We changed our name from IT Central Station: Here's why
Get our free report covering Microsoft, Darktrace, Splunk, and other competitors of Rapid7 InsightIDR. Updated: January 2022.
564,143 professionals have used our research since 2012.

Read reviews of Rapid7 InsightIDR alternatives and competitors

Jeroen Kroon
Security Manager at Scildon
Real User
Top 5
Good technical support but it is complex to use and resource-heavy
Pros and Cons
  • "Technical support is responsive and very friendly."
  • "The interface needs things like wizards that will assist with creating complex correlation rules."

What is our primary use case?

We use LogPoint for log collection. We have a specific use case around a system that was not able to provide this kind of correlation. However, we are going to get rid of the legacy platform within the year and will be moving away from LogPoint.

What is most valuable?

The most valuable feature is the log creating according to specific rules.

What needs improvement?

LogPoint is complex and we don't have the skills to maintain use cases or even to extend the use cases. Because of this, we are unable to take advantage of the SIEM platform. We need something more self-running, hosted, and automatically recognizes problems the way the AI platforms are providing.

The interface needs things like wizards that will assist with creating complex correlation rules.

The platform is very resource-demanding, although this is typical of SIEM solutions.

For how long have I used the solution?

We have been using LogPoint for three or four years.

What do I think about the stability of the solution?

We did have problems with stability in the past and we had one ticket that was open for a couple of months. It was due to their platform having trouble reading sources coming from different kinds of services.

What do I think about the scalability of the solution?

We are using LogPoint on a very small scale. I did some complex reports and it was working but it needed a lot of memory on the local server.

We have about 150 employees and there are two or three operators.

How are customer service and technical support?

Technical support is responsive and very friendly. We have no issues with that.

Which solution did I use previously and why did I switch?

I have a lot of experience with Splunk, Radar, ArcSight, and the EMC platform. All of them consume a lot of system resources.

We did not use another SIEM solution in-house prior to LogPoint, although we did do some management using Rapid7 technology.

How was the initial setup?

The initial setup was complex.

What's my experience with pricing, setup cost, and licensing?

Our licensing fees are about $10,000 USD per month, which I think is fair. The licensing fees include product enhancements, support, and it satisfies some mandatory regulatory aspects that we need to fulfill. We are also not taking full advantage of the capabilities, such as advanced analytics.

If we wanted to take full advantage of the capabilities then we would need to invest between $20,000 and $50,000 in consulting fees.

Which other solutions did I evaluate?

LogPoint was selected before I was in this position, so I was not part of the process. My understanding is that several products were considered but LogPoint was chosen because the price of the license was attractive.

At this point, we are thinking about moving to Darktrace.

What other advice do I have?

We are moving away from this solution and are looking for something automated, like Darktrace.

My advice for anybody who is implementing this solution is to first have a very clear understanding of the use cases, what you want to use it for, and what you want to report. 

Don't be afraid to look for a cloud-based solution, especially when it comes to SIEM products. It removes a lot of trouble related to internal servers and the complexity of accessing the SIEM from outside. If you have to implement your own MSA then I would suggest reconsidering any case of using an internal SIEM. Especially for smaller companies, this will provide much more value.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at a marketing services firm with 10,001+ employees
Real User
Top 20
Customizable dashboards and reports, offers abnormal behavior detection, and the support is good
Pros and Cons
  • "You can customize the dashboards as well as the reporting."
  • "The documentation could be improved."

What is our primary use case?

We are using AlienVault for vulnerability scanning and detecting abnormal behavior.

What is most valuable?

This product is easy to use.

The support is very good and they offer managed services.

The dashboards are good. You can customize the dashboards as well as the reporting.

What needs improvement?

There needs to be more focus on the NOC and IIS in terms of developing applications for behavior detection.

The backup features use a lot of storage space.

The documentation could be improved.

Asset management and filtering are in need of fine-tuning and enhancement.

For how long have I used the solution?

I have been working with AlienValut since 2018.

What do I think about the stability of the solution?

AlienValut is a very stable product.

How are customer service and technical support?

The technical support is perfect.

Which solution did I use previously and why did I switch?

I have worked with LogRhythm in the past, since 2015, and I find that AlienVault is a better product. We are facing a technical issue with LogRhythm, as it is still used in other parts of our organization. I am looking to finalize and unify the solution.

We needed better detection to give us information from the IS about geography or abnormal behavior that is breaching our security. Most of our products are web applications and this is important to us. 

Which other solutions did I evaluate?

We are currently looking into implementing a PoC for either ManageEngine or FortiSIEM.

What other advice do I have?

My advice to anybody who is considering AlienVault is to implement a proof of concept to ensure that it meets their requirements. A PoC should be done before settling on any product.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of Information Security at a financial services firm with 501-1,000 employees
Real User
Top 20
Scalable with good searching capabilities and good support
Pros and Cons
  • "The most valuable feature is the searching capability and real-time operational use."
  • "Some of the cloud apps need improvement."

What is our primary use case?

The primary use case of this solution is for monitoring an enterprise data center, globally for 12,000 devices.

How has it helped my organization?

It has improved the way that the organization functions.

What is most valuable?

The most valuable feature is the searching capability and real-time operational use.

What needs improvement?

Some of the cloud apps need improvement.

In the next release, I would like to see improving the stability of some of the add-on applications.

For how long have I used the solution?

I have been using IBM QRadar for two years.

We are using the current version.

What do I think about the stability of the solution?

Stability is moderate.

We have 15 people using this solution in our organization. Their positions vary from Network Engineers, Security Engineers, and Security Analysts.

What do I think about the scalability of the solution?

It's very scalable.

How are customer service and technical support?

Technical support is good.

I would rate them a nine out of ten. Their response time is good.

Which solution did I use previously and why did I switch?

Previously, I did not use another solution.

How was the initial setup?

The initial setup is complex. It's just the nature of the CM tool.

What's my experience with pricing, setup cost, and licensing?

I think that the price is fair, but we can always say that the price could be cheaper.

What other advice do I have?

Like any complex enterprise CM tool, you have to have a strong support organization. People who are good at understanding Linux operating systems. You also need a strong technical support team in-house.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Microsoft, Darktrace, Splunk, and other competitors of Rapid7 InsightIDR. Updated: January 2022.
564,143 professionals have used our research since 2012.