During this month's testing, the team at EventTracker sent over their latest software, EventTracker 9.0. The updates in the system really reflect the organization's focus on delivering a toolset which specifically targets security analysts. One of the first things we noticed was the complexity of installing the software. There was a lot of pre-work that had to be done, but the EventTracker team provided additional, detailed installation instructions that were easy to follow and helped get the solution operational. So while it did take a longer than anticipated to have it operational, EventTracker 9.0 was worth the wait.
We were really surprised with how responsive it was. The dashboard is completely customizable and allows you to put widgets on the screen to help you get things done. While screen scaling is fairly standard in the industry, EventTracker takes it to a differing level, allowing you to scale from the small screen, on a laptop, up to a security operations center (SOC) television screens and back down to a mobile tablet. We really like how it opens the screen real estate for displaying important information; this is really a nice feature for security analysts in the SOC as they can setup these dashboards to focus on the tasks at hand.
Once in the Dashboard, menus are reduced to an icon on a ribbon until you click the hamburger and expand the full menu. This functionality is a bit unique, but it helps create the above screen real estate we mentioned. Navigating between tabs and menus is simple and the pages respond quickly. EventTracker put a lot of time into making this tool function seamlessly and display the information when and where you need it.
EventTracker imports logs from a wide variety of common third-party devices as well as Windows and Linux systems. What really stands out is that EventTracker normalizes log data into consistent, easy-to-relate categories so that you can make better choices about what to do with anomalous events.
Bundled with the Security Center, EventTracker also features compliance monitoring and reporting options. These prebuilt reports can provide regulatory auditors with key bits of information, ultimately shortening your interactions with them. The reports cover regulatory compliance standards such as PCI-DSS, HIPAA, and even NIST SP 800-171. You can identify potential gaps in requirements and assign the appropriate resources to manage and maintain compliance. These reports also have built-in auditing functioning, so you can see who reviewed it and when.
The EventTracker's Endpoint Threat Detection and Response (ETDR) toolset is a notable addition. It sits at the endpoint and reports the launch of new processes and network connections back to the Security Center. It provides additional functionality and can really supplement your existing endpoint protection software
- Michael Diehl with Dan Cure;
tested by Matt Hreben and Michael Diehl