Netsurion EventTracker focuses primarily on security, threat hunting and data analysis for simplified compliance auditing. Netsurion designed this SIEM with security analysts in mind, providing them with many powerful tools that will help them identify suspicious activity and investigate it at the depth and pace that works best for them. The platform maximizes productivity with unsupervised machine learning and a customizable interface that makes data correlation quick and simple. With enhanced automation workflows, Netsurion’s EventTracker has efficient storage and search capabilities that expand the scalability of the platform.
With an everchanging threat landscape, organizations today require highly adaptive security tools. Netsurion has worked hard to meet this need, developing a solution based on what it calls the “PPDR model”: prevent, predict, detect and respond. EventTracker therefore includes built-in EDR functionality for prevention as well as continuous and incidental response.
EventTracker comes with several out-of-the-box dashboards that show a lot of valuable high-level information about environments. It includes an investigative Threat Map dashboard that shows all untrustworthy external IPs that have attempted to communicate with an environment. We could negotiate this Threat Map easily, clicking on various map dots to bring corresponding information into a threat intelligence feed. This feed reveals pertinent event details, such as its timeline and its appropriate threat category, that allows analysts to take action against an attack whenever necessary. We like the look of the interface, but some of the navigation feels disjointed due to some disorganization and some inconsistent menu locations.
The platform ties reports to dashboards and offers several template options, including compliance frameworks and vulnerabilities, for each of them. Security teams can store reports on the platform for up to 400 days and customize them according to their needs. For example, they can require EventTracker to date and time stamp all reports. They can require it to collect recipient signatures automatically and indelibly, so that no attacker or user can alter or delete this information. The Netsurion website also lists descriptions of all of the various compliance standards and frameworks that EventTracker supports. These features help organizations comply with standards, policies and regulations and prevent unnecessary frustration and difficulty during company audits.
Subscribers will have no trouble with installation since the required packages connect automatically. However, we had some difficulty trying to navigate the sensor software, especially when we compare it to our experiences with other solutions. We also recommend that Netsurion update some of its documentation since much of it populates in obsolete Windows 7 dialogue boxes.
Netsurion EventTracker is the only on-premises solution among this product-testing group and we admit that this SIEM and its accompanying sensor software take longer to set up than other solutions do. However, this platform includes so many useful features that we believe its value far outweighs the additional effort needed to get it up and running.
Pricing starts at $4,000 annually for EventTracker Log Management and $13,000 for EventTracker Security Center. These prices include 8/5 phone, email and website support. Customers have access to a knowledgebase and FAQ list. 24/7 support is available for an additional fee.
Tested by: Tom Weil