EventTracker Enterprise v7.3
April 01, 2013
From c£3,017 per 10 servers
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: This product is a well-designed enterprise-class tool
- Weaknesses: Hard to find a substantial weakness
- Verdict: Version 7.3 of EventTracker Enterprise is a big leap forward in SIEM technology. Recommended
EventTracker Enterprise is comprehensive and designed to be scalable to address multiple locations, business units and domains using the EventTracker standalone, collection point and collection master architecture.
The latest version (7.3) expands/improves the offering in areas of file integrity monitoring, change audit, configuration assessment, cloud integration, event correlation and writeable media monitoring and management. Some of the other new features include: built-in ticketing system (with acknowledgement, search, notes and email); support for log4j and related standards, such as log4cxx, log4net, log4php; scheduled discovery of applications and systems; configurable behaviour rules to detect new and out-of-the-ordinary behaviour by user-specified thresholds, frequency or learned-behaviour thresholds; and risk-based prioritisation for incident identification and automatic or manual remediation solutions.
The product ships via software or as a virtual or hardware appliance. It uses a flat file database that is fully indexed for performance and a proprietary compression function that compresses the data 90 per cent or more for excellent storage management. The event data is encrypted and hashed to ensure the integrity of the information. The anonymisation feature issues an alert if tampering is attempted. Another strong feature is the integration of the Microsoft's Specialized Security - Limited Functionality (SSLF) hardening option to the EventTracker system. The SSLF was designed to help protect information in hostile environments and is required on certain government systems.
EventTracker provided a number of excellent documents to aid in its installation, configuration and use. Most useful were the install guide, hardening guide for EventTracker Server and the user manual.
Installation was quick and easy. The MSI application automatically set up the major prerequisites, including the database, web services and the Microsoft .Net Framework. Once the security group was created, it was populated with users (administrative and standard) and alerts and reports were generated and system attacks launched.
EventTracker Enterprise performed very well. Various dashboard views were populated based on the class of the event. There were a large number of pre-packaged reports, categories and alerts - making it easy to identify real incidents versus normal logging noise.
The product provided features to filter unwanted activity. Following a brief agent enrolment process a number of features were available for viewing and processing: email alerting; remediation; behaviour analysis; forensic search; change activity reporting; and compliance reports. The system provides a risk-based prioritisation facility for assets that we liked.
One of the most powerful set of features was found under the 'reports' tab by selecting 'compliance'. Equally rich functionality was found under the 'config assessment' tab and then by selecting 'report' and then 'benchmark'. There were a large number of report options and the benchmarks were categorised by publisher and system platforms, and systems were tagged and assessment launched. Once completed, the system reported the config assessment results.
The Open Vulnerability and Assessment Language (OVAL) results provided excellent references. Options are available for justifying deviations, but there are too many to address in this evaluation. Suffice it to say that this product is rich in high value - high quality functions that will help meet most of the known compliance requirements.
Support is a 24/7 fee-based service, which includes phone and email assistance, a portal via the website, a knowledgebase and FAQs. EventTracker also offers product support, design, planning, implementation services and training.
This tool hits all of the benchmarks for a top-tier SIEM and is money well spent.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry