The primary use case is SIEM vulnerability and IDS.
The primary use case is SIEM vulnerability and IDS.
It is protecting us from cyber threats.
We get a lot of information security audits from our larger clients. I wanted to be able to have intrusion detection and prevention, vulnerability scanning, and SIEM because those are always the questions, "Do you maintain your logs? Do you look at them? How do you take proactive action?" EventTracker managed service gives me the right answers for all those questions and has saved me time when answering these questions.
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats.
I don't have a CISO and don't have the budget to bring a CISO in. Therefore, it basically allows me to outsource the information security officer to EventTracker and have them perform that role for the company.
With the dashboards, I can very quickly see if there are any pending threats or anything that I should take action against. It has a very easy to use interface. Instead of having to go run reports and digging through millions of entries of data, I can have a couple of key metrics brought right up to me through the dashboard and be able to review that information, then either send it on to my networking team to address something or have comfort that we're in a good footing security-wise.
The solution's UI is very good now. It went through a transition phase from four years ago to today. With each iteration, we started on version 6 or 7, then we went to 8, and now we're on 9. Each one has been a large improvement for user usability and the user interface. It is more modern and easier to use. We usually view it on Internet Explorer or Chrome. I use my laptop to view it and find it a comfortable view.
I rely on them to tell me what features should be rolled out and come out. They are always introducing me to new threats and other thing that we need to be looking out for. They say, "By the way, we're looking for these now on the weekly report for you." They are the ones that I just outsourced this to.
The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them. That gets frustrating.
It has been very stable for me. I can't say that I have ever known it to be down in the last four years unless we were rebooting it ourselves to do maintenance, like caching on the server.
Version 9 was a tremendous upgrade for the dashboard. The performance of the new version with the Elasticsearch edition is a real improvement. Previously, running reports would take a long time, and now reports are very easy to slice and dice, then look through the data and dashboards. The dashboards are very helpful if I want to add a new widget. I can email the control center, then they will just add it to my dashboard for me.
It has accomplished what I wanted it to accomplish. If anything, I'm downsizing servers by moving it to the cloud. So, I'm not really adding more to what it needs to manage.
A network engineer and I are the two users for this solution. It is currently deployed across all of our desktops, servers, and VMs. I don't have any expectations to expand it, except for if I hire a new employee and put a new desktop in, but I doubt we are going to be putting new servers in.
We are getting on average 1.6 to 1.7 millions events a day.
The technical support is very good and responsive. If I send an email to them, I always get a response within an hour. I don't generally have any emergencies happen. When we've had an emergency situation, they've also been really good to jump on and help remediate the situation. For example, we had a virus that was detected, and they were the ones that identified it early on during their review of the SIEM. They were there to help us through the remediation, getting it blocked, and blocking any exfiltration that the virus was trying to do. Afterwards, during the post-mortem and giving me documentation on what they had seen, how we'd reacted to it so that I can put together a post-mortem for the executive team, they participated in that. Overall, they have a really strong support team.
We did not use another solution prior to EventTracker.
The initial setup was straightforward because they did it. We just had to give them a virtual machine that met their specs, then they installed the software and got it all configured for us. So, it was pretty easy and only took a network engineer from our company.
It did not take more than a couple days to get everything installed, running, tuned, etc. We installed the software first, then we installed the agents second.
We have a network engineer doing the maintenance for it.
Netsurion did the installation. We did not work with a third-party consultant.
I haven't measured the ROI. We don't do normal budgets, as we are not that big of a company. We are mid-sized.
The pricing and licensing seem very reasonable. The managed service part of it feels like it gives me the equivalent of a full-time engineer for a lot less money. So, I feel it's a good value.
I was doing a cursory review of different things by doing a web search, like a Google search, and looking at different options. I came across Netsurion, who are local to us, and I knew the VP of Sales, and I always like to work with people who I have a relationship with.
The solution has been everything that I've asked for from a service standpoint, software standpoint, and support. I have no complaints.
My advice would be to engage them to do the installation. The managed service is great value which saves you a full-time employee on your staff by being able to outsource it to EventTracker to review all the logs and cull through the data to make recommendations and identify threats, then how to remediate them. They provide it to you in your weekly or daily report, depending on how frequently you want to have them do it, which is based on your compliance. If you have compliance requirements for HIPAA, PCI, etc., it is a great benefit to help an organization meet their compliance requirements.
We have internal staff resources for internal incident management. We leverage the EventTracker SOC team. When we detected the virus, we kept in contact with the EventTracker SOC team and sent them emails, and they would call me and say that they see it on this server or that desktop, and we'd go and take it off of the network and clean it. Then, we would put it back on and they'd watch to see if they saw any traffic that was not supposed to be coming from that server. For the whole remediation process, they were sort of part of the team.
Data is all configured to automatically go in. We deployed their agents, and those agents just send the log data directly to the SIEM. We don't manually upload anything.
We did not integrate it with any other solutions.