EventTracker Enterprise v7.3
April 01, 2013
Starts at $4,599 per 10 servers, $7,824 for 25 servers, and $12,799 for 50 servers.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: This product is a well-designed enterprise-class tool.
- Weaknesses: Hard to find a substantial weakness.
- Verdict: Version 7.3 of EventTracker Enterprise is a big leap forward in SIEM technology. Recommended.
EventTracker Enterprise is comprehensive. It is designed to be scalable to address multiple locations, business units and domains using the EventTracker Stand-Alone, Collection Point and Collection Master architecture. The latest version (7.3) expands/improves the offering in areas of file integrity monitoring, change audit, configuration assessment, cloud integration, event correlation and writeable media monitoring and management. Some of the other new features include built-in ticketing system (with acknowledgement, search, notes and email), support for log4j and related standards, such as log4cxx, log4net, log4php, scheduled discovery of applications and systems, configurable behavior rules to detect new and out-of-the-ordinary behavior by user-specified thresholds, frequency or learned-behavior thresholds, and risk-based prioritization for incident identification and automatic or manual remediation solutions.
The product ships as either a virtual appliance or as software. EventTracker uses a flat file database that is fully indexed for performanceand a standard compression function that flattens the data 90 percent or more for excellent retrieval and shortage management. The archive data is striped with a SHA-1 checksum to ensure data integrity. The checksums are validated before use and detection of tampering triggers an alert. Another strong feature is the integration of Microsoft's Specialized Security - Limited Functionality (SSLF) hardening option to the EventTracker system. The SSLF was designed to help protect information in hostile environments.
EventTracker provided a number of excellent documents to aid in its installation, configuration and use. Most useful were the EventTracker-Enterprise-v7.3-Install-Guide, Hardening-Guide-For-EventTracker-Server and the EventTracker v7.3 Enterprise User Guide.
The product provided features to filter unwanted activity. In addition to the items already noted, after a brief agent enrollment process, the following features were available for viewing and processing: email alerting, remediation, behavior analysis, forensic search, change activity reporting, compliance reports and more. The system provides a risk-based prioritization facility for assets that we found pleasing. One of the most powerful set of features were found under the "Reports" tab, then selecting the "Compliance" tab. Equally rich functionality was found under the "Config Assessment" tab. Once this was selected, the "Report" tab was selected. Here, under the "Benchmark" tab, there were a large number of report options. The benchmarks were categorized by publisher and system platforms, and systems were tagged and assessment launched. Once completed, the system reported the Config Assessment results. The Open Vulnerability and Assessment Language (OVA) results provided excellent references.
EventTracker support is a 24/7 fee-based service, which includes phone and email assistance, a portal via the website, a knowledge base and FAQ. The cost is 20 percent of the software list price. EventTracker also offers product support, design, planning, implementation services and training. This tool hits all of the benchmarks for a top-tier SIEM and is money well spent.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- U.S. government extends offer to protect states from electoral cyberthreats
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought