well. It helps clients with users' endpoint behavior analysis.
What is most valuable?
The product's pricing is based on the number of devices instead of the Event Per Second model like other competitors. It has in-built SOAR functionality; we don't buy a separate solution. The main advantage of Logpoint is the support service. They reply within ten minutes to an hour to our queries. They provide free-of-cost service for routing and other processes, whereas other vendors charge extra costs for it.
What needs improvement?
We encounter difficulties for the product's micro deployment regarding integration with other systems. It is complicated to collect daily logs from other systems like QRadar and LogRhythm. Our customers are unable to install agents on the endpoint to send the logs.
For how long have I used the solution?
We have been reselling Logpoint for more than five years. At present, we are providing the latest version.
What do I think about the stability of the solution?
I rate Logpoint's stability an eight. We face disruptions while collecting insights.
What do I think about the scalability of the solution?
It is a very modular system. We can quickly scale it horizontally and vertically. It has high availability. Around 70% of customers for the product are small businesses.
How was the initial setup?
The product is straightforward to install as we already have a system snapshot. We downloaded the VMware template and changed the server's admin passwords, time zone, and hostname. It requires an hour to complete. I rate the process a ten out of ten.
What's my experience with pricing, setup cost, and licensing?
Logpoint's pricing is mid-ranged and depends on the number of devices. There are extra costs included if you want to buy additional modules. Also, you can purchase a subscription for 24/7 support services apart from standard 12-hour support services.
Which other solutions did I evaluate?
LogPoint should provide comprehensive comparison tables similar to QRadar. It shows very general insights.
What other advice do I have?
I rate Logpoint an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
CCO at Oduma Solutions Ltd
Responsive support, all in one platform, but dashboard lacking customization
Pros and Cons
- "The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform."
- "LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for."
What is our primary use case?
We are using LogPoint for MSSP.
What is most valuable?
The most valuable feature of LogPoint is that they have the SIEM and SOAR combined in one solution. They are not on a separate platform.
What needs improvement?
LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for.
For how long have I used the solution?
I have been using LogPoint for approximately two months.
What do I think about the stability of the solution?
LogPoint has had a few bugs, the stability could improve.
What do I think about the scalability of the solution?
We have six people using this solution.
How are customer service and support?
The support is good for LogPoint, they are very responsive.
How was the initial setup?
We did the Azure setup of LogPoint and it was very easy and straightforward. The process took us less than 15 minutes.
What's my experience with pricing, setup cost, and licensing?
When we were evaluating other solutions LogPoint was the least expensive solution in the market.
Which other solutions did I evaluate?
We evaluated other options and it made sense for us to choose LogPoint because they have both the SIEM and SOAR together.
What other advice do I have?
My recommendation would be for others to try LogPoint out before making a decision, because it's a fairly new company, and you'll want to give them a try before you decide to purchase.
I rate LogPoint a seven out of ten.
There are some bugs that need to be fixed.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO at a tech consulting company with 1-10 employees
Improves security, offers insightful technical support, and has attractive pricing
Pros and Cons
- "The solution's most valuable aspect is the combination of the software and the support that they have."
- "One of the downsides is it is not a SaaS solution. It must be on-premises."
What is our primary use case?
The use case with the business case actually is using LogPoint as a full-blown team system. And actually to orchestrate incident responses.
It's a SIEM system and if you incorporate detection rules and can set alerts, severities, stuff like that. It's the center of a SOC, basically. That's the main use case for it. Of course, it's also sued to fulfill regulatory compliance, which is making a report every week, every day, every month, according to the auditor, what he wants. That's the basic use case.
How has it helped my organization?
It improves security. You have more oversight of security incidents and everything that's wrong with the infrastructure you can see in LogPoint if you do it right. You can also document it. You can document the state of your organizational security. If you look at your report, your quarterly or monthly report, it gives you an overview of what's the current status, and then it gives you a delta of the status for the last month. That's actually very, very nice. For a CSO, they can track the improvements.
What is most valuable?
The solution's most valuable aspect is the combination of the software and the support that they have. If you use SIEM systems, you always have a problem. You want to onboard an application, yet the logs from that application cannot be understood by the SIEM system. You sometimes have that. If you want to onboard, let's say, a common application to your SIEM system, it usually just works out of the box. However, if you have an exotic application that no one knows, the SIEM system most of the time cannot understand it. But LogPoint offers a translation service. You ship the log files to them and their guys make sure that LogPoint is able to translate it and ingest it. That service is actually really, really nice. And you don't pay for that.
What needs improvement?
One of the downsides is it is not a SaaS solution. It must be on-premises. It's a downside for the industry as it makes no sense to have just the solution as deployable via on-prem hardware. Nowadays, it must come as a solution that you can deploy in the cloud, either in Google, AWS, or Microsoft. It is possible, however, it's not cloud-native. That's a downside and that's a problem. When you can deploy a SaaS, cloud-native solution, then it's much easier than spinning that thing up with an image and stuff like that. SaaS is easier to manage and there are cost savings involved.
It needs to improve performance. That's somehow something that others do better. They need pure speed. Just speed. How they process data, it's not top-notch. It's just average.
For how long have I used the solution?
I've been using the solution for half a year or so, about six months.
What do I think about the stability of the solution?
The solution is pretty stable. However you can crash the system if you did not do the math to calculate the right sizing of the hardware. LogPoint doesn't forgive any undersized storage, memory or compute power.
How are customer service and support?
The support itself was good, however, it was sometimes a bit on the slower side. They were too slow yet the answers were brilliant.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I'm with another company right now. Those guys where we used LogPoint, yes, they used something else, which was called AlienVault at the time. I'm not even sure if this still exists as AlienVault anymore.
LogPoint comes with a scheme that goes with endpoints, which, if you have an IP that gives logs business, one counts as one. And if you have 100 servers, you pay just for the 100 servers. How much data they log is just, they do not care. You pay for the three endpoints. If you have one server in, let's say Splunk, and it logs one bite a day, you pay almost nothing. And if you have that same server logging one terabyte, you go bankrupt basically since you have to pay so much with something like AlienVault. They switched due to the fact that LogPoint does not care about the data. They just use the endpoint - which is good for security operation centers.
Another company I worked for used DataDog, which is flexible and cloud-native. They are still with that solution.
How was the initial setup?
The initial setup was straightforward. It was very easy, however, in the beginning, there were some errors and those errors were based on some bugs in the software. It's been worked on and so now it's fixed, however, beyond that, it was pretty straightforward, pretty easy.
You only need one person to do a deployment, however, I recommend three, it depends on your organization You basically need a system administrator that can deploy it. Configuration needs to be done by a security analyst.
There is continued maintenance required. Both of the roles that I just described are needed for maintenance, constant maintenance.
What about the implementation team?
We did the installation ourselves. That said, we had decent training on that. Decent training is necessary and I highly recommended it. You basically cannot do this by yourself with no training. Back in the day, the training we received was facilitated by LogPoint. Nowadays, you can choose big consulting companies as well.
What was our ROI?
I did see an ROI when using the solution. The company that I work for, which is utilizing LogPoint, was using that as a basis for their SOC. They offered the SOC, the security operation services, to other companies. They generated revenue with that.
What's my experience with pricing, setup cost, and licensing?
The pricing is pretty attractive. If you look, they have of course list prices, which are moderate. However, if you really go to them and say, "Hey, I need a discount and I am a public organization." YOu might be able to get lower prices. For an NGO or a foundation or something they likely offer a discount. They give you a special discount and they give good discounts. Also, if you say, okay, "Hey, your business model doesn't work for me as the break-even is 50 endpoints" they give you a decent discount and they're good.
Which other solutions did I evaluate?
I've looked into other SIEM solutions. In comparison, LogPoint works better in the European and German markets due to some unique features in data protection, compared to Splunk or some of the others, even Sentinel.
LogPoint is a very good product for mid-sized companies, especially in Europe. However, for big data chunks, big companies that are either in the cloud or not should use a solution like Splunk or an ELK-like elastic search-based SIEM solution due to the speed.
What other advice do I have?
I am just a customer and end-user.
We use various versions of the solution. The latest version was the one I was using, however, I can't recall the exact version number.
I'd rate the product eight out of ten.
I'd advise potential new users to make sure that their use cases are designed beforehand. When you do a POC, then you need to have a success factor. People sometimes want to have a SIEM solution and then just look at the dashboard, which is total garbage. You need to know exactly what you want from that solution and if this is determined beforehand, then you can do a POC and then you will understand if the solution can deliver what you need - or not.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Stable, with good reporting and technical support
Pros and Cons
- "The most valuable features are the ones that we use the most, which are the search and report facilities."
- "I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products."
What is most valuable?
The most valuable features are the ones that we use the most, which are the search and report facilities.
What needs improvement?
There is room for improvement on both our side and on the side of LogPoint.
We could improve on what we decided to put into LogPoint for it to work on and LogPoint Is improving with its addition of the MITRE ATT&CK framework.
I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products.
If there were one price that you paid and that included all of the features, instead of having to pay a bit more to get advanced features. It would make things simpler when you purchase.
For how long have I used the solution?
I have been using LogPoint for approximately six years.
We're currently migrating from version 6.6 to 6.9.
What do I think about the stability of the solution?
It's a stable solution.
What do I think about the scalability of the solution?
It's a scalable solution. We can add more LogPoint boxes, repositories, and sources.
We have 20 or 30 people who are using the information from it, in our organization.
How are customer service and technical support?
Technical support is very good.
Which solution did I use previously and why did I switch?
We used to use LogRhythm.
We made a significant investment in LogRhythm, and it didn't cope with the size of our estate, so we decided to go elsewhere.
How was the initial setup?
The initial setup was quite straightforward.
It took us a couple of weeks to set up all of the log sources and to configure them.
To maintain this solution it's one person and half their time to work on it.
What about the implementation team?
The implementation was very good from our point of view, but we had one of the top people come out and install it with us.
I think we were the first local authority and the council in the country to touch the LogPoint.
They came out and made sure that it was installed properly and that it worked properly with us, which I'm not sure everybody would get.
What's my experience with pricing, setup cost, and licensing?
It's getting more expensive, which is one of the reasons we're looking around just to see if there's anything better value. It's still good, but it's I think it's becoming more expensive.
Which other solutions did I evaluate?
We are looking to see what else may be available. There might be something better that we are not aware of yet.
What other advice do I have?
I would say that it's a good product. It's very stable, and the support is very good. We use it a lot.
As I say, I'm looking to see whether or not it's still the product that we should be using or whether there's something out there now.
I would rate LogPoint an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Business Unit Head (Cyber Security Department) at Astral Computers Nepal Pvt Ltd
The product is easy to use and provides good technical support, but sometimes, it is not stable
Pros and Cons
- "The product is easy to use."
- "Sometimes, the product is not stable."
What is our primary use case?
We use the solution for SIEM and SOAR.
What is most valuable?
The product is easy to use. It provides unlimited EPS.
What needs improvement?
Sometimes, the product is not stable.
For how long have I used the solution?
I have been using the solution for more than five years.
What do I think about the stability of the solution?
There are some bugs. I think the newer version will not have such issues.
What do I think about the scalability of the solution?
The tool is scalable.
How are customer service and support?
Support is very good.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have used IBM QRadar. One of the main reasons why we switched to Logpoint was cost.
How was the initial setup?
We took a month to deploy the solution.
What's my experience with pricing, setup cost, and licensing?
The product should provide a perpetual license.
Which other solutions did I evaluate?
We evaluated FortiSIEM. We chose Logpoint because it was technically sound.
What other advice do I have?
Overall, I rate the tool a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Logpoint Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Security Information and Event Management (SIEM) Log Management User Entity Behavior Analytics (UEBA) Endpoint Detection and Response (EDR) Security Orchestration Automation and Response (SOAR)Popular Comparisons
Wazuh
Splunk Enterprise Security
Microsoft Sentinel
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Sumo Logic Security
Rapid7 InsightIDR
Fortinet FortiSIEM
AlienVault OSSIM
USM Anywhere
Exabeam
ArcSight Enterprise Security Manager (ESM)
Sentinel
SolarWinds Security Event Manager
Buyer's Guide
Download our free Logpoint Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region