Netsurion EventTracker Pros and Cons

Netsurion EventTracker Pros

JohnBandy
Chief Information Security Officer at Samford University
The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on.
They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days.
View full review »
Richard Teegarden
Network Manager at a energy/utilities company with 51-200 employees
I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective.
View full review »
MarkOlson
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees
I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows.
View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,546 professionals have used our research since 2012.
Mark Lauteren
Chief Information Officer at ECRMC
There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird.
View full review »
JeffHaidet
Director of Application Development and Architecture at South Central Power Company
I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one.
View full review »
reviewer1154436
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees
If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches.
View full review »
Geremy Farmer
Information Technology Coordinator at Magnolia Bank, Incorporated
The network alert is the most valuable feature. That way, we in the IT department are aware of user lockout and invalid password attempts way before a user ever even calls in.
View full review »
Bryan Caporlette
Chief Technology Officer at G&G Outfitters Inc
The SIEMs and managed service are its most valuable features. We get a weekly report from them which provides a culmination of them combing through millions of events which are triggered across our network every day and minute. Their information security experts basically boil that down to a report which I get emailed once a week. It identifies potential threats and the remediation that I should take to be able to quell those threats.
View full review »
Sean Sheil
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring.
View full review »
Consultib253
Consulting Engineer at a tech vendor with 10,001+ employees
The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location.
If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically.
View full review »

Netsurion EventTracker Cons

JohnBandy
Chief Information Security Officer at Samford University
With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again.
View full review »
Richard Teegarden
Network Manager at a energy/utilities company with 51-200 employees
Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it.
View full review »
MarkOlson
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees
Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging.
View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,546 professionals have used our research since 2012.
Mark Lauteren
Chief Information Officer at ECRMC
Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told.
View full review »
JeffHaidet
Director of Application Development and Architecture at South Central Power Company
It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email.
View full review »
reviewer1154436
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees
The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated.
View full review »
Geremy Farmer
Information Technology Coordinator at Magnolia Bank, Incorporated
There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days.
View full review »
Bryan Caporlette
Chief Technology Officer at G&G Outfitters Inc
The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them.
View full review »
Sean Sheil
Information Technology - Business Process Analyst at a financial services firm with 51-200 employees
I'd like to see improvement in the ease of generating reports. It seems fairly cumbersome whenever you decide to start tracking new categories of events. It seems a little kludgy when trying to generate those reports.
View full review »
Consultib253
Consulting Engineer at a tech vendor with 10,001+ employees
The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open.
View full review »
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
447,546 professionals have used our research since 2012.