Content

Core Security Event Manager 6.4

Core Security Event Manager consolidates and normalizes data sources to give events context and differentiate true threats from benign activities. The platform streamlines data from numerous applications into one central location, alleviating burdensome workloads from security teams and ensuring they receive only high priority alerts.

Event Manager’s flexibility makes adding customized data easy and virtually limitless. To ingest log information, simply select the log type. Event Manager will then adjust and parse the data according to type and then begin monitoring. This data customization capability adds tremendous value for those leveraging in-house applications.

With a built-in health check, the monitoring capabilities of this SIEM extend even to the system itself. Any and all Event Manager performance issues will trigger an alert so security teams can rest assured that alert silence means all is well with this SIEM. Event Manager also configures, stacks and classifies rules and notifications with ease. Subscribers may choose from several customizable, pre-built data streams and types with various applicable security to reduce alert fatigue and help security teams quickly filter for meaningful information.

We like the single-pane view of the dashboards and its ability to create user-controllable, real-time views. This feature adds a lot of value because it allows for quick access to detailed information, making the user experience feel intuitive. Views can be created on almost anything with extensive sorting, filtering and built-in regulatory views that can be shared. One item that frustrated us, however, was the apparent inability to drilldown into each data point.

The rules and threat feeds generate data automatically, allowing for quick identification of incidents, threats and highlights. Incidents are considered malicious and therefore require immediate investigation and response. Threats are potentially malicious. The SIEM scores them and pushes them to security teams for possible further remediation. Highlights are low priority items. Security teams should be aware of existing highlights but may not need to act on them.

Event Analysis has many valuable filtering abilities that optimize the investigation process. Event Analysis can extend a search so that it includes other data points that occurred around the same time as the event in question, finding correlations and quickly chaining them into the investigation. We noticed the investigation chain is not as graphically impressive as ones in other tools, but this look has little impact on usability and the filtering and event drilldown functionalities more than make up for the outdated aesthetic. One other feature we believe Event Analysis lacks is the ability to drilldown into individual data points. However, hovering over each data point does yield some information.

Overall, Event Manager is very cost-effective and easy to use, which makes it a particularly attractive solution to those who have never had a SIEM. This solution comes with a tremendous amount of intelligence and automated alerts, so security teams of any size can manage it with confidence.

Pricing starts at $9,000 for an annual license subscription and includes 24/7 phone, email and website support. A perpetual license fee option is available, for which support can be purchased at 20 percent of the license fee. Customers also have access to a knowledgebase and FAQ list.

Tested by: Matthew Hreben

Product title
Core Security Event Manager 6.4
Product info
Vendor: Core Security, a HelpSystems Company Contact: www.coresecurity.com Price: $9,000 /Free Version: $0
Strength
Event Manager is cost effective and easy to use, which makes it a particularly attractive solution to those who have never had a SIEM.
Weakness
We wish this solution had the ability to drill down into individual data points.
Verdict
This offering comes with a tremendous amount of intelligence and automated alerts, so security teams of any size can manage it with confidence.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds