The documentation part is something that needs to be improved, as well as the threat intelligence investigation part. Logpoint has a kind of site to describe what kinds of threats they are investigating. But that, I think, maybe Logpoint can improve more. The threat investigations and reporting to the end-users can be improved. Logpoint can also come up with IR [incident response] capabilities. Other important SIEM solutions have some IR services. If I am an MSSP working with LogPoint for SIEM/SOAR solutions and I need immediate support, I should be able to get some support. It can be paid support, like SecureWorks, which has those kinds of functionalities. They will immediately get in and start working on helping us identify the threats, isolate them, and give us remedies to take care of and recover from any kind of attacks. Whereas in LogPoint, that functionality is missing. We will be on our own if something happens. We will get other support from them, but there's no paid support before taking ownership and helping us recover from those kinds of attacks. They have a kind of integration for AI, but the incident response capability is what they should improve.
Security Engineer at a tech services company with 51-200 employees
Reseller
Top 20
2023-07-31T15:01:00Z
Jul 31, 2023
We encounter difficulties for the product's micro deployment regarding integration with other systems. It is complicated to collect daily logs from other systems like QRadar and LogRhythm. Our customers are unable to install agents on the endpoint to send the logs.
Senior Information Security Specialist at Growth Arbor
Real User
Top 20
2023-05-02T08:10:00Z
May 2, 2023
The solution must improve its agent installation method, in which we must manually update IP addresses and codes. Most of our employees must install agents to integrate their systems into LogPoint. LogPoint must find a way to integrate the servers without agents. The solution must improve its user and installation guides so anyone with basic knowledge can install and configure it.
Project Manager at a comms service provider with 51-200 employees
Real User
Top 20
2023-03-15T12:57:16Z
Mar 15, 2023
We only did a first-level integration. We had to identify all alerts and fine-tune them, but we couldn't see what was happening in our information system. We were missing visuals and graphics. Recently, a new version seems to have come out, and it has a new graphical user interface. When I was integrating it, it was usable, but the GUI needed improvement.
SOC Analyst at a comms service provider with 201-500 employees
Real User
Top 10
2022-11-15T17:46:17Z
Nov 15, 2022
What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated. For example, it lacks color. IBM QRadar and LogRhythm have better UI than LogPoint. The solution needs a custom dashboard feature to make it better. LogPoint also needs to improve its network hierarchy diagram. You can't create the whole network diagram if you have the entire subnet system of your server form or your DMZs. This means that in LogPoint, it's pretty difficult to visualize the network hierarchy diagrams, so this is another area for improvement in the solution. Handling multiple types of logs also has room for improvement in LogPoint. Sometimes, it discards logs, and it has difficulty processing various logs. An additional feature I'd like the product to have in its next release is the multiple log processing feature.
One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues. A challenge for every SIEM platform is when new series or devices are coming on the market, you need time to implement, but we are not facing this issue because this system is going to be decommissioned. We are not looking for enhancement or integrations. In general, if customers are looking for new things, there could be much more with advanced threat diagnostics, AE based. There are a lot of features that the next-generation SIEM tools can have, such as automated remediation technologies. There's a whole list of features that you can think about, but in our case, we're not looking for that. We were not using it as a cybersecurity SIEM project. It was much more from a compliance reporting perspective.
LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for.
CEO at a tech consulting company with 1-10 employees
Real User
2022-05-16T21:06:00Z
May 16, 2022
One of the downsides is it is not a SaaS solution. It must be on-premises. It's a downside for the industry as it makes no sense to have just the solution as deployable via on-prem hardware. Nowadays, it must come as a solution that you can deploy in the cloud, either in Google, AWS, or Microsoft. It is possible, however, it's not cloud-native. That's a downside and that's a problem. When you can deploy a SaaS, cloud-native solution, then it's much easier than spinning that thing up with an image and stuff like that. SaaS is easier to manage and there are cost savings involved. It needs to improve performance. That's somehow something that others do better. They need pure speed. Just speed. How they process data, it's not top-notch. It's just average.
Chief Infrastructure & Security Office at a financial services firm with 51-200 employees
Real User
2021-12-08T17:55:00Z
Dec 8, 2021
The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast. Its reporting could be significantly improved. They have very good reports, but the ability to create ad-hoc reports can be improved significantly.
Account Manager at a computer software company with 11-50 employees
Reseller
2021-02-04T07:30:37Z
Feb 4, 2021
It wasn't one of the products we stressed for our customers just because it was a higher-end service. Our customers were not happy with firewalling and the endpoint antivirus. It needed 24-hour management. Many of our customers don't need that because they are a small-medium business. The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness. It's pretty expensive. It's harder to make an impact and get changes as you might need it quickly or address the price issue. It's a company owned by one person, and they were pretty solid on leaving the pricing the same. They are a little bit inflexible. That's how we felt with us not really specializing in that as much as other products we work with. They're from Denmark and a lot of their staff is there. They have a real skeleton crew here. We just switched over from LogPoint to IBM's QRadar as the SIM engine.
ICT Project Manager at a government with 5,001-10,000 employees
Real User
2021-01-06T21:39:16Z
Jan 6, 2021
There is room for improvement on both our side and on the side of LogPoint. We could improve on what we decided to put into LogPoint for it to work on and LogPoint Is improving with its addition of the MITRE ATT&CK framework. I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products. If there were one price that you paid and that included all of the features, instead of having to pay a bit more to get advanced features. It would make things simpler when you purchase.
Security Consultant at a government with 10,001+ employees
Consultant
2020-06-04T09:41:21Z
Jun 4, 2020
My issues with the product are mainly with regard to how it handles collecting logs. I'm currently thinking about implementing a new lever feature. Additional features I'd like to see would be standard help features in developing dashboards and reports, and some of the alerts you can setup.
LogPoint is complex and we don't have the skills to maintain use cases or even to extend the use cases. Because of this, we are unable to take advantage of the SIEM platform. We need something more self-running, hosted, and automatically recognizes problems the way the AI platforms are providing. The interface needs things like wizards that will assist with creating complex correlation rules. The platform is very resource-demanding, although this is typical of SIEM solutions.
Manager Pre-sales Information Security at VAM Systems Inc.
Real User
2019-08-04T07:38:00Z
Aug 4, 2019
Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.
Logpoint is a cutting-edge security information and event management (SIEM) solution that is designed to be intuitive and flexible enough to be used by an array of different businesses. It is capable of expanding according to its users' needs.
Benefits of Logpoint
Some of the benefits of using Logpoint include:
Unifies data logs: Logpoint creates a single system of classification for collected data. It makes it easy for users to search for and find data, which aids users when they are...
The documentation part is something that needs to be improved, as well as the threat intelligence investigation part. Logpoint has a kind of site to describe what kinds of threats they are investigating. But that, I think, maybe Logpoint can improve more. The threat investigations and reporting to the end-users can be improved. Logpoint can also come up with IR [incident response] capabilities. Other important SIEM solutions have some IR services. If I am an MSSP working with LogPoint for SIEM/SOAR solutions and I need immediate support, I should be able to get some support. It can be paid support, like SecureWorks, which has those kinds of functionalities. They will immediately get in and start working on helping us identify the threats, isolate them, and give us remedies to take care of and recover from any kind of attacks. Whereas in LogPoint, that functionality is missing. We will be on our own if something happens. We will get other support from them, but there's no paid support before taking ownership and helping us recover from those kinds of attacks. They have a kind of integration for AI, but the incident response capability is what they should improve.
Logpoint is not flexible. Its documentation is not user-friendly.
Sometimes, the product is not stable.
We encounter difficulties for the product's micro deployment regarding integration with other systems. It is complicated to collect daily logs from other systems like QRadar and LogRhythm. Our customers are unable to install agents on the endpoint to send the logs.
The solution must improve its agent installation method, in which we must manually update IP addresses and codes. Most of our employees must install agents to integrate their systems into LogPoint. LogPoint must find a way to integrate the servers without agents. The solution must improve its user and installation guides so anyone with basic knowledge can install and configure it.
We only did a first-level integration. We had to identify all alerts and fine-tune them, but we couldn't see what was happening in our information system. We were missing visuals and graphics. Recently, a new version seems to have come out, and it has a new graphical user interface. When I was integrating it, it was usable, but the GUI needed improvement.
Log management could be better because transporting the log from a password to the client system takes time.
What could be improved in LogPoint is its UI because it's less friendly to users than LogRhythm. The UI could be more aesthetically appealing to users. It's completely outdated. For example, it lacks color. IBM QRadar and LogRhythm have better UI than LogPoint. The solution needs a custom dashboard feature to make it better. LogPoint also needs to improve its network hierarchy diagram. You can't create the whole network diagram if you have the entire subnet system of your server form or your DMZs. This means that in LogPoint, it's pretty difficult to visualize the network hierarchy diagrams, so this is another area for improvement in the solution. Handling multiple types of logs also has room for improvement in LogPoint. Sometimes, it discards logs, and it has difficulty processing various logs. An additional feature I'd like the product to have in its next release is the multiple log processing feature.
One of the things we faced last year was that we had some memory issues with the server running. We were running them as virtual services, and we were facing some performance issues. Back then, there were some things that had already been solved at the end, but one of the small issues we had was that it was quite memory-consuming. After one upgrade that we did, we faced some performance issues. A challenge for every SIEM platform is when new series or devices are coming on the market, you need time to implement, but we are not facing this issue because this system is going to be decommissioned. We are not looking for enhancement or integrations. In general, if customers are looking for new things, there could be much more with advanced threat diagnostics, AE based. There are a lot of features that the next-generation SIEM tools can have, such as automated remediation technologies. There's a whole list of features that you can think about, but in our case, we're not looking for that. We were not using it as a cybersecurity SIEM project. It was much more from a compliance reporting perspective.
LogPoint can improve its dashboards. We are not able to customize the dashboard when creating them. They only have preset dashboards which do not have exactly what we are looking for.
One of the downsides is it is not a SaaS solution. It must be on-premises. It's a downside for the industry as it makes no sense to have just the solution as deployable via on-prem hardware. Nowadays, it must come as a solution that you can deploy in the cloud, either in Google, AWS, or Microsoft. It is possible, however, it's not cloud-native. That's a downside and that's a problem. When you can deploy a SaaS, cloud-native solution, then it's much easier than spinning that thing up with an image and stuff like that. SaaS is easier to manage and there are cost savings involved. It needs to improve performance. That's somehow something that others do better. They need pure speed. Just speed. How they process data, it's not top-notch. It's just average.
It is a good product, but its interface or GUI could be better.
The thing that makes it a little bit challenging is when you run into a situation where you have logs that are not easily parsable. If a log has a very specific structure, it is very easy to parse and create a parser for it, but if a log has a free form, meaning that it is of any length or it can change at any time, handling such a log is very challenging, not just in LogPoint but also in everything else. Everybody struggles with that scenario, and LogPoint is also in the same boat. One-third of logs are of free form or not of a specific length, and you can run into situations where it is almost impossible to parse the log, even if they try to help you. It is just the nature of the beast. Its reporting could be significantly improved. They have very good reports, but the ability to create ad-hoc reports can be improved significantly.
In terms of functionality, it is very good. The only issue is the documentation. Its documentation should be improved.
It wasn't one of the products we stressed for our customers just because it was a higher-end service. Our customers were not happy with firewalling and the endpoint antivirus. It needed 24-hour management. Many of our customers don't need that because they are a small-medium business. The general public wasn't looking for that type of product unless you had a company that was medical or financial and needed 24-hour responsiveness. It's pretty expensive. It's harder to make an impact and get changes as you might need it quickly or address the price issue. It's a company owned by one person, and they were pretty solid on leaving the pricing the same. They are a little bit inflexible. That's how we felt with us not really specializing in that as much as other products we work with. They're from Denmark and a lot of their staff is there. They have a real skeleton crew here. We just switched over from LogPoint to IBM's QRadar as the SIM engine.
There is room for improvement on both our side and on the side of LogPoint. We could improve on what we decided to put into LogPoint for it to work on and LogPoint Is improving with its addition of the MITRE ATT&CK framework. I know that they have user behavior analytics, but it's an extra cost for this feature. It would be nice if it was in with the standard products. If there were one price that you paid and that included all of the features, instead of having to pay a bit more to get advanced features. It would make things simpler when you purchase.
My issues with the product are mainly with regard to how it handles collecting logs. I'm currently thinking about implementing a new lever feature. Additional features I'd like to see would be standard help features in developing dashboards and reports, and some of the alerts you can setup.
LogPoint is complex and we don't have the skills to maintain use cases or even to extend the use cases. Because of this, we are unable to take advantage of the SIEM platform. We need something more self-running, hosted, and automatically recognizes problems the way the AI platforms are providing. The interface needs things like wizards that will assist with creating complex correlation rules. The platform is very resource-demanding, although this is typical of SIEM solutions.
The solution should offer more integrations with third-party solutions, like incident response platforms, or allow access to third-party big data.
Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That would reduce the workload and the product would be more mature, in terms of information. They should also work on better integration.