- Microsoft will float cloud OS this month
- Top 16 Chinese iPhoneys
- Pimp your ride: Cool car technology
- Laptop stolen from McCain campaign
- Cisco, Microsoft roll out server, networking appliance
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Value of WDS
Introduction|Are SIEM and log management the same thing?|Scorecard|How we did it|Slideshow|Test archive
Editor's note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across SIEM categories; please see our full coverage.
EIQ Networks' SecureVue is a multi-function product that offers SIEM functionality as one of its many components.
EIQ has taken a somewhat novel approach of gathering not only traditional device events and vulnerability information but also configuration and performance data. The product has one of the widest ranges of device support that we tested, and has the product's abilities to profile hosts via configuration "snapshots" and provide 3D views of events are certainly useful features. Unfortunately, the user interface is a bit rough. And, more seriously, it's pricey and many of the supporting tools are quite limited in functionality which makes it hard for us to recommend SecureVue for many traditional SIEM uses. That said, it was outside the scope of our test to explore SecureVue's non-SIEM-like functions – such as it's auditing and compliance management wares -- to see if they make up for the SIEM shortcomings.
SecureVue came to us on an Intel-based appliance running Windows 2003 eIQ Networks offers unique presentation features, but underlying SIEM need some improvement. eIQ Networks has done an impressive job of writing parsers for a wide range of formats and device types, and although the provisioning of new devices wasn't as smooth as High Tower's process, it was pretty close. We were also really impressed by SecureVue’s parsing editor; the tool allowed us to take log data of an unknown type, import it, and then select and match relevant fields (e.g. source IP address) by doing nothing more then highlighting the text on the screen. Very slick.
What we struggled with in our day-to-day use of the product was the awkward paths we had to take to view the data. For example, in most of the SIEM tools we tested there was an event overview table of some sort that allowed us to view all correlated alerts in real-time. Drilling-down into a correlated event to reveal the "trigger" events was usually a mouse click away, and double-clicking further lead us to the raw event log itself. Using SecureVue accomplishing the same tasks takes multiple steps; clicking on an alert leads you to a forensic report query, which then launches a different window to present the events leading up to that trigger. Once there, the event viewer was relatively inflexible; we couldn't easily sort on columns, re-arrange columns, or do any of the data "slicing and dicing" we wanted to do when performing initial investigative tasks.
Rss FeedRss Feed
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Vulnerability Management For DummiesDownload this concise book "Vulnerability Management for Dummies," to learn about the simple steps...
Security Considerations When Deploying Remote Access SolutionsEffective network security is most successful when you use a layered approach, with multiple...
The Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...
Turning information into a Competitive AdvantageCompanies today are realizing that competitive advantage is harder to sustain when based solely on...
PoE Plus: Impact on the PoE MarketThe standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
SIEM (Some Interesting and Expensive ways to spend Money)By Schratboy on August 6, 2008, 9:07 amThe hype around this space is nauseating. Spending $20,000 and up for the promise of proactive security management is pure folly. An IT manager can run a very secure...
Reply | Read entire comment
View all comments