Know Your SIEM: Logpoint

Take a closer look at the features and availability of the Logpoint SIEM.

Know Your SIEM: Logpoint

Established in 2012, Logpoint has been in the cybersecurity space longer than many of their contemporaries. Offering numerous security solutions and products, their proprietary SIEM, also simply referred to as Logpoint, is a much used and versatile solution in the industry.

In the following post, we'll take a walk with the platform, highlighting its features and strengths, as well as hopefully giving you a better understanding if this is the right tool for your organization and its security integration needs.

Availability

Logpoint's SIEM is a fairly versatile solution. It's available in traditional on-premise format with a cloud-deployment option, as well as coming in an entirely cloud-native SaaS version depending on your security needs. 

Features and Integrations

Logpoint has a strong focus on threat detection, end to end security, and response. The platform caters to a range of use cases, often focused within SAP products and vertical-specific offerings, as well as organizations within the public sector.

The platform comes with a bank of pre-built use cases, rules, playbooks, and alert options that can be tailored to your specific environment. It also includes a Security Orchestration, Automation, and Response (SOAR) component for a single user, along with live data storage as part of its standard offerings.

Under the hood, users will find a fairly comprehensive suite of additional features available, including user entity and behavioral analytics (UEBA) which is available as separate add-ons across all versions of the platform. 

The company also acquired SecBI in late 2021, enhancing the response capabilities and integration offerings with third-party platforms, making connections between your tools easier than even before.

State of Development

Logpoint, like many products in the SIEM space, has been continually evolving. Some recent enhancements to Logpoint's capabilities include:

  • Investments in user interface and data interpretation capabilities have better enabled the platform to align with the MITRE ATT&CK framework and allow users to customize incident and alert taxonomy.
  • Increased global coverage for its SaaS SIEM platform. Logpoint recently expanded to the APAC and LATAM regions, alongside enhancements to the SOAR and UEBA modules.
  • Another noteworthy addition is the Logpoint BCS for SAP, sold as a separate add-on. This addition provides proactive visibility of threats within SAP environments. 
  • Premium support services are available for both the SIEM platform and the development of SOAR use cases, offering tailored assistance to meet specific needs of their infosec department.

Considerations

Logpoint is a versatile and adaptable SIEM offering that excels at providing standard content and aligning with business-critical applications through behavioral analytics and automation. However, there are some challenges that the platform faces.

Notably, while Logpoint has expanded into the APAC and LATAM regions, this smaller geographic presence means a lesser distribution of support and sales staff in those areas, along with fewer out-of-the-box compliance reports compared to competitors. If your organization is located in these regions, it may affect your decision to adopt this platform, knowing your team may need to perform additional setup and regulatory duties in-house.

Additionally, while Logpoint has made numerous strides towards opening its door to further integrations and connectivity, in some cases the SIEM still relies on third-party integrations for essential functions, such as network detection and response capabilities. For users expecting a complete suite out of the box, without a wider portfolio of tools at their disposal, they may find that they need third-party integrations. Fortunately, Logpoint is adaptable and many of your secondary applications should communicate well within your setup.

Considering building an integration with Logpoint or any other SIEM solution? Metron has experience building scalable integration with Fortinet’s products.

If you are considering any custom cybersecurity solution that focuses on the resources and needs of your organisation, please send a note to connect@metronlabs.com.