Product Overview of EventTracker (Netsurion)
Introduction
Netsurion’s EventTracker is a comprehensive security information and event management (SIEM) platform designed to provide organizations with robust protection against evolving cyber threats. It integrates advanced security features, threat detection, response, and compliance management to ensure a secure and efficient business environment.
Key Features and Functionality
Adaptive Security Architecture
EventTracker operates on the “PPDR model”: prevent, predict, detect, and respond. This model enhances the platform’s effectiveness in addressing cybersecurity threats through a combination of prevention, continuous prediction, detection, and rapid response mechanisms.
Real-Time Monitoring and Analysis
The platform offers real-time monitoring capabilities, including network traffic analysis, bandwidth utilization, device discovery, SNMP monitoring, and syslog collection. These features enable security teams to monitor and analyze events in real-time, ensuring prompt action against potential threats.
Threat Detection and Response
EventTracker includes built-in Endpoint Detection and Response (EDR) functionality, which protects against threats and the lateral movement of attacks. It provides visibility into potential risks, allowing for fast-tracked responses before significant damage occurs. The platform also features incident response playbooks and automated remediation to streamline the response process.
Alert and Notification System
The platform generates alerts based on critical events such as security breaches and performance problems. Users can configure an unlimited number of rule-based alerts with customizable event criteria, including the ability to minimize false positives and automate actions upon event detection. Alerts are evaluated using a risk metrics system that considers threat levels and thresholds before notification.
Compliance and Reporting
EventTracker supports various compliance standards and frameworks, including GDPR, and offers extensive reporting options. It provides preconfigured reports to support regulatory requirements and allows for the customization and storage of reports for up to 400 days. Reports can be date and time stamped, and recipient signatures can be collected automatically to ensure integrity.
Customizable Dashboards and Interface
The platform includes several out-of-the-box dashboards that display high-level information about the environment. These dashboards are customizable, allowing users to create tailored views that suit their needs. The interface, though sometimes disjointed, offers a Threat Map dashboard that shows untrustworthy external IPs and provides detailed threat intelligence feeds.
Machine Learning and Behavior Analytics
EventTracker leverages unsupervised machine learning for time series anomaly detection, enhancing its ability to identify suspicious activities. It also integrates behavior analytics to protect organizations against cybersecurity threats, making it simpler for security analysts of all skill levels to manage security effectively.
Log Management and Storage
The platform features efficient log management and storage capabilities, powered by Elasticsearch. It allows for the collection, analysis, and storage of logs, ensuring that historical data is readily available for analysis and compliance purposes.
Integration and Scalability
EventTracker can be deployed on-premises or in the cloud, offering flexibility and scalability. It integrates with other security tools and provides automated workflows, enhancing productivity and reducing the complexity of security management.
Support and Deployment
- Installation: While the on-premises solution may take longer to set up compared to other solutions, the installation process is made easier with a pre-install checklist and straightforward deployment options via command prompt or GUI.
- Customer Support: EventTracker offers phone and email support, with the option to purchase 24/7 support for an additional fee.
Conclusion
In summary, Netsurion’s EventTracker is a powerful SIEM solution that combines advanced security features, real-time monitoring, and compliance management to provide comprehensive protection against cyber threats. Its customizable interface, automated workflows, and robust reporting capabilities make it an invaluable tool for security teams across various organizations.