Strengths: A SIEM with some bonus features such as USB device monitoring and remediation capabilities
Weaknesses: High cost
Verdict: A very capable SIEM with lots of useful features
EventTracker Enterprise from Prism Microsystems combines a lot of features. It can not only provide SIEM functions such as log monitoring, collection and analysis, but also USB device monitoring, system change management and automatic remediation by taking action to shutdown or restart systems or services based on policy.
Installation and configuration is quite straightforward. The product comes as a software package and once some prerequisites are met it basically installs itself. We found the installation wizard to be quite helpful in meeting the prerequisites by informing us if a component such as the .Net Framework was not installed and where we could download it from with a link. All further configuration and management is done through the web-based GUI, which was well organised with an intuitive design and layout.
EventTracker Enterprise provides a wealth of analysis features that make getting information on events and alerts quick and easy. All events are stored in their entirety to be easily searchable and an integrated EventTracker knowledgebase provides users with in-depth information on events.
Documentation includes an installation guide that illustrates all of the steps necessary to get the product installed and up and running in the environment. A user manual provides in-depth and detailed information on customising the product and how to configure the functions to get the most out of the software. Both of these manuals included many screenshots, diagrams, configuration examples and clear step-by-step instructions.
Prism Microsystems includes the first year of 24/5 phone and email support as part of the purchase price of the product. Support is then renewable on an annual basis as part of a 20 per cent fee. Customers also have access to an online portal with a knowledgebase and other resources.
EventTracker Enterprise is licensed per device. A mid-sized deployment of 600 devices (including 50-150 servers and 200 workstations) would cost £15,000, which makes it quite pricey but we find it to be good value for money based on its ability to integrate SIEM type features and analysis with some other extra bonus functions.