- FBI warns Hit Man e-mail scammer back
- 20 tech habits to improve your life
- Industry mourns slain Cisco exec
- 10 Firefox add-ons for better browsing
- Wireless LANs face scaling challenges
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Introduction|Are SIEM and log management the same thing?|Scorecard|How we did it|Slideshow|Test archive
Editor's note: This is a summary of our testing of this product, for a full rundown of how it fared in our testing across SIEM categories; please see our full coverage.
EIQ Networks' SecureVue is a multi-function product that offers SIEM functionality as one of its many components.
EIQ has taken a somewhat novel approach of gathering not only traditional device events and vulnerability information but also configuration and performance data. The product has one of the widest ranges of device support that we tested, and has the product's abilities to profile hosts via configuration "snapshots" and provide 3D views of events are certainly useful features. Unfortunately, the user interface is a bit rough. And, more seriously, it's pricey and many of the supporting tools are quite limited in functionality which makes it hard for us to recommend SecureVue for many traditional SIEM uses. That said, it was outside the scope of our test to explore SecureVue's non-SIEM-like functions – such as it's auditing and compliance management wares -- to see if they make up for the SIEM shortcomings.
SecureVue came to us on an Intel-based appliance running Windows 2003 eIQ Networks offers unique presentation features, but underlying SIEM need some improvement. eIQ Networks has done an impressive job of writing parsers for a wide range of formats and device types, and although the provisioning of new devices wasn't as smooth as High Tower's process, it was pretty close. We were also really impressed by SecureVue’s parsing editor; the tool allowed us to take log data of an unknown type, import it, and then select and match relevant fields (e.g. source IP address) by doing nothing more then highlighting the text on the screen. Very slick.
What we struggled with in our day-to-day use of the product was the awkward paths we had to take to view the data. For example, in most of the SIEM tools we tested there was an event overview table of some sort that allowed us to view all correlated alerts in real-time. Drilling-down into a correlated event to reveal the "trigger" events was usually a mouse click away, and double-clicking further lead us to the raw event log itself. Using SecureVue accomplishing the same tasks takes multiple steps; clicking on an alert leads you to a forensic report query, which then launches a different window to present the events leading up to that trigger. Once there, the event viewer was relatively inflexible; we couldn't easily sort on columns, re-arrange columns, or do any of the data "slicing and dicing" we wanted to do when performing initial investigative tasks.
Rss FeedRss Feed
Aging network systems and old habits have dictated how businesses spend their IT budgets. As a...
Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch OfficesThis paper reviews the problem of creating a network where the dynamic availability of services is...
Enterprise Data Center Network Reference ArchitectureUsing a High Performance Network Backbone to Meet the Requirements of the Modern Enterprise Data...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
Stay out of the headlines: Detecting and preventing network intrusionsHow do YOU stay out of the headlines? There is no denying that risk exists in our computer-driven...
We have so many holes punched in our firewalls today that many industry insiders question the value...
IP address management in 2008 - six things to knowRead this Network World Special Brief to learn how Enterprise IT managers must update their...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comments (1)
SIEM (Some Interesting and Expensive ways to spend Money)By Schratboy on August 6, 2008, 9:07 amThe hype around this space is nauseating. Spending $20,000 and up for the promise of proactive security management is pure folly. An IT manager can run a very secure...
Reply | Read entire comment
View all comments