Strong Analysis Engine, Easy to use web interface. Setting up rules and alerts is also quite simple. In fact, we mostly use many of the inbuilt alerts and monitors with minor modification (primarily around the trigger levels). Integrates with many available vulnerability assessment tools like Nessus, Qualys and nMap to present a single view of your infrastructure status. No requirement for a separate RDBMS saves licensing costs.
Based on my interactions with peers and vendors, for smaller organizations it is much better than other more established competitors which may offer features but are too expensive or too big for your needs. At the higher end, can easily handle workloads similar to the larger players.
Improvements to My Organization
Web interface makes it quite easy to analyse and make sense of all the logs collected.
Room for Improvement
Support for all available environments, e.g. does not support AIX v7 or later. Some minor configuration parameters like date and time format are set as per US standards.
Use of Solution
1 year including initial 3 months fine-tuning all settings and alerts
Minor infrastructure issues primarily based on local vendor understanding of the tool deployment. Support from eIQ could resolve these quite quickly.
Suits my current purpose with plenty of buffer but the system is designed to scale.
Customer Service and Technical Support
Do not speak to eIQ directly but any issues raised by the vendor with them are quickly resolved or a response is given. Technical Support
Have not really used it as we have a competent vendor and get quick responses from eiQ in case of issues.
None. First solution deployed in the organization. Before this we only had logs stored locally.
Other than figuring out what you need to alert and at what levels, setup was quickly done. The templates already available help a lot but setting up a complex report did take some trial and error.
Vendor deployed and managed. Vendor was competent but required some back and forth with eIQ support.
No ROI calculated but gives me better visibility into events which I did not have earlier.
Pricing, Setup Cost and Licensing
Am working on an operating expense relationship with the vendor over a period of 3 years. Total expense in India is around $90,000 over 3 years for solution + implementation. Additional expenses for the monitoring (Vendor monitors all alerts through their SOC) and day-to-day server running expenses.
Other Solutions Considered
Evaluated ArcSight and Nitro and obtained reviews for a few others from within the group. Selected this based on sizing, reviews and commercial considerations.
It is quite a good solution for small companies who do not want to invest in larger well-known (and more expensive) solutions.
In fact, based on my experience so far and the documented capabilities of the solution, it should meet my SIEM and Threat Management needs as well for the next few years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jan 16 2016