April 2013 Issue

Subscribe
Archive

Subscribe	Advertising

Archive	Login \| Register

WordPress tightens security with two-factor authentication

Slideshow: April 2013 threat stats

eSymposium: Mobile security April 11, 2013

SC Editions

Product Information

Prism Microsystems EventTracker

by Peter Stephenson May 01, 2009

Vendor:

Prism Microsystems

Product:

EventTracker

Website:

http://www.prismmicrosys.com

Price

typical 50 server setup: $19,995

RATING BREAKDOWN

Features:
Ease of Use:
Performance:
Documentation:

Support:
Value for Money:
Overall Rating:

QUICK READ

Strengths: Feature-rich SIEM that does not require a database license, allowing for scalability.
Weaknesses: Extensive feature depth, while a good thing, will take some time to become accustomed to. Not designed specifically for forensic use.
Verdict: Solid product with solid features, and has good value for the money as well.

EventTracker is a robust security information and event log management (SIEM) tool that has a lot of useful features. This software has extensive event tracking with the ability to report these events. Prism Microsystems has successfully incorporated real-time analysis into one product that sets itself apart from other SIEM tools. EventTracker stores and compresses log data in a secure (SHA1) format. EventTracker, although not explicitly a forensic tool, has a lot of functionality that is extremely useful in a network forensic environment.

The setup for this product was straightforward. Post-installation it was merely a matter of configuring the agents and pushing them to systems on the network. This appliance has a substantial number of pre-defined rules allowing for minimal configuration for the user. EventTracker has an easy-to-navigate control panel where all available features are accessible. While EventTracker provides a number of useful features, it will take some getting used to.

The tool has many abilities that prove it to be an excellent performer. This appliance can monitor and manage events from Windows syslog and syslog-ng, Solaris BSM, z/OS, SNMP, and flat file logs. Generating reports based on selectable criteria is both an easy and effective performance feature.

Documentation is solid. There are multiple guides which cover a variety of topics.

Prism Microsystems has an in-depth support system that features a FAQ page, online help page, extensive product documentation and feature usage. In addition, the company provides a series of video-based training tutorials. The training tutorials help users to further their proficiency with the product. They offer email and phone support, and after-hours support requests via email will be responded to with an on-call engineer.

With the first year of maintenance/support included in the license fee and a typical 50 server setup being $19,995, the price is not unreasonable. EventTracker is loaded with useful features, but will require some getting accustomed to. However, once you are familiar with the product, we see this as an excellent forensics and incident analysis tool.

Reviews For This Vendor

Related Group Test

Group test: Digital forensics

Sign up for our newsletters

POLL

A new law restricts U.S. gov't purchase of Chinese IT equipment out of security concerns. How comfortable are you buying technology that originates there?

Editorial

Threat of the month