Prism Microsystems EventTracker v7.2
Strengths: Chock-full of features, this is a SIEM that should meet most any enterprises needs.
Weaknesses: One of the more complicated SIEMs to deploy and master.
Verdict: A great SIEM for those looking for all the possible bells and whistles.
SummaryNowhere does a product name better describe its capabilities than with EventTracker from Prism Microsystems. From the outset, EventTracker is designed to track events and track them well. Now, in version 7.2, EventTracker has been around for some time and comes in a variety of flavors, ranging from the EventTracker Syslog product to the EventTracker Cloud offering to the EventTracker Operations Center.
Picking which edition to use all comes down to what an administrator wants to accomplish. For SIEM, multiple editions are applicable. However, once compliance and security reporting are thrown into the mix, EventTracker Enterprise seems to make the most sense.
Like many other SIEM products, EventTracker Enterprise uses a client server paradigm, where client systems report back to a server, which consolidates and normalizes events for further processing. Billed as a tool that provides a 360-degree view of log management, log monitoring, log search, file integrity monitoring, system monitoring, reporting, analytics, as well as visualization for continuous monitoring of system logs, users, file changes, servers and desktops, EventTracker Enterprise comes across as a comprehensive SIEM product.
The tool aggregates security and audit logs in real time from sources including Windows servers and desktops/laptops, Unix/Linux systems, Syslog devices (switches/routers), mobile devices, user activity, privileged user/administrator activity, security policy changes, applications and databases, USB and writeable media, routers and switches, intrusion detection system (IDS)/intrusion prevention system (IPS), anti-virus, VMware, mobile devices, as well as physical security systems and biometric systems.
Nevertheless, EventTracker proves to be as comprehensive as it is complex, with a laundry list of features, including automatic remediation, real-time alerting and monitoring, search, reporting, compliance, endpoint protection, log collection, secure log storage, correlation, behavior analysis and Windows agents. EventTracker Enterprise covers the gambit of SIEM and then some. In other words, as SIEM products go, EventTracker Enterprise proves to be much more than a traditional SIEM product.
Installation of the product is surprisingly simple and mostly automated. However, there is a prerequisite check that must be accomplished before installation takes place, though that is automated for the most part as well. Some of the prerequisites include having .NET Framework and other critical components installed. Once prerequisites are met, installation is smooth and event free.
Initial configuration is done via the product's intuitive GUI, which offers menus, wizards and real-time advice to set up the features. However, due to the rich feature set, navigating the browser-based GUI can be a little frustrating, at least until one gets used to the product.
All of its functionality comes at a price, namely an expensive one - at least when compared with basic SIEM products. Nevertheless, that high cost still offers significant value, especially considering all of the extra capabilities offered.