May 01, 2009
Approximately £14,000 for a typical 50-server setup
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature-rich SIEM, does not require a database licence, helping scalability
- Weaknesses: Depth of features will take some time to get used to. Not designed specifically for forensic use
- Verdict: Solid product with useful features, good value for money
EventTracker is a robust security information and event log management (SIEM) tool with a lot of features. It has extensive event tracking, with the ability to report these events. Prism Microsystems has successfully incorporated real-time analysis into one product that sets itself apart from other SIEM tools. Although not explicitly a forensic tool, it has a lot of functionality that is very useful in a network forensic environment.
Setup was straightforward. Post-installation, it was merely a matter of configuring the agents and pushing them to systems on the network. It has a substantial number of pre-defined rules, involving minimal configuration on the user's behalf. It has an easy-to-navigate control panel. While it does provide a number of useful features, it will take some getting used to.
EventTracker has many abilities which prove it to be an excellent performer. It can monitor and manage events from Windows (Vista/XP/2003/2K/NT) syslog and syslog-ng, Solaris BSM, z/OS, SNMP and flat file logs. Generating reports based on selectable criteria is both an easy and effective performance feature. Available disk space is effectively used through the use of a secure (SHA1) format that compresses log data.
Documentation is solid. There are multiple guides which cover a variety of topics, including installation guides, user guides, upgrade guides, as well as release notes. The installation guide provides a step-by-step walkthrough, including many helpful screenshots.
Prism has an in-depth support system. It features a FAQ page, online help page, extensive product documentation and feature usage. In addition, Prism Microsystems provides a series of video-based training tutorials. These help users to further their proficiency with the product and offer email and phone support.
With the first year of support included in the licence fee and a typical 50-server setup being approximately £14,000, the price is not unreasonable by any means. EventTracker is loaded with useful features, but will require some getting accustomed to. However, once you are familiar with its way of working, we see this as an excellent forensics and incident analysis tool.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry