Content

Netsurion EventTracker 9.2

Netsurion EventTracker focuses primarily on security, threat hunting and data analysis for simplified compliance auditing. Netsurion designed this SIEM with security analysts in mind, providing them with many powerful tools that will help them identify suspicious activity and investigate it at the depth and pace that works best for them. The platform maximizes productivity with unsupervised machine learning and a customizable interface that makes data correlation quick and simple. With enhanced automation workflows, Netsurion’s EventTracker has efficient storage and search capabilities that expand the scalability of the platform.

With an everchanging threat landscape, organizations today require highly adaptive security tools. Netsurion has worked hard to meet this need, developing a solution based on what it calls the “PPDR model”: prevent, predict, detect and respond. EventTracker therefore includes built-in EDR functionality for prevention as well as continuous and incidental response.

EventTracker comes with several out-of-the-box dashboards that show a lot of valuable high-level information about environments. It includes an investigative Threat Map dashboard that shows all untrustworthy external IPs that have attempted to communicate with an environment. We could negotiate this Threat Map easily, clicking on various map dots to bring corresponding information into a threat intelligence feed. This feed reveals pertinent event details, such as its timeline and its appropriate threat category, that allows analysts to take action against an attack whenever necessary. We like the look of the interface, but some of the navigation feels disjointed due to some disorganization and some inconsistent menu locations.

The platform ties reports to dashboards and offers several template options, including compliance frameworks and vulnerabilities, for each of them. Security teams can store reports on the platform for up to 400 days and customize them according to their needs. For example, they can require EventTracker to date and time stamp all reports. They can require it to collect recipient signatures automatically and indelibly, so that no attacker or user can alter or delete this information. The Netsurion website also lists descriptions of all of the various compliance standards and frameworks that EventTracker supports. These features help organizations comply with standards, policies and regulations and prevent unnecessary frustration and difficulty during company audits.

Subscribers will have no trouble with installation since the required packages connect automatically. However, we had some difficulty trying to navigate the sensor software, especially when we compare it to our experiences with other solutions. We also recommend that Netsurion update some of its documentation since much of it populates in obsolete Windows 7 dialogue boxes.

Netsurion EventTracker is the only on-premises solution among this product-testing group and we admit that this SIEM and its accompanying sensor software take longer to set up than other solutions do. However, this platform includes so many useful features that we believe its value far outweighs the additional effort needed to get it up and running.

Pricing starts at $4,000 annually for EventTracker Log Management and $13,000 for EventTracker Security Center. These prices include 8/5 phone, email and website support. Customers have access to a knowledgebase and FAQ list. 24/7 support is available for an additional fee.   

Tested by: Tom Weil

Product title
Netsurion EventTracker 9.2
Product info
Vendor: Netsurion Contact: www.eventtracker.com Price: Log Management: $4,000 annually // Security Center: $13,000 annually
Strength
This SIEM was designed with security analysts in mind and provides them with many powerful tools that help identify and investigate suspicious activity at the depth and pace that works best for them.
Weakness
This SIEM and its accompanying sensor software take longer to set up than other solutions do. However, this platform includes so many useful features that we believe its value far outweighs the additional effort needed to get it up and running.
Verdict
The platform maximizes productivity with unsupervised machine learning and a customizable interface that makes data correlation quick and simple.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds