Netsurion EventTracker Overview

Netsurion EventTracker is the #5 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to Splunk: Netsurion EventTracker vs Splunk

What is Netsurion EventTracker?

EventTracker by Netsurion is a co-managed security solution that delivers actionable security intelligence that empowers organizations of any size to effectively detect and respond to insider threats as well as advanced cyber criminals.

Netsurion EventTracker defends your organization against advanced threats and streamlines IT compliance management by converging multiple layers of security technology such as SIEM, EDR, UEBA, IDS, and more. Most importantly, we augment the technology with our 24/7 SOC for continual monitoring, threat remediation, and system tuning. With EventTracker, you can orchestrate all the critical capabilities needed to predict, prevent, detect, and respond to cybersecurity incidents. We monitor for anomalies and suspicious network activities and respond with built-in response rules to block or terminate harmful activities. 

Netsurion strengthens your security defenses, controls costs, and optimizes your team’s capabilities to respond quickly with a single end-to-end solution. We increase your efficiency and effectiveness by reducing false positives and enabling audit-ready compliance reports. Netsurion provides a comprehensive, scalable platform for security monitoring, threat detection and response, and compliance – as a software solution, in the cloud and on-premises, or as a co-managed solution that augments your IT team.

Netsurion EventTracker is also known as EventTracker SIEMphonic, EventTracker Essentials, EventTracker Log Management, EventTracker Security Center .

Netsurion EventTracker Buyer's Guide

Download the Netsurion EventTracker Buyer's Guide including reviews and more. Updated: July 2021

Netsurion EventTracker Customers

The Salvation Army, The FRESH Market, Pacific Western Bank, NASA, American Academy of Orthopaedic Surgeons (AAOS), and Talbot’s Stores

Netsurion EventTracker Video

Pricing Advice

What users are saying about Netsurion EventTracker pricing:
  • "I don't know if the pricing is by the seat but we're paying about $20,000 to 25,000 a year. On top of that, we pay for the managed support services. That runs us about another $35,000 or $40,000 a year."
  • "When we first got the EventTracker product, we were using SIEM Simplified. At the time they didn't call it that, but it was more of a service thing. So, there was a bit more hand-holding and getting stuff set up, along with failure reports, that they did during the first one to two years. Then, we decided that the the additional money to have someone do these daily reports wasn't terribly useful, so we discontinued that service."
  • "EventTracker's subscription-based model is interesting as far as yearly license type stuff. It's nice because you know what it's going to be next year. We haven't really looked at any other solutions. The pricing at the time compared to the other solutions was a lot less. A couple of years ago, we actually looked at Splunk. The amount in Splunk's licensing model is based on 20 gigs a day, or something like that. Based on our number of logs and stuff that we were already generating, the costs would be substantially more for the amount of logs that we would be getting."
  • "In the security space, it's hard to quantify your return on investment. So, I don't. We spend about $40,000 a year and so. It's hard to say if the SIEM saved that much money."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
JohnBandy
Chief Information Security Officer at Samford University
Real User
Top 20
Real-time alerts and managed services reports give me a view of the landscape, things that might have slipped through the cracks

What is our primary use case?

We use it for real-time alerts for things like domain admins being added. And we have the managed services provide weekly reports for us for VPN logins, after hours logins and several other similar alerts. And of course, at any time I can do individual investigations and searches on interesting traffic that might be reported to me by EventTracker or that we find on our own.

Pros and Cons

  • "The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on."
  • "They have what they call Elasticsearch which is very quick, although that's only available for the last seven days' worth of data. It used to be that, if I wanted to do a search from three days ago, it might take me 10 to 15 minutes because it had to actually unzip some archive files. So I really like that feature. It's almost instantaneous for anything within the last seven days."
  • "With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."

What other advice do I have?

My advice is to get your PO out and make a purchase. I have referred several other companies. I'm involved in several security organizations and it really is one of these diamonds in the rough. I know they have US sales but I think they're a lot stronger over in Europe. I think they're a little-known, hidden secret in the U.S. I know they're in the industry review reports, but I don't think they get the press and the prestige that they should, because they have a really excellent product. Of course, certain government organizations can't do business with support overseas; there can be…
RT
Network Manager at a energy/utilities company with 51-200 employees
Real User
I no longer have to constantly monitor equipment or logs; I get heads-up notifications immediately

What is our primary use case?

We were struggling at the event level, like a lot of people do, in terms of centralized event management and notifications. We just did not have a single pane of glass where we could see events, potential issues, all on a fine thread of a timeline to compare across our enterprise. We needed to know: Is there anything else going on at the same time? We use it extensively. Every product that we have on our network is tied into it. That's been huge for us. The thought process was, "If we're going to put it in place, we want every end-point out there to be cycling through logs or have syslogs… more »

Pros and Cons

  • "I really appreciate the fact that the dashboard breaks everything down into a pretty easy view for me... It shows what changes are happening to privileged user accounts, access and identity, what's cropping up. It shows application activity and whether we've got system resources that aren't online and being found anymore. It's a pretty simple, easy, quick hit and there are the supporting logs behind it. If I need to drill down further, I can do that quickly. It's very effective."
  • "Probably the biggest thing is just: Can I search for this and what's the best way to do it? If I'm looking for two events versus a singular event, I just throw it back at them. They're the experts on it."

What other advice do I have?

They are a fantastic team. I would stack them up against anybody. If anybody asks us what we're using for a SIEM, I'd say that this is what we're using. I highly recommend them. Stack it up against some of the other products out there. At the very least, know what you're looking for. Or, if you don't, throw it back at EventTracker and say, "We're looking to do this, can your product do it?" Let them know what you're looking to gain from this. We started out in the same boat: "Well, why would we use you guys versus somebody else?" We had a defined requirement, that we wanted to have centralized…
Learn what your peers think about Netsurion EventTracker. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,535 professionals have used our research since 2012.
MO
Senior Director, Information Security at a pharma/biotech company with 1,001-5,000 employees
Real User
Enabled us to mature the discipline of operational teams by seeing activity outside of standard practice

What is our primary use case?

We use it for logging all of our Active Directory activities, including authentication, alterations, and modifications to the AD controls and privileges. We use it for events coming off of both the servers and the desktops. And we also roll in the logs from our various security controls and devices, such as our antivirus tools, backup service, firewalls, the IPS, etc. Those are all rolled back into the EventTracker system. The goal is to eventually start taking advantage of the ability of EventTracker to correlate activity and alert on something that looks a bit unusual that we should then pay… more »

Pros and Cons

  • "I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
  • "Where there is an opportunity for improvement is in the interface used for performing the searches. You have to understand Elasticsearch search too well for the security team to be able to take really full advantage of that part of the product. It's not as intuitive as I would like it to be for new staff coming in. The general query capability is a little bit challenging."

What other advice do I have?

It's a simple product. It's a lot easier to implement and deploy than the other SIEMs I've used throughout my career. The advice would be that using it is a good decision. There's no reason to shy away from the product. From an event-alert perspective, we haven't used them for that purpose yet. That's largely because the current security services we have in place from our vendors, CrowdStrike in particular, provide us a managed event system from the AV side. They proactively manage our antivirus that's on all of our machines and they also proactively remediate the machines. So we haven't felt…
Mark Lauteren
Chief Information Officer at ECRMC
Real User
Top 5
Gives us a good quality view of what's going on in our environment

What is our primary use case?

EventTracker analyzes all of the different types of security events, it both aggregates and correlates. They send us a daily report of things like servers that aren't responding that normally respond and any kind of events that they see from the day before. If there is a serious perceived security event, they will call. I have two folks at InfoSec, so they will call directly and say, "Hey, we're seeing something here." Then between the two of them, they'll try and identify whether it is a true event or not, and then monthly, we sit down with them on a call where we talk about what's going on… more »

Pros and Cons

  • "There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
  • "Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."

What other advice do I have?

The biggest lesson I have learned is that the outsourcing of this service has a dramatic impact on the organization. We can't just keep throwing bodies at it internally, we have to leverage somebody else's knowledge. Some people don't trust outsourcing. I'm not a big outsourcing guy. But I really don't treat them as an outsource, I treat them more as a partner. You're going to have to do this one way or the other, or are you going to get nailed at some point. That's just the way it is. If you're not following these things, you're going to get nailed. If you trust them and you realize that…
JeffHaidet
Director of Application Development and Architecture at South Central Power Company
Real User
Top 20
SIEMphonic gives us an expert set of eyes on things, and assistance with rules has been a huge time saver

What is our primary use case?

It's a system incident and event management platform. The typical use cases that go along with that are alerting and syslog aggregation.

Pros and Cons

  • "I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
  • "It would be great if they had a client for phones by which they could push a notification to us, as opposed to via email."

What other advice do I have?

The biggest lesson really isn't an EventTracker lesson, it's more of a SIEM lesson. And that lesson is: It's a lot of data. When you have a lot of data, it's going to take a while to study and learn that data, so you can react appropriately. Not all data is actionable. Be prepared for the data. Be prepared to know what you didn't know before. And be prepared to weed out the noise from the actual data. That's where EventTracker's SIEMphonic becomes very helpful. My advice would be, if you're going to go with EventTracker, to go with the SIEMphonic service and leverage their support team to get…
JY
Sr. Information Technology Security Engineer at a university with 1,001-5,000 employees
Real User
Provides a good structure to review logs and is easy to use. However, unless you are using SSDs, the Elasticsearch does not work well.

What is our primary use case?

We are using it to centralize all of our logs and have alerting on security issues. We primarily import Windows systems and Windows Server logs (2012 and 2016). We also import Cisco ASA logs, then Cisco router and switch logs. The import works well.

Pros and Cons

  • "If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
  • "The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."

What other advice do I have?

I would rate the product as a seven (out of 10). We don't use the dashboard widgets, but we are planning on it.
ML
Assistant LAN Administrator at a non-profit with 10,001+ employees
Real User
Notifies us about disk space as well as event log errors we need to look at

What is our primary use case?

We use it for Windows event logs, disk space, and other alerts.

Pros and Cons

  • "The most valuable feature is that we get the events: the alerts about disk space and the security reports that we get once a day, including user lockouts and the like."
  • "I would like to see the dashboard come up more quickly."

What other advice do I have?

Overall, it's very straightforward.