LogLogic LX 2010 v4.2
Product Rating
Features:
Ease of Use:
Performance:
Documentation:
Support:
Value for Money:
Overall Rating:
For: Powerful network forensic tool that doubles up as a very capable SIEM
Against: A bit pricey
Verdict: If you need a tool that offers a lot of support for both network forensics and security event management this one is a good bet
By
Peter Stephenson,
May 23, 2008 2:31 PM
Tags:
LOGLOGIC |
LX |
2010 |
v4.2
LogLogic's LX 2010 provides customers with a good feature set for network forensic investigations.
One of its strengths is the ability to retain all logs in a tamper-proof environment, which, combined with complete management of the collected information, provides users with a solid and admissible chain of custody.
Another strong feature is LogLogic's LogReplay technology, which allows users to configure new rules sets for previously analysed logs and reanalyse the data to further the investigative process. The speed and accuracy with which the LX 2010 captures, records logs, drill-down data searches and reports is excellent.
The product is straightforward to set up and use. Installation is done from a set of forms on the web user interface. Since it normally would be in use as a log aggregator and correlator, it is probably capturing all relevant data that might be needed in a forensic investigation. Here, its strength becomes the ease with which data can be analysed down to the source log.
The LX 2010 is a very good performer. It can handle most network traffic loads, and its analysis displays and reports are first rate. All reports are selected from the user dashboard, which is accessible via the web interface from anywhere on the network.
The product comes with various guides. The administrator and user manuals describe a streamlined deployment and configuration of the device. Within an existing multi-vendor architecture. The manuals and reference documentation are contained on a single CD and are well-structured, so information retrieval is quick and easy.
LogLogic's technical support includes email, phone and web assistance. The company's website has a robust support portal open to registered customers that contains a complete knowledge database and other technical support related information. Support offerings come in two tiers: gold with office-hour support or platinum for 24/7 assistance.
At over US$68,000, this can be a big bite, but the real payoff for this product is that it not only provides robust security information and event management (SIEM), it provides all of the features you will need to perform a forensic analysis of network data after an incident.