Netsurion's latest release of EventTracker includes EventTracker EDR (Endpoint Detection and Response) that protects against threats and the lateral movement of attacks by providing organizations with visibility into potential risks as they develop for fast-tracking responses before damage even occurs. It is set up to deliver protection for endpoints of any size. It is offered on-premise or in the cloud to give security analysts the efficiency they need to help their organizations address security and make team members of all skill levels more productive. It features extensive reporting options, including preconfigured reports to support regulatory requirements, and recently added GDPR support.
As far as installation goes, they did a superb job making it as painless as possible, suitable for any experience level. It has a pre-install checklist that shows everything that must be configured or installed prior to the installation of EventTracker. The installation guide is easy to follow. The sensors can be deployed either through command prompt or via the GUI in an MSI installation. These were both very straightforward, though do not expect to complete this setup in under two hours.
When logging into EventTracker you arrive on the home page, not to be confused with the dashboard. This gives an overview of potential cyber breaches, indicators of compromise, potential insider threats, and non-reporting systems all presented in a different color. This home page is designed to bring your attention to all potential security issues quickly. Widgets fill up the page between the navigation pane and the administrator drop-down menu at the top. The menu has a variety of options such as alerts, diagnostics, event filters, and more. Each widget can be moved and edited with a selection of configurations. This is also available as a managed service called SIEMphonic in which the company’s own SOC team performs those functions on behalf of their customers and they operate 24/7.
Incident response playbooks are provided for organizations that may need more of a walkthrough. Unsupervised machine learning backs time series anomaly detection, the result of more than three years of development. It is designed to be simple enough for a junior security analyst. This solution also offers log search powered by Elasticsearch version 6, endpoint detection and response that can block unauthorized software installation, ready-to-go actionable reports, display geolocation of threats, and more.
Pricing is for up to 50 endpoints and offered at $5,000 per year for Log Management and $11,000 per year for Security Center. Phone and email support are included and offered 8/5. 24/7 support can be purchased for an additional fee proportional to the license.
Tested by Matthew Hreben
