Prism Microsystems EventTracker
Strengths: A SIEM with some bonus features, such as USB device monitoring and remediate capabilities.
Weaknesses: High cost.
Verdict: A very capable SIEM with lots of useful features.
The EventTracker from Prism Microsystems is an interesting product. It combines a lot of features that are found in other groups, as well as SIEM capability. The EventTracker can not only provide SIEM functions, such as log monitoring, collection and analysis, but also USB device monitoring, system change management and automatic remediation by taking action to shutdown or restart systems or services based on policy.
Installation and configuration of this product is quite straightforward. The product comes as a software package and, once some prerequisites are met, the product basically installs itself. We found the installation wizard to also be quite helpful in helping to meet prerequisites by informing us if a component, such as the .NET Framework, was not installed and where we could download it from with a link. After installation, all further configuration and management is done through the web GUI. We found this GUI to be well-organized with an intuitive design and layout.
This product also provides a wealth of analysis features, which make getting information on events and alerts quick and easy. All events are stored in their entirety to be easily searchable, and the product itself is integrated with the EventTracker knowledge base to provide users with in-depth information on events with a single click.
Documentation includes an installation guide and a user manual. The installation illustrates all the steps necessary to get the product installed and up and running in the environment. The user manual provides in-depth and detailed information on customizing the product and how to configure product functions to get the most out of the software. We found both of these manuals to include many screen shots, diagrams and configuration examples, as well as many clear step-by-step instructions.
Prism includes the first year of 24/5 phone and email support as part of the purchase price of the product. Support is then renewable on an annual basis as part of a 20 percent support fee. Customers also have access to an online support portal with a knowledge base and other support resources.
EventTracker is licensed per device. A mid-sized deployment consisting of 600 devices (including 50-150 servers and a couple hundred workstations) would cost $30,000. At a cost of about $30,000 for an average deployment, this product is quite pricey, but we find it to be a good value for the money based on its ability to integrate SIEM-type features and analysis with some other extra bonus functions that are not normally found in a SIEM.