LogLogic LX 2010 v4.2
Strengths: Powerful network forensic tool that serves double duty as a very capable SEIM.
Weaknesses: A bit pricey.
Verdict: If you need a tool that offers a lot of support for both network forensics and security event management, this one is a good bet.
SummaryThe LogLogic LX 2010 provides customers with a good feature set for network forensic investigations. One of the key features is LogLogic’s ability to retain all logs in a tamper-proof environment. This combined with complete management of the collected logs provides users with a solid and admissible chain of custody. Another feature is LogLogic’s LogReplay technology, which allows users to configure new rules sets for previously analyzed logs and re-analyze the data to further the investigative process. The speed and accuracy at which LogLogic’s LX 2010 captures, records logs, and its drill-down data searches and report generation is excellent.
The LogLogic product is straightforward to setup and use. Setup is done from a set of fillable forms from the web user interface. Since it normally would be in use as a log aggregator and correlator, it likely is capturing all relevant data that might be needed in a forensic investigation. Here, its strength is demonstrated in the ease with which data can be analyzed down to the source log.
The LX2010 is a very good performer. It can handle most network traffic loads and its analysis displays and reports are first rate. All reports are selected from the user dashboard. The dashboard is accessible via the web interface from anywhere on the network.
There are numerous technical and user guides provided with this product. The administrator and user guides describe a streamlined deployment and configuration of the device. The documentation outlines the functionality and steps to configure the product within an existing multi-vendor architecture. The manuals and reference documentation are contained on a single CD and are structured so information retrieval is quick and easy.
LogLogic technical support includes email, phone and web support for its customers. LogLogic's website has a robust support portal that registered customers can use. It contains a complete knowledge database and other technical support-related information. Support offerings are offered in a two-tired platform. The gold offers support 7 a.m. to 7 p.m. EST, Monday thru Friday. Platinum offers 24/7/365 support.
At over $68,000, this can be a big bite, but the real payoff for this product is that it not only provides robust security information and event management (SIEM), it provides all of the features you will need to perform a forensic analysis of network data after an incident.