Prism Microsystems EventTracker
Strengths: Full-scale SIEM with configuration assessment and remediation built in.
Weaknesses: A little pricey for a software-based product.
Verdict: Probably the most feature-rich SIEM we looked at, but don’t forget to add in the cost of a hardware platform.
SummaryThe EventTracker from Prism Microsystems provides an interesting set of features. This product does not only correlate security and audit logs from any device throughout the network but also can provide extra functionality, including change management and compliance configuration assessment. This tool also can take logs from systems that may be ignored or forgotten by others - such as physical security systems and biometric devices - to provide a more detailed picture of events.
We found this solution to be easy to deploy, configure and manage. After some quick preinstallation tasks, the setup application, which contains an easy-to-follow wizard, is launched. At the completion of the wizard, the product can now be configured from the GUI.
This offering really shines on the analysis side. It uses a combination of behavior analysis, network monitoring and file integrity monitoring, alongside of log correlation and configuration assessment, to create a full picture of weaknesses, risks or other threats. It then provides the option for manual or automatic remediation.
Documentation included installation, user and supplemental configuration guides. We found all of these PDF guides to be well-organized and easy to follow with clear, step-by-step instructions, screen shots, diagrams and examples.
As part of an annual contract, Prism offers 24/7 phone and email technical support.
With a price point of almost $20,000 for 50 server/syslog devices, we find this tool to be a reasonable value for the money. EventTracker incorporates a lot of solid functionality to provide a full and clear picture of security events wherever they may happen in the enterprise.