Professional Documents
Culture Documents
and
LogPoint
Buyer's Guide and Reviews
November 2020
IBM QRadar and LogPoint
Note that this is a generic report based on reviews and opinions from the entire IT
Central Station community. We offer a customized report personalized for you based on:
• Your industry
• Company size
• Which solutions you're already considering
It includes recommendations for you based on what other people like you are researching and
using.
It takes 2-3 minutes to get the report using our shortlist builder wizard. We recommend it!
2
IBM QRadar and LogPoint
Contents
Overview 11
Vendor Directory 24
3
IBM QRadar and LogPoint
IBM QRadar
PROS
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance
across the entire IT infrastructure." [Full Review]
Shaikh
Jamal Uddin
"The ability to transition from microscopic to macroscopic view, instantly, is very good." [Full Review]
Daniel
Sichel
"It is very stable." "We have not faced interruptions in the past four and a half years." [Full Review]
reviewer916
710
"This solution has allowed us to correlate logs from multiple sources." [Full Review]
Vik Solem
"We get events and make the correlation, or rules." "In IBM, we can implement our customer's rules." "We can have very clear status
threats and severity of antigens." [Full Review]
Larbi
Belmiloud
"Provided that the report is prebuilt and I can find what I am looking for, the reporting is the most valuable feature in this solution."
[Full Review]
QRadar6777
"This solution provides me with various alarms, and I have found security issues with some of my other products." [Full Review]
QRadar677
4
IBM QRadar and LogPoint
IBM QRadar
CONS
Shaikh
Jamal Uddin
Daniel
Sichel
reviewer916
710
"We would like to see better instrumentation for debugging changes in the log flow." [Full Review]
Vik Solem
"The interface is very old." "IBM should remake it into a more modern interface." [Full Review]
Larbi
Belmiloud
"There are reports that I would like to generate that are either not included, or I cannot find." [Full Review]
QRadar6777
"There is a lot of manual configuration required in order for the product to run smoothly, and I think that it could be made more
automatic." [Full Review]
QRadar677
5
IBM QRadar and LogPoint
IBM QRadar
"The pricing needs to be such that they are more competitive with other vendors." [Full Review]
QRadar6777
"There are additional costs, such as the cost associated with the different hardware required for implementation and deployment."
"Along with the add-on apps, these are all additional costs, and they require licensing as well." [Full Review]
Cyberspec6
7
"In terms of additional costs, it depends on the subscription that you choose." "There are plenty of options to choose from." [Full
Review]
BALA
"Our licensing costs for this solution is on a yearly basis." [Full Review]
Rossella
Falcone
"It's too expensive." "The licensing is also a little bit difficult to understand because you have to license it per event and per number
of flows." [Full Review]
DAX Paulino
"QRadar is quite expensive." "It wouldn't be worth it for a small business..." [Full Review]
Vulnera086
67
"I would like for them to lower the price." [Full Review]
Phillip
Okemwa
6
IBM QRadar and LogPoint
LogPoint
PROS
Lars Hillerup
Jeroen
Kroon
"The flexibility of the search feature and the solution's analytics features are the most valuable parts of the solution." [Full Review]
Giorgi-
Mikaia
"The solution offers excellent reporting features." "Our customers have been satisfied that they have been able to meet their
compliance needs by giving them a standard report." [Full Review]
Kedar
Kulkarni
7
IBM QRadar and LogPoint
LogPoint
CONS
Lars Hillerup
"The interface needs things like wizards that will assist with creating complex correlation rules." [Full Review]
Jeroen
Kroon
"The solution should offer more integrations and third-party solutions like incident response platforms or allow access to third-party
big data" [Full Review]
Giorgi-
Mikaia
"Nowadays the trend is going towards the ransomware and the endpoint detection and response." "So if they added something for
that, that will be very, very good." [Full Review]
Kedar
Kulkarni
8
IBM QRadar and LogPoint
LogPoint
"Our licensing fees are about $10,000 USD per month, which I think is fair." [Full Review]
Jeroen
Kroon
"For a hundred user deployment the cost is about $10,000." "The next year it would be the same because it's a subscription-based
license." "There are separate costs as well, for example, if a customer asks for training for their staff." [Full Review]
Kedar
Kulkarni
9
IBM QRadar and LogPoint
ROOM FOR
IMPROVEMENT DAX Paulino Kedar Kulkarni
The first area for improvement is the cost. It's a Nowadays the trend is going towards ransomware
little bit too expensive for us. Also, initially it was and endpoint detection and response. So if they
difficult to understand or to grasp, but once you added something for that, that would be very
get the hang of it is easier to understand and to useful. Plus, there is a trend towards store
analyze. So the main problems are its cost, the technology for security orchestration and
maintenance cost, and the fact that it takes some automated response. That would reduce the
time to learn how to use it. In terms of additional workload and the product would be more mature,
features, a mobile app would be nice. Also, the in terms of information. They should also work on
reporting is definitely okay, but you have to make better integration. [Full Review]
sure that everybody with different roles can... [Full
Review]
Jeroen Kroon
BALA
Lars Hillerup
Cyberspec67
10
IBM QRadar and LogPoint
Overview
SOLUTION IBM QRadar LogPoint
OVERVIEW The IBM QRadar security and analytics platform is LogPoint are SIEM specialists with solutions widely
a lead offering in IBM Security's portfolio. This deployed in the Nordics, Germany, France and the
family of products provides consolidated flexible UK.
architecture for security teams to quickly adopt log
management, SIEM, user behavior analytics, The LogPoint solution is designed to provide you
incident forensics, and threat intelligence and with the information you need by enabling you to
more. As an integrated analytics platform, QRadar collect, analyze and monitor data from your entire
streamlines critical capabilities into a common infrastructure for Compliance Management,
workflow, with tools such as the IBM Security App Information Security, Application Security
Exchange ecosystem and Watson for Cyber Monitoring and Operational Insight.
Security...
LogPoint is straightforward to buy, install and
manage – so will take less of your time.
SAMPLE Clients across multiple industries, such as energy, AP Pension, Copenhagen Airports, KMD, Terma,
CUSTOMERS
financial, retail, healthcare, government, DISA, Danish Crown, Durham City Council, Game,
communications, and education use QRadar. TopDanmark, Lahti Energia, Energi Midt, Synoptik,
Eissmann Group Automotive, Aligro, CG50...
LogRhythm NextGen SIEM vs. IBM QRadar LogRhythm NextGen SIEM vs. LogPoint
Compared 10% of the time Compared 15% of the time
ArcSight Enterprise Security Manager (ESM) vs. IBM QRadar vs. LogPoint
IBM QRadar Compared 13% of the time
Compared 9% of the time
* Data is based on the aggregate profiles of IT Central Station Users researching this solution.
11
IBM QRadar and LogPoint
IBM QRadar vs LogPoint: What are the advantages and disadvantages of each?
When looking for a Security Information and Event Management (SIEM) solution, are you more likely to pick IBM
QRadar or LogPoint? What are the advantages and disadvantages of each? Are there specific use cases where
one provides a better solution than the other?
12
IBM QRadar and LogPoint
Enables us to handle the most critical attacks and integrates well with
other solutions
DAX Paulino
We are using it for SIEM, for Security Information and Event Management. We're gathering the logs and doing analytics on how we
are going to react to security incidents.
With QRadar we managed to focus on the more critical incidents that we have experienced. As a result, we have managed to
decrease the most critical incidents, most critical attacks. Now we're focusing on the ones that are not too heavy, not too critical.
As of the moment, we are more secure than before.
One of the most valuable features is its ability to integrate with other solutions. In our current setup, we need a holistic view of our
network to provide better service. Therefore, integration with our security tools and infrastructure is a must. We managed to get
our NGFW, Endpoint Security, network servers, compliance tools and others to integrate with QRadar which enables our team to
better understand what is happening in our network and respond accordingly.
13
IBM QRadar and LogPoint
The first area for improvement is the cost. It's a little bit too expensive for us.
Also, initially it was difficult to understand or to grasp, but once you get the hang of it is easier to understand and to analyze. So
the main problems are its cost, the maintenance cost, and the fact that it takes some time to learn how to use it.
In terms of additional features, a mobile app would be nice. Also, the reporting is definitely okay, but you have to make sure that
everybody with different roles can understand it. There is room for improvement in the reporting.
It's very robust. If it fails it does not really harm the network. It just gathers information and that's the important part. It has not
failed, it's been working since day one so there is no problem. As long as the server that you install it on is working fine, it's very
reliable. It's very stable.
It's also scalable yes. You can adjust the number of devices it communicates with so there is no problem with scalability.
I have not yet contacted technical support. I have not encountered any problems. So far, we have had no need for them. We
have just fixed things ourselves.
14
IBM QRadar and LogPoint
It's straightforward. We just had to connect it to our servers, to our security solutions, and that was it. Everything was already
communicating.
We are just a small company, so the deployment did not take that long, about a month to a month-and-a-half. It didn't involve too
much downtime since we're just monitoring a few servers and a couple of security tools.
We are directly in touch with IBM and we have an IBM security specialist. He usually gives us pointers and he's the one who also
gave us a little bit of training and knowledge transfer.
It's too expensive. The licensing is also a little bit difficult to understand because you have to license it per event and per number
of flows. So you have to understand the difference between a flow and an event, and then you have to forward that to the
resellers, the distributors, and to IBM. That part took a long time for us. Now we're adjusted to the process.
We did evaluate some, like LogRhythm. We found that LogRhythm was more difficult to understand because it was a little bit too
static. I believe they have already improved but, as of the moment, we are still happy with QRadar.
15
IBM QRadar and LogPoint
My advice is to take your time. It depends on your network, on what you want to gather information from. Make sure that the
networking and the cybersecurity teams are working towards a common goal. The solution is very much worth it. You can gather
all the information that you need as long as you know first what you need.
This solution is mainly for the Security Operations Center, so there are just three or four users. But it's one of the key tools for us to
identify threats and attacks. The users are security operations analysts and threat hunters.
In our case, deployment and maintenance requires just a few people. They are the network administrators and our cybersecurity
engineers.
At the moment we have no plans to increase usage. If the company grows, usage should grow as well. The company is growing
but, as of the moment, we are planning for expansion. That's why the solutions that we carry are already built for expansion for the
next three to five years.
I would rate QRadar at eight out of ten. It's not perfect and the big issues would be the price and it that it takes some time to
understand it. But so far, it's one of the best solutions out there.
16
IBM QRadar and LogPoint
Kedar Kulkarni
The primary use case is standard compliance to help the user's ability to navigate PCI DSS compliance or GDPR compliance.
Besides that, if a user needs to do the log collection and correlation, the solution makes it easy.
The solution offers excellent reporting features. Our customers have been satisfied that they have been able to meet their
compliance needs by giving them a standard report. I understand that you can't define the custom reporting features, however.
Overall, the platform has a very good dashboard and a nice correlation engine as well.
Nowadays the trend is going towards ransomware and endpoint detection and response. So if they added something for that, that
would be very useful. Plus, there is a trend towards store technology for security orchestration and automated response. That
would reduce the workload and the product would be more mature, in terms of information. They should also work on better
integration.
17
IBM QRadar and LogPoint
The solution is quite stable as long as your server and the hardware is supporting it because it is a virtual kind of software solution.
So the software depends on the hardware. If your hardware is supporting it, obviously the solution will be stable. Once you install
it, you don't have to worry about it.
Scalability wise, if you are expanding the scope of the SSI devices, you just need to add the number of endpoints or number of
servers, and licenses.
We found technical support very good. But to be very honest, we did not come across any major issue as of yet. If there's that
something that we cannot solve ourselves completely, then we are totally reliant on them.
We are the resellers for multiple solutions, so we don't only sell LogPoint. It is a solution we pitch to our smaller customers.
18
IBM QRadar and LogPoint
The initial setup was straightforward. Usually, we can deploy the solution within three days. We usually take two days and keep an
extra day for a buffer, just for fine-tuning some policies and things like that. For a small deployment, one person is enough.
For the first two deployments, we did have help. After that, we did not need it because there is direct support from LogPoint. We
can use tickets and get help if necessary.
As long as the solution is working, and you are in compliance with all the internal audit policies, you will see a return on
investment.
The licensing structure is super. It's not like other complex environments. They work on the EPS or MPS, but they also work on a
number of devices. It's very straightforward. They have a different pricing structure for the lighter devices, so that makes it a very
cost-effective solution.
For a hundred user deployment the cost is about $10,000. The next year it would be the same because it's a subscription-based
license. There are separate costs as well, for example, if a customer asks for training for their staff.
I would recommend the solution. Go with the trial version and evaluate it first, because individual tastes may differ. I'm not the end-
user, I'm the reseller. We have managed to meet the customer's requirements for adhering to their compliance or getting the
solution onboard to their satisfaction. In the end, however, when an end-user uses the solution, they will ultimately have a
clearer idea about the pitfalls or upsides of it.
© 2020 IT Central Station
I would rate the solution eight out of ten.
To read more reviews please visit https://www.itcentralstation.com/products/comparisons/ibm-qradar_vs_logpoint?tid=pdf_comp_18086-29824
19
IBM QRadar and LogPoint
Jeroen Kroon
We use LogPoint for log collection. We have a specific use case around a system that was not able to provide this kind of
correlation. However, we are going to get rid of the legacy platform within the year and will be moving away from LogPoint.
The most valuable feature is the log creating according to specific rules.
LogPoint is complex and we don't have the skills to maintain use cases or even to extend the use cases. Because of this, we are
unable to take advantage of the SIEM platform. We need something more self-running, hosted, and automatically recognizes
problems the way the AI platforms are providing.
The interface needs things like wizards that will assist with creating complex correlation rules.
20
IBM QRadar and LogPoint
We did have problems with stability in the past and we had one ticket that was open for a couple of months. It was due to their
platform having trouble reading sources coming from different kinds of services.
We are using LogPoint on a very small scale. I did some complex reports and it was working but it needed a lot of memory on the
local server.
We have about 150 employees and there are two or three operators.
Technical support is responsive and very friendly. We have no issues with that.
I have a lot of experience with Splunk, Radar, ArcSight, and the EMC platform. All of them consume a lot of system resources.
We did not use another SIEM solution in-house prior to LogPoint, although we did do some management using Rapid7 technology.
21
IBM QRadar and LogPoint
Our licensing fees are about $10,000 USD per month, which I think is fair. The licensing fees include product enhancements,
support, and it satisfies some mandatory regulatory aspects that we need to fulfill. We are also not taking full advantage of the
capabilities, such as advanced analytics.
If we wanted to take full advantage of the capabilities then we would need to invest between $20,000 and $50,000 in consulting
fees.
LogPoint was selected before I was in this position, so I was not part of the process. My understanding is that several products
were considered but LogPoint was chosen because the price of the license was attractive.
We are moving away from this solution and are looking for something automated, like Darktrace.
My advice for anybody who is implementing this solution is to first have a very clear understanding of the use cases, what you
want to use it for, and what you want to report.
Don't be afraid to look for a cloud-based solution, especially when it comes to SIEM products. It removes a lot of trouble related to
internal servers and the complexity of accessing the SIEM from outside. If you have to implement your own MSA then I would
suggest reconsidering any case of using an internal SIEM. Especially for smaller companies, this will provide much more value.
22
IBM QRadar and LogPoint
On-premises
23
IBM QRadar and LogPoint
Vendor Directory
Amazon AWS Security Hub Micro Focus ArcSight Enterprise Security Manager
(ESM)
AT&T AT&T AlienVault USM
Micro Focus NetIQ Sentinel
AT&T AlienVault OSSIM
Micro Focus ArcSight Interset / Intelligence
BlackStratus SIEMStorm
NETMONASTERY DNIF
Devo Devo
Netsurion Netsurion EventTracker
Elastic Elastic SIEM
NNT NNT Log Tracker Enterprise
empow i-SIEM
Odyssey Cybersecurity ClearSkies SaaS NG SIEM
Exabeam Exabeam
Oracle Oracle Security Monitoring and Analytics
FireEye FireEye Helix Cloud Service
HelpSystems HelpSystems Powertech Event Manager RSA RSA NetWitness Logs and Packets (RSA
SIEM)
IBM IBM QRadar
RSA RSA enVision
IBM IBM Watson for Cyber Security
Seceon Seceon Open Threat Management
Platform
Ignite Technologies SenSage AP
Securonix Solutions Securonix Security Analytics
Intersect Alliance Snare
SolarWinds SolarWinds Security Event Manager
IS Decisions FileAudit
SolarWinds SolarWinds MSP Threat Monitor [EOL]
LogPoint LogPoint
Splunk Splunk
LogRhythm LogRhythm NextGen SIEM
SQRRL SQRRL
Logsign Logsign
Sumo Logic JASK [EOL]
Logz.io Logz.io
SurfWatch Labs SurfWatch Labs SurfWatch
ManageEngine ManageEngine Log360
ThetaRay ThetaRay
ManageEngine ManageEngine EventLog Analyzer
TIBCO LogLogic
Masergy Masergy
Trustwave Trustwave SIEM [EOL]
McAfee McAfee ESM
VenusTech Venusense USM
24
IBM QRadar and LogPoint
Chart Key
Number of views Number of times compared Total number of reviews on Average words per review Average rating based on
to another product IT Central Station on IT Central Station reviews
Bar length
The total ranking of a product, represented by the bar length, is based on a weighted aggregate score. The score is calculated as follows:
For each of Reviews, Views, and Comparisons, the product with the highest count in each area gets a maximum 18 points.
Every other product gets assigned points based on its total in proportion to the #1 product in that area.
For example, if a product has 80% of the number of reviews compared to the product with the most reviews then the product's points for reviews
would be 18 * 80% = 14.4.
Both Average Rating and Words/Review are awarded on a fixed linear scale.
For Average Rating, the maximum score is 28 points awarded linearly between 6-10 (e.g. 6 or below=0 points; 7.5=10.5 points; 9.0=21 points;
10=28 points).
For Words/Review, the maximum score is 18 points awarded linearly between 0-900 words (e.g. 600 words = 12 points; 750 words = 15 points;
900 or more words = 18 points).
If a product has fewer than ten reviews, the point contribution for Average Rating and Words/Review is reduced:
1/3 reduction in points for products with 5-9 reviews, two-thirds reduction for products with fewer than five reviews.
Reviews that are more than 24 months old, as well as those written by resellers, are completely excluded from the ranking algorithm.
All products with 50+ points are designated as a Leader in their category.
1 Splunk
104,302 views 86,193 comparisons 26 reviews 406 words/review 8.2 average rating
27,788 views 15,196 comparisons 26 reviews 1,070 words/review 7.8 average rating
3 IBM QRadar
38,894 views 25,944 comparisons 23 reviews 450 words/review 8.3 average rating
25
IBM QRadar and LogPoint
8,320 views 3,815 comparisons 10 reviews 1,733 words/review 8.7 average rating
5 Netsurion EventTracker
2,998 views 866 comparisons 11 reviews 2,048 words/review 8.8 average rating
17,075 views 10,205 comparisons 13 reviews 403 words/review 8.3 average rating
7 Fortinet FortiSIEM
10,442 views 7,365 comparisons 10 reviews 431 words/review 7.7 average rating
8 AlienVault OSSIM
2,165 views 1,032 comparisons 13 reviews 551 words/review 7.3 average rating
4,154 views 2,646 comparisons 10 reviews 531 words/review 7.5 average rating
15,826 views 10,476 comparisons 12 reviews 378 words/review 7.2 average rating
26
IBM QRadar and LogPoint
VIEWS
1 Splunk 104,302
Reviews
REVIEWS
1 Splunk 26
3 IBM QRadar 23
Words / Review
WORDS /
REVIEW
1 i-SIEM 5,358
2 Devo 2,331
27
IBM QRadar and LogPoint
We created IT Central Station to provide technology professionals like you with a community platform to share information about enterprise
software, applications, hardware and services.
We commit to offering user-contributed information that is valuable, objective and relevant. We protect your privacy by providing an environment
where you can post anonymously and freely express your views. As a result, the community becomes a valuable resource, ensuring you get
access to the right information and connect to the right people, whenever you need it.
IT Central Station
244 5th Avenue, Suite R-230 • New York, NY 10001
www.ITCentralStation.com
reports@ITCentralStation.com
+1 646.328.1944
28