Strengths: Easy-to-deploy log management, event correlation and compliance management.
Weaknesses: None that we found.
Verdict: This one’s a bit of a dark horse in the SIEM race, coming from a log management legacy. Now, a first-rate SIEM product at a good price. It is our Recommended product.
SummaryWhen we first saw LogLogic a few years ago, it was a strong log management appliance that could do some nifty stuff, but overall was focused on log management. Well, times have certainly changed, and this appliance has grown immensely in functionality over the years. Its latest iteration offers some exciting new features, including a full compliance manager, but more on that later. The LogLogic MX can collect data and logs from network devices, such as routers and firewalls, as well as many other sources, including intrusion detection system (IDS)/intrusion prevention system (IPS), Windows, Unix and load balancers. After logs are gathered, the MX solution indexes, compresses and stores the data for use in forensic analysis and compliance assessments.
Installing the appliance itself takes just a few minutes. Once up and running in the network, all configuration is done via a web-based management console. The tool also comes with the Compliance Suite and Compliance Manager as separate installs. The Compliance Manager can be easily installed on a Windows Server and it provides all the necessary components, including the web-based management interface. After the installations are complete, all that needs to be done is to add the appliance to the Compliance Manager and add sources to the appliance.
After our initial configuration was complete, we began navigating around the management interface and found it to be quite comfortable to move around in. The majority of the interface has not changed much, and we felt right at home managing the appliance. The combination of the MX appliance and the Compliance Suite make managing compliance easy as well. This product comes preloaded with many compliance-based reports and customizable dashboards. Also included are ready-to-go alerts based on several standards, including PCI DSS, HIPAA, SOX, COBIT, NERC, FISMA, ISO, ITIL, and the HITECH Act.
Documentation came as several PDF guides, including installation and administrator guides for the appliance and quick-start and user guides for the Compliance Manager, along with several supplemental pieces of documentation, including log source configuration guides for a variety of log sources. We found all these to be complete and easy to navigate.
LogLogic offers two levels of support - both available at an annual cost. Customers can purchase gold support, which includes phone and email technical help during business hours, or platinum support, which is 24/7.
Starting at around $35,000, this product may seem quite expensive, but we find it to be a good value for the money. Included in the price is not only the appliance and software, but also the Compliance Manager and Management Suite, which add a lot of compliance auditing/management features and functionality. Ongoing support is also quite affordable, with business-hour support coming in at around $7,000 per year and 24/7 assistance only around $12,000 per year.