Strengths: A well designed and vetted product
Weaknesses: Minor improvements in the documentation of features not commonly known
Verdict: Very good product for mid-sized to large enterprises
SecureVue from eIQ Networks provides all of the elements one would expect in a SIEM - log consolidation, threat correlation, incident management (including ticket issuance), event analytics, forensic analysis, compliance reporting, change auditing, event alerting, an array of user definable/customisable alerting and reporting options, and more. It also provides a friendly incident management workflow that helps keep the process clear and easy to follow, but this is just the beginning.
The performance of SecureVue approaches phenomenal. The reporting function features a fully indexed proprietary data store that generates near-instantaneous reports. The development of policies and the flexibility of reporting and alerting are intuitive and easy to use. The highly customisable dashboard is excellent, providing clean graphs and tables. There is also a built-in software development kit (SDK) to help aggregate data from third-party tools into the SecureVue server.
To aid in installation of SecureVue, a two-page instruction document was provided, presumably since it was pre-configured on a hardware appliance. It would have been convenient if there had been a user manual to reference some of the features that are not as common as others.
The appliance was connected to dynamic host configuration protocol (DHCP) in the lab, so at start-up the only information that was required was the admin password. After logging in to the SecureVue server, time was spent becoming familiar with the settings and options. Simple mail transfer protocol (SMTP) would not accept email setup because the product disallowed special characters in the user ID for SMTP authentication. A number of lab systems were enrolled (via agents) into the SecureVue appliance. This activity took about five minutes per system enrolled. To test the features of the product, a series of progressive network attacks were performed.
This is an industrial strength tool. The dashboards are uncluttered and intuitive and the product comes with approximately 1,500 prepared reports. User-definable reporting is available if one wishes to create something a little different. There is also a robust set of compliance reporting and account policies are editable for special needs. The company's Security Center provides change monitoring and instant reporting is generated on differences from previous snapshots. There are a large number of predefined alerts and in addition, the system can generate correlation alerts and intelligent alerting. Like most other high-end SIEMs, SecureVue uses a fully indexed flat-file database.
Initial price for support includes one year of maintenance (software upgrades and assistance). Follow-up maintenance is priced at 20 per cent annually. EIQ Networks eCare support is offered with two possible options: standard (eight-hours-a-day/five-days-a-week) and premium (24/7). SecureVue NGS includes one year of assistance as part of the purchase price. Service options (outside of standard) can be purchased, which include implementation, training, health checks and custom-scoped services. In addition, the company offers aid on its website, as well as a knowledgebase and a FAQs feature.
The cost of this offering is higher that many other SIEMs, but it is still money well spent given the quality of features and services.