Strengths: Full-featured SIEM with many predefined log sources and compliance reports.
Weaknesses: Initial configuration is slightly difficult.
Verdict: A much-better-than-average SIEM living up to the Trustwave legacy of first-rate products.
SummaryThe Trustwave SIEM appliance is designed to collect, normalize, analyze and store events and logs from a wide array of network devices and security products. Administrators can then use all of the collected data to do forensic analysis of security events along with compliance management and reporting. The most interesting function of this product is its deployment flexibility. The Trustwave SIEM can be deployed as a standalone appliance that is managed by the organization or it can be deployed as a managed appliance that is monitored by Trustwave to keep everything up to date and functioning properly. If an organization deploys a managed appliance, it also has the option to have Trustwave provide analysis of mission-critical data.
Not much has changed with installation and management of the appliance since we saw it last year. The initial setup is quite straightforward. It is guided by a setup wizard, which can be accessed via a web browser that goes to the IP address of the appliance. At the completion of the initial setup, all further configuration is done using the web-based management interface. Overall, we found this to be intuitive to navigate, but we still had to spend some time navigating around and getting familiar with how to configure log sources and get the appliance collecting logs. We would like the process of adding and managing devices to be a little more intuitive.
We found this appliance to offer a lot in terms of analysis capability. The product comes preloaded with preconfigured collectors for many types of devices, including routers, switches, Windows-based event logs, and some generic log sources. Custom log sources also can be added if needed and, at no charge to the customer, Trustwave will help add support for any commercially available device.
Along with the preconfigured collectors, this appliance features many predefined compliance and policy templates that make overall analysis of events quite simple. Trustwave is also constantly pushing new updates to the appliance, which include updated log parsing definitions, new and updated reports, new charts and correlated alert definitions. This ensures that log and compliance analysis is always up to the latest standards and alerts are always kept up to date.
The Trustwave SIEM comes with a good amount of documentation. We found all of it to be well-organized and easy to follow.
Trustwave offers support to customers through an annual agreement. Customers can purchase 12/7 or 24/7 support, which includes access to phone- and email-based technical support. Also available to customers is an online assistance portal, which includes a knowledge base, FAQ section and many other helpful resources.
At a price of $19,000, we find the Trustwave SIEM to be a reasonable value for the money. The appliance offers a lot in the way of features and analysis capability, as well as ease of management, particularly after the initial configuration is complete.