Logpoint Reviews

The use case with the business case actually is using LogPoint as a full-blown team system. And actually to orchestrate incident responses.

It's a SIEM system and if you incorporate detection rules and can set alerts, severities, stuff like that. It's the center of a SOC, basically. That's the main use case for it. Of course, it's also sued to fulfill regulatory compliance, which is making a report every week, every day, every month, according to the auditor, what he wants. That's the basic use case.

It improves security. You have more oversight of security incidents and everything that's wrong with the infrastructure you can see in LogPoint if you do it right. You can also document it. You can document the state of your organizational security. If you look at your report, your quarterly or monthly report, it gives you an overview of what's the current status, and then it gives you a delta of the status for the last month. That's actually very, very nice. For a CSO, they can track the improvements. 

The solution's most valuable aspect is the combination of the software and the support that they have. If you use SIEM systems, you always have a problem. You want to onboard an application, yet the logs from that application cannot be understood by the SIEM system. You sometimes have that. If you want to onboard, let's say, a common application to your SIEM system, it usually just works out of the box. However, if you have an exotic application that no one knows, the SIEM system most of the time cannot understand it. But LogPoint offers a translation service. You ship the log files to them and their guys make sure that LogPoint is able to translate it and ingest it. That service is actually really, really nice. And you don't pay for that.

One of the downsides is it is not a SaaS solution. It must be on-premises. It's a downside for the industry as it makes no sense to have just the solution as deployable via on-prem hardware. Nowadays, it must come as a solution that you can deploy in the cloud, either in Google, AWS, or Microsoft. It is possible, however, it's not cloud-native. That's a downside and that's a problem. When you can deploy a SaaS, cloud-native solution, then it's much easier than spinning that thing up with an image and stuff like that. SaaS is easier to manage and there are cost savings involved.

It needs to improve performance. That's somehow something that others do better. They need pure speed. Just speed. How they process data, it's not top-notch. It's just average.

I've been using the solution for half a year or so, about six months.

The solution is pretty stable. However you can crash the system if you did not do the math to calculate the right sizing of the hardware. LogPoint doesn't forgive any undersized storage, memory or compute power.

The support itself was good, however, it was sometimes a bit on the slower side. They were too slow yet the answers were brilliant.

Positive

I'm with another company right now. Those guys where we used LogPoint, yes, they used something else, which was called AlienVault at the time. I'm not even sure if this still exists as AlienVault anymore.

LogPoint comes with a scheme that goes with endpoints, which, if you have an IP that gives logs business, one counts as one. And if you have 100 servers, you pay just for the 100 servers. How much data they log is just, they do not care. You pay for the three endpoints. If you have one server in, let's say Splunk, and it logs one bite a day, you pay almost nothing. And if you have that same server logging one terabyte, you go bankrupt basically since you have to pay so much with something like AlienVault. They switched due to the fact that LogPoint does not care about the data. They just use the endpoint - which is good for security operation centers. 

Another company I worked for used DataDog, which is flexible and cloud-native. They are still with that solution.

The initial setup was straightforward. It was very easy, however, in the beginning, there were some errors and those errors were based on some bugs in the software. It's been worked on and so now it's fixed, however, beyond that, it was pretty straightforward, pretty easy.

You only need one person to do a deployment, however, I recommend three, it depends on your organization You basically need a system administrator that can deploy it. Configuration needs to be done by a security analyst.

There is continued maintenance required. Both of the roles that I just described are needed for maintenance, constant maintenance.

We did the installation ourselves. That said, we had decent training on that. Decent training is necessary and I highly recommended it. You basically cannot do this by yourself with no training. Back in the day, the training we received was facilitated by LogPoint. Nowadays, you can choose big consulting companies as well.

I did see an ROI when using the solution. The company that I work for, which is utilizing LogPoint, was using that as a basis for their SOC. They offered the SOC, the security operation services, to other companies. They generated revenue with that.

The pricing is pretty attractive. If you look, they have of course list prices, which are moderate. However, if you really go to them and say, "Hey, I need a discount and I am a public organization." YOu might be able to get lower prices. For an NGO or a foundation or something they likely offer a discount. They give you a special discount and they give good discounts. Also, if you say, okay, "Hey, your business model doesn't work for me as the break-even is 50 endpoints" they give you a decent discount and they're good.

I've looked into other SIEM solutions. In comparison, LogPoint works better in the European and German markets due to some unique features in data protection, compared to Splunk or some of the others, even Sentinel.

LogPoint is a very good product for mid-sized companies, especially in Europe. However, for big data chunks, big companies that are either in the cloud or not should use a solution like Splunk or an ELK-like elastic search-based SIEM solution due to the speed. 

I am just a customer and end-user.

We use various versions of the solution. The latest version was the one I was using, however, I can't recall the exact version number. 

I'd rate the product eight out of ten.

I'd advise potential new users to make sure that their use cases are designed beforehand. When you do a POC, then you need to have a success factor. People sometimes want to have a SIEM solution and then just look at the dashboard, which is total garbage. You need to know exactly what you want from that solution and if this is determined beforehand, then you can do a POC and then you will understand if the solution can deliver what you need - or not.

On-premises

The primary use case is standard compliance to help the user's ability to navigate PCI DSS compliance or GDPR compliance. Besides that, if a user needs to do the log collection and correlation, the solution makes it easy.

The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their compliance needs by giving them a standard report. I understand that you can't define the custom reporting features, however.

Overall, the platform has a very good dashboard and a nice correlation engine as well.

Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.

I've been reselling the solution for two years.

The solution is quite stable as long as your server and the hardware is supporting it because it is a virtual kind of software solution. So the software depends on the hardware. If your hardware is supporting it, obviously the solution will be stable. Once you install it, you don't have to worry about it.

Scalability wise, if you are expanding the scope of the SSI devices, you just need to add the number of endpoints or number of servers, and licenses. 

We found technical support very good. But to be very honest, we did not come across any major issue as of yet. If there's that something that we cannot solve ourselves completely, then we are totally reliant on them.

We are the resellers for multiple solutions, so we don't only sell LogPoint. It is a solution we pitch to our smaller customers.

The initial setup was straightforward. Usually, we can deploy the solution within three days. We usually take two days and keep an extra day for a buffer, just for fine-tuning some policies and things like that. For a small deployment, one person is enough.

For the first two deployments, we did have help. After that, we did not need it because there is direct support from LogPoint. We can use tickets and get help if necessary.

As long as the solution is working, and you are in compliance with all the internal audit policies, you will see a return on investment. 

The licensing structure is super. It's not like other complex environments. They work on the EPS or MPS, but they also work on a number of devices. It's very straightforward. They have a different pricing structure for the lighter devices, so that makes it a very cost-effective solution.

For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based license. There are separate costs as well, for example, if a customer asks for training for their staff. 

We are a reseller of the solution.

I would recommend the solution. Go with the trial version and evaluate it first, because individual tastes may differ. I'm not the end-user, I'm the reseller. We have managed to meet the customer's requirements for adhering to their compliance or getting the solution onboard to their satisfaction. In the end, however, when an end-user uses the solution, they will ultimately have a clearer idea about the pitfalls or upsides of it.

I would rate the solution eight out of ten.

We use the solution for SIEM and SOAR.

The product is easy to use. It provides unlimited EPS.

Sometimes, the product is not stable.

I have been using the solution for more than five years.

There are some bugs. I think the newer version will not have such issues.

The tool is scalable.

Support is very good.

Neutral

I have used IBM QRadar. One of the main reasons why we switched to Logpoint was cost.

We took a month to deploy the solution.

The product should provide a perpetual license.

We evaluated FortiSIEM. We chose Logpoint because it was technically sound.

Overall, I rate the tool a seven out of ten.

On-premises

It's a product that will get the job done as a simple version of a SIEM or an advanced logger, and the price makes it a very competitive product.

LogPoint is a good logger. It's a product that you can get up and running in a few hours. It's fast.

As LogPoint is fairly new, it is swamped with small and fairly large problems. Most of these are eventually fixed by patches or by manually editing the system.

Also, they need to listen more to the technical users to evolve this to a real SIEM and not "SIEM but different".

Yes. As the product is fairly new, they do have some problems with stability.

The syslog_collector service needs some work.

The ODBC_Fetcher needs a lot of work and they do have other problems.

This is something that LogPoint is good at. It's very modular so it's very forgiving if you have the need to change something.

Customer Service:

This is a HUGE problem. Their customer service is getting better, but sometimes it can take several days before I even got a first reply on a critical error.

Technical Support:

As I worked a lot with them and they are not that many, their technical competence and ways to attack a problem differ greatly. A few have a 7/10 skill and some have a 10/10 skill.

There are no levels of support, and if they can't help, R&D had to get involved.

The common thing they all have is a 3/10 English skill and this is a problem. I'm not saying I'm 10/10, but this made it very difficult and there were many misunderstandings.

We used a different solution, and we switched because of the price.

At first glance, LogPoint is easy to set up. But when you lift the hood, this is where problems start and the learning curve is very steep.

I am a certified LogPoint Technical Specialist, and I had help from colleagues who are also certified, LogPoint support, and the local sales engineer.

Price and licensing are very good and simple, but they have been known to change it.

Yes, we evaluated some of the larger SIEM software solutions.

Even if I bash a lot on LogPoint, I must say that it's a "bang for the buck" product. Yes, they do have a lot of problems, they will paint the landscape as the perfect world, and they will say "Yes" to a lot of questions, some of which may work and some of which may not.

If you understand your needs, if you know the size of your wallet, and talk to someone who knows this product and understands its limitations, this can be a good enough solution for you.

We have certain vendors, and our work is to deploy the SIEM solution.

We like the user and entity behaviour analytics (UEBA) and find it valuable. The interface is also user-friendly and good.

Log management could be better because transporting the log from a password to the client system takes time.

We have been using this solution for six months, and we are using the latest version.

I rate the stability a nine out of ten.

I rate the scalability a nine out of ten. We have over 50,000 people using this solution.

I rate the technical support an eight out of ten.

We didn't use another solution before LogPoint.

I rate the setup an eight out of ten. The solution is deployed on cloud, and it takes a few hours to deploy with a team of five people made up of some engineers.

There is a good ROI monetarily. We have seen approximately a 40% ROI.

I rate the pricing an eight out of ten because it is quite expensive. There are no additional costs that I know of.

I rate this solution a nine out of ten. It is a good product, and while it has complex security, it has many features.

On a high-level, we primarily use the solution for creating security operation centers.

The flexibility of the search feature and the solution's analytics features are the most valuable parts of the solution.

It's also very user-friendly.

The solution should offer more integrations with third-party solutions, like incident response platforms, or allow access to third-party big data.

I have been reselling the solution for one year.

The solution is stable.

The solution is scalable.

The initial setup is straightforward. Deployment takes about one month, but it depends on the scope of the project.

We are a reseller, so we recommend a variety of solutions, including this one, to our clients.

I really like the solution's licensing model. It's very useful.

I would rate this solution eight out of ten. I would recommend it to others.

I primarily use Logpoint for logging and log storage. It is a SIEM product that I utilize for security event management, involving the ingestion of security events.

Logpoint provides the same functionalities as other SIEM products, with a focus on the correlation of multiple events. It effectively facilitates logging and log storage and assists in security event management by ingesting security events.

Logpoint needs to be cloud-native, as currently, it is not. Additionally, there should be compliance mapping, where the features and actions within Logpoint map to security compliance standards.

I have worked with Logpoint for three or four years.

I would rate the stability of Logpoint as a six out of ten. I have received reports indicating glitches and downtimes with Logpoint.

I rate the scalability eight out of ten. Logpoint is scalable and capable of expanding.

The technical support for Logpoint is very good, and I would rate it as nine out of ten. I've experienced satisfactory response times and quality, though the implementation of requested features could be improved.

Positive

I'm not very knowledgeable about the setup process, but I suppose it requires expertise and is not very straightforward.

I rate the pricing at eight, suggesting it's relatively good or affordable.

Logpoint's competitors include Microsoft Sentinel. My preference between Logpoint and Sentinel depends on price and interoperability; however, I lean towards Sentinel.

While I am working closely with Logpoint and could be considered a partner, I advise that improving cloud-native capabilities and introducing compliance mapping would enhance the product. Overall, I rate Logpoint as a seven out of ten.

On-premises