EventTracker Valuable Features

Richard Teegarden
Network Manager at a energy/utilities company with 51-200 employees
The solution is on-prem and we also utilize them for fairly full, managed services. They do tend to babysit it quite a bit. We get daily reports that they piece together for us which walk through everything that they're finding and seeing. And we sit together in a monthly service call to walk through what they found over the course of the month, just to compare notes. We backtrack and check to make sure that nothing stood out and that we didn't miss anything or to hear if they've got any concerns or questions. They're putting in the time on a daily basis for us on that. Another valuable feature is that we've tied it into pretty much everything that we have. We've got it tied into our Office 365 and it's helping us monitor even the spam garbage there, the consistencies or the abnormalities on the spam. We've got it tied into our firewalls and into just about every appliance we have as a front-line or an in-between, including VPN and the authentication that is coming through there. It's also tied into anything that's cloud-based. We might tie into IIS logs, our antivirus logs. It's huge that it gives us that single dashboard overview of events happening, all at one time. It's been, tremendous for us. I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me. I can pass it along, not only my boss, but to senior management, if needed. I can show them what activity is being monitored, what types of incidents there are and the type of risk, if there is one. It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective. I just want to know what's going on on the end-points. If anything gets flagged, if anything's out of order, chances are pretty good we're going to get it flagged on a couple of systems, whether it's a desktop for a firewall or an outbound request. It might get flagged on our AV, but at least I'm seeing it across all of those systems at a given time. So I really appreciate having that single location to look for any event that might be something which warrants a little bit more work. I don't play around too much with the dashboard widgets, the stuff that's built-in. I get a daily report and, based on that, if I need to, I'll dig into it. So I don't customize things too much. I go back through things on a monthly basis as well. The dashboard is an easy enough layout and I've gotten used to using it or digging down deeper so I don't really change much in there. In terms of log importing, I've never really had any problems with it. Everything that's a syslog is a pretty easy tie-in and pull-through. Anything else that's agent-based, like a desktop, we've had very few problems with. Microsoft's Direct Access, their direct-access, always-on VPN product was a little bit of a tough one that we had to work through to get those to pull across. But overall, the agents seem to be pretty stable, pretty efficient. They're pulling through everything that we need at this point. Anytime we've pulled in, whether it's an antivirus product - we've gone through a couple of them - various appliances, even Office 365, it has been very well-versed on all the major brands out there. If we want to pull those in or pull in the syslogs or pull in those events, we've never had an issue. View full review »
Geremy Farmer
Information Technology Coordinator at Magnolia Bank, Incorporated
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in. We can resolve the issue a whole lot quicker than waiting for the user to call us and figure out that they're locked out of the network or need some assistance with their password or the like. The system's UI is pretty good, intuitive, and user-friendly. EventTracker SIEMphonic has been a good add-on piece because doing all the logs can be time-consuming. Having a nice, weekly summary report, and the supplemental logs with them, in the event that you need to dive in any further, is helpful. Having somebody else reviewing those logs as well, on their team, is very helpful and beneficial to us. View full review »
Bryan Caporlette
Chief Technology Officer at G&G Outfitters Inc
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats. I don't have a CISO and don't have the budget to bring a CISO in. Therefore, it basically allows me to outsource the information security officer to EventTracker and have them perform that role for the company. With the dashboards, I can very quickly see if there are any pending threats or anything that I should take action against. It has a very easy to use interface. Instead of having to go run reports and digging through millions of entries of data, I can have a couple of key metrics brought right up to me through the dashboard and be able to review that information, then either send it on to my networking team to address something or have comfort that we're in a good footing security-wise. The solution's UI is very good now. It went through a transition phase from four years ago to today. With each iteration, we started on version 6 or 7, then we went to 8, and now we're on 9. Each one has been a large improvement for user usability and the user interface. It is more modern and easier to use. We usually view it on Internet Explorer or Chrome. I use my laptop to view it and find it a comfortable view. I rely on them to tell me what features should be rolled out and come out. They are always introducing me to new threats and other thing that we need to be looking out for. They say, "By the way, we're looking for these now on the weekly report for you." They are the ones that I just outsourced this to. View full review »
Find out what your peers are saying about Netsurion, Splunk, AT&T and others in Security Information and Event Management (SIEM). Updated: September 2019.
372,124 professionals have used our research since 2012.
Sean Sheil
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring. The ability to import log data into the solution is very good. It consolidates that information and stores it in a compact manner. It doesn't use a huge amount of disk space to store the history of the logs but still gives us the ability to pull various reports as we need them. View full review »
Consultib253
Consulting Engineer at a tech vendor with 10,001+ employees
We can search all event logs and domain controller security events. The dashboard is laid out very well. I handle all the group policy compliance settings, and I get to play the bad guy who locks everybody down. The UI is fairly good. I have a laptop that I use to connect remotely. I use the simple console, which is sitting at work, and connect to it directly. View full review »
Assistan6279
Assistant LAN Administrator at a non-profit with 10,001+ employees
The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like. The reports are fine the way they are. The dashboard is also fine. We haven't configured the dashboard widgets; we just basically go with the default that was there. The dashboard helps by organizing things for us. Overall, the UI is very helpful. It's user-friendly and relatively intuitive. View full review »
Find out what your peers are saying about Netsurion, Splunk, AT&T and others in Security Information and Event Management (SIEM). Updated: September 2019.
372,124 professionals have used our research since 2012.
Sign Up with Email