April 01, 2013
From c£8,211 (software only) or c£16,000 (appliance-based) for 25 devices
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: A well designed and vetted product
- Weaknesses: Minor improvements in the documentation of features not commonly known
- Verdict: Very good product for mid-sized to large enterprises
SecureVue from eIQ Networks provides all of the elements one would expect in a SIEM - log consolidation, threat correlation, incident management (including ticket issuance), event analytics, forensic analysis, compliance reporting, change auditing, event alerting, an array of user definable/customisable alerting and reporting options, and more. It also provides a friendly incident management workflow that helps keep the process clear and easy to follow, but this is just the beginning.
The performance of SecureVue approaches phenomenal. The reporting function features a fully indexed proprietary data store that generates near-instantaneous reports. The development of policies and the flexibility of reporting and alerting are intuitive and easy to use. The highly customisable dashboard is excellent, providing clean graphs and tables. There is also a built-in software development kit (SDK) to help aggregate data from third-party tools into the SecureVue server.
To aid in installation of SecureVue, a two-page instruction document was provided, presumably since it was pre-configured on a hardware appliance. It would have been convenient if there had been a user manual to reference some of the features that are not as common as others.
The appliance was connected to dynamic host configuration protocol (DHCP) in the lab, so at start-up the only information that was required was the admin password. After logging in to the SecureVue server, time was spent becoming familiar with the settings and options. Simple mail transfer protocol (SMTP) would not accept email setup because the product disallowed special characters in the user ID for SMTP authentication. A number of lab systems were enrolled (via agents) into the SecureVue appliance. This activity took about five minutes per system enrolled. To test the features of the product, a series of progressive network attacks were performed.
This is an industrial strength tool. The dashboards are uncluttered and intuitive and the product comes with approximately 1,500 prepared reports. User-definable reporting is available if one wishes to create something a little different. There is also a robust set of compliance reporting and account policies are editable for special needs. The company's Security Center provides change monitoring and instant reporting is generated on differences from previous snapshots. There are a large number of predefined alerts and in addition, the system can generate correlation alerts and intelligent alerting. Like most other high-end SIEMs, SecureVue uses a fully indexed flat-file database.
Initial price for support includes one year of maintenance (software upgrades and assistance). Follow-up maintenance is priced at 20 per cent annually. EIQ Networks eCare support is offered with two possible options: standard (eight-hours-a-day/five-days-a-week) and premium (24/7). SecureVue NGS includes one year of assistance as part of the purchase price. Service options (outside of standard) can be purchased, which include implementation, training, health checks and custom-scoped services. In addition, the company offers aid on its website, as well as a knowledgebase and a FAQs feature.
The cost of this offering is higher that many other SIEMs, but it is still money well spent given the quality of features and services.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report