Netsurion EventTracker Benefits

JohnBandy
Chief Information Security Officer at Samford University
The solution saves me at least half an FTE, some 20 hours a week. If I didn't have the managed services, I would have to have another half an FTE just to do the work that they do for us. EventTracker has assisted our server administration team as well. If they're having software problems or access problems or the like, they have the ability, with all the logs now centralized in one place, to go to one place and do those searches, rather than to go individually, server by server by server, and try to figure it out. It's also tied into our enterprise firewall, which is Palo Alto. It really helps them in their troubleshooting time if they're having an issue. So one side of it is the information security side: It helps us if we have an incident, if we have something going on that we need to look into to see if it's a false-positive or something that needs to be taken care of. But the other side is the operational efficiency, where it would really take a lot of time to try to figure it out server by server. They can go to one place which has all those server logs. Plus there's an archive copy of them, so they don't have to keep as many logs locally on the individual servers. Once it makes it to EventTracker, they can keep that window pretty small and don't have to burn a lot disk space on the local servers. I also feel that EventTracker has better integration. Almost any product could integrate with just about anything else, given enough time and resources. But that's part of the managed services that we contract with EventTracker. We've actually got it tied into Sophos for antivirus. We've got tied it into Office 365. I mentioned earlier, the Palo Alto firewalls, and it's also tied into our Cisco networking equipment. So we've got all the critical infrastructure pieces integrated and all of those were integrations out-of-the-box-that I probably could have figured out if I had enough time. But I tell them what I'm trying to do and either they have a white paper which gives me one, two, three steps to do it, or they actually take over. I give them a service account. They take over, they do it, we do some testing and we go live with it. Everything we have is a real-time feed. We don't have anything that is just batch and then it reads it in later. Especially on those real-time alerts that I mentioned, I know about each of those literally within minutes after it happens, because it's a real-time feed. The alert fires and sends me an email or a text, whichever I have set up. We're also very impressed with EventTracker SIEMphonic. That's what they've renamed their SIEM tool. We use it quite a bit now. They've got something called potential insider threats that we look at on a pretty regular basis. Those are things like account creations and the like. A SIEM tool doesn't necessarily know, just because an account is created, whether it shouldn't have been created or if somebody created it to try to hide their tracks. Also, seeing things like logs being cleared on servers has been very helpful to us. We would have no other good way to get visibility into those types of things. An extension of that is the alerts that we talked about. It's really been really invaluable for us to get insight into our environment. There'd be no other way for us to really get that without either SIEMphonic or one of its competitors. View full review »
Richard Teegarden
Network Manager at a energy/utilities company with 51-200 employees
It's come in tremendously handy. We've had small incidents crop up that we've been able to isolate immediately or dig further into because of this. Without that "full-glass" look at everything we've got going on in our environment at a particular time, we would be chasing our tail a little bit: "What's happening here? Do I need to go look here? Do I need to go look there?" The ability to pull those logs in from not only all of our desktops, all of our servers, all of our appliances, but from anything else that could be logging an event, has been tremendous for us. It has limited the time that I've had to spend combing through any device and syslogs. For example, firewalls: I'd be looking through events to try to find out if anything looks abnormal. EventTracker not only does centralized tracking, but it does a fair amount of behavioral analysis as well. It tells us: "Hey, here are events we haven't seen before." It even calls to my attention processes that are new, including unsigned processes that we need to be aware of in our environment. We also utilize their Snort plugin on the front-end. It indicates traffic that's coming in that we might want to be aware of. We tend to start blacklisting and block-listing a tremendous amount of external IPs based upon things that the solution sees on the outside. Those could just be events hitting our firewall, but unless I'm sitting there watching my firewall on a continuous basis, I'm probably going to miss a lot of them. EventTracker is collecting that and pulling it all into a quick and easy notification. On a daily basis, I get that report to rehash: "Did you see these things? Are these acceptable? Here's behavior that we haven't seen before from this particular user." It makes me aware of things so that I can validate. It gives me a good check and balance on what we have going on in the environment and what they're seeing through a collection of event logs. Because we've been using it for so long in our environment, I've pushed my daily duties onto other things. I've moved into other areas since I don't have to constantly monitor this equipment or the logs or check back on things. It's probably cut down 50 percent of my workload, in terms of tracking and watching and trying to play a little bit of triage after the fact. It's giving me heads-up notifications immediately. Then, as we hash back through things, either on a daily or monthly basis, we're looking at what it's finding and what we are missing. Are there things that are still cropping up that haven't been taken care of that maybe slipped through the cracks? It's not only cut down a ton of my time but even our staff time which used to be spent watching and maintaining logs on various products. View full review »
MarkOlson
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees
The result of the reports on activity and the archiving for research has been that the operational teams are more consistent in the usage of standard practice which, from an efficiency perspective, has removed the need for the information security team to investigate issues that are out-of-norm activities. We are no longer doing an internal incident three or four times a week. We may do three or four in a month. That saved us significantly on the incident investigation side. We have pulled back 10 hours a week, on average, just from the security team. I would contend that it's probably also saved time that I'm not able to measure from the operations team because now they're not remediating things that we're pushing to them, and the user community is getting a more consistent experience from the support teams as a result. There's this downstream value that I don't think people really think of when they look at products like this: What is the cause and the effect that it has on operations? In our case, it was to improve the efficiency and the consistency of the operations which, in turn, resulted in the user community getting a better experience. It's really hard to measure the user community improving its view and opinion of the IT support teams. View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
420,062 professionals have used our research since 2012.
JeffHaidet
Director of Application Development and Architecture at South Central Power Company
Their run-and-watch service (now renamed SIEMphonic) has saved from having to hire at least one FTE. In addition, having an expert set of eyes on things and their assistance with rules has been a huge time saver. They've been a really good partner. We are logging everything from Windows client workstations through our server stack, through important, critical web and cloud pieces, like Office 365 logs and web server logs. The latter would include IIS and Apache. All of that information is being streamed directly into, and assimilated by, the EventTracker product. It seems to be doing the job quite well. Having that visibility into the data is useful. Their interface is simple enough for us to be able to use but advanced enough that if we wanted to do some more advanced queries — which some of their competitors admittedly do a little better out-of-the-box — it hits the wheelhouse perfectly. We're signed up for their weekly observations, so if they find something big they're going to notify us immediately. But having a management-level synopsis once a week has allowed us to not only replace the one FTE, but also streamline our prioritization of work, based off that data, as well. View full review »
reviewer1154436
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees
We send the Snort IDS alerts to EventTracker, e.g., high level ones like Ransomware and data leak type alerts, we are sending the Snort alerts to EventTracker. For things like ransomware, data leaks, and data exfiltration, we have higher incident reports created, so then it also gets sent to our email and phone. As an example, this Saturday night around four o'clock, we were alerted to an incident from EventTracker. They got a Snort alert about a data leakage or data exfiltration. It was a false positive, and that is good. But, this is just one way we use EventTracker. View full review »
Geremy Farmer
Information Technology Coordinator at Magnolia Bank, Incorporated
It gives us a real idea of our network environment, VPN access, alerts and more. We are able to identify where we're getting scanned externally from potentially malicious IP addresses. We can react to those a lot quicker than we could previously. EventTracker has increased productivity and saved us time, absolutely. We would have to hire a full-time person to review logs if we didn't have EventTracker. I get daily and weekly reports that I review within an hour or two, each day, versus having to go look at logs on each machine. It would take me three or four times as long to review all those logs if they weren't all in the same dashboard report or alert. View full review »
Bryan Caporlette
Chief Technology Officer at G&G Outfitters Inc
It is protecting us from cyber threats. We get a lot of information security audits from our larger clients. I wanted to be able to have intrusion detection and prevention, vulnerability scanning, and SIEM because those are always the questions, "Do you maintain your logs? Do you look at them? How do you take proactive action?" EventTracker managed service gives me the right answers for all those questions and has saved me time when answering these questions. View full review »
Sean Sheil
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
We use those standard reports every day and monitor them. It does save us some time from having to go out manually and pull that information together. With the daily reports that we get, we can easily scan through them and find any anomalies that are occurring. If a system suddenly starts getting thousands of more errors than it did previously, we know we need to look at something on that system. The solution has also saved us time due to the fact that it's doing the consolidation of the log files for us. It probably saves us three hours a day. View full review »
Consultib253
Consulting Engineer at a tech vendor with 10,001+ employees
It was purchased so we would be in compliance. That is our main reason, and it works very well. The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location. EventTracker provides a great place to do our searches for certain types of events. We can go there, run the search engine, and it runs extremely fast, especially compared to the version that we previously used. E.g., instead of connecting to each individual domain controller to search events, we can go to one location. View full review »
Assistan6279
Assistant LAN Administrator at a non-profit with 10,001+ employees
It gives us a heads-up about the disk space and any errors in any event logs that we have to look at. There are times where that saves us time. View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
420,062 professionals have used our research since 2012.