SecureVue provides all of the elements one would expect in a SIEM - log consolidation, threat correlation, incident management (including ticket issuance), event analytics, forensic analysis, compliance reporting, change auditing, event alerting, an array of user definable/customizable alerting and reporting options, and more. SecureVue also provides a friendly incident management workflow that helps keep the process clear and easy to follow. But, this is just the beginning. The performance of the system approaches phenomenal.
The reporting function features a fully indexed proprietary data store that generates near-instantaneous reports. The development of policies and the flexibility of reporting and alerting is intuitive and easy to use. The highly customizable dashboard is excellent, providing clean graphs and tables. SecureVue has a built-in software development kit (SDK) to help aggregate data from third-party tools into the SecureVue Server.
To aid in installation of SecureVue, a two-page instruction document was provided, presumably since the tool was preconfigured on a hardware appliance. It would have been convenient if there had been a user manual to reference some of the features that are not as common as others. The appliance was connected to dynamic host configuration protocol (DHCP) in the lab, so at startup the only information that was required was the admin password. After logging in to the SecureVue server, time was spent becoming familiar with the settings and options. Simple mail transfer protocol (SMTP) would not accept email setup because the product disallowed special characters in the user ID for SMTP authentication. A number of lab systems were enrolled (via agents) into the SecureVue appliance. This activity took about five minutes per system enrolled. To test the features of the product, a series of progressive network attacks were performed.
This is an industrial strength tool. The dashboards are uncluttered and intuitive. The product comes with approximately 1,500 prepared reports. User-definable reporting is available if one wishes to create something a little different. There is also a robust set of compliance reporting. Account policies are editable for special needs. The company's Security Center provides change monitoring. Instant reporting is generated on differences from previous snapshots. There are a large number of predefined alerts.
Initial price for support includes one year of maintenance (software upgrades and assistance). Follow-up maintenance is priced at 20 percent annually. eIQnetworks "eCare" support is offered with two possible options: standard (eight-hours-a-day/five-days-a-week) and premium (24/7). In addition, service options (outside of standard) can be purchased. These "consultative" services include implementation, training, health checks and custom-scoped services. The cost of these services are negotiable based on the nature of the offering. In addition to email and phone assistance, the company offers aid on its website, as well as a knowledge base and a FAQ feature.
The cost of this tool is higher that many other SIEMs, but it is still money well spent given the quality of features and services.