EiQ Networks SecureVue v3.6.6
Strengths: Automated assessments, extremely scalable, easy to use interface.
Weaknesses: None apparent.
Verdict: A solid SIEM product. This one is our Recommended product.
SecureVue from EiQ Networks provides log gathering, correlation and analysis services for numerous operating systems, network and security devices, combining these services into a solid SIEM platform that offers vulnerability and compliance monitoring, incident management and configuration auditing in one easy-to-use package.
The setup was straightforward. We received a server preinstalled with the components, so after the normal physical installation of that device we only needed to configure our log sources. This was easy, as we only had to input our test network range into a form field and click the Scan button. Within just a few moments, all our networked devices appeared in a list of hosts, and after a few clicks they were managed by the system. We ran into a slight problem getting the collection agent to associate with the server, likely due to the fact that the review server we received had been on other networks before coming to our labs. A quick back and forth with the excellent EiQ support team remedied the issue.
SecureVue is comprised of two main components: the Central Server and the Data Collectors. The Central Server hosts the management console and performs all correlation and analytic functions and handles alerting and data archiving. The Data Collector component handles the log collection duties. It can also gather data to enable reporting on system vulnerabilities, configuration, asset information, system performance and network flow data through protocols like Netflow or sFlow. For larger deployments, the optional Data Processor component offloads some of the correlation and other work from the central server, allowing for load balancing while enabling the system to scale to support tens of thousands of devices. Analysis tools, auditing functions and forensic tools are available through the web-based console.
A large number of preconfigured dashboards are present, tailored toward monitoring performance, compliance, vulnerabilities, flow data and other metrics. Custom dashboards are easily created through a simple drag-and-drop interface, giving users access to report, compliance and monitor data at a glance. User accounts can be created locally or the system can integrate with Active Directory or RADIUS servers. Syslog, Windows Event logs, database logs and file-level monitoring is all handled seamlessly.
EiQ provides excellent documentation for SecureVue. Deployment, upgrade and user guides were all available through the product's support site, downloadable as PDF files.
The company offers two tiers of support: The standard package provides eight-hours-a-day/five-days-a-week phone, email and web support, and the premium expands those hours to 24/7.
SecureVue starts at £4,753 for the software, or £8,555 for the hardware appliance. Twenty-five device licenses are included in the base price, as well as one year of standard support. After the first year, standard support will cost 20 per cent of the product's base price, and premium is 27 per cent of base.
Prices are US-based, thus indicative only.