JC Hanlon Consulting, Inc. is a security consulting and managed services provider that specializes in helping small to midsized businesses across multiple verticals identify and manage risks to their business information through its risk assessments, ethical hacking/pen-testing, audit readiness services, disaster recovery and incident response planning, secure network architecture design, security policy development, security controls development and security event log monitoring services.
Windows Server 2008.
We consider log management to be a critical enabling technology to ensure that our customers are compliant and secure at all times. We faced a couple of challenges when offering this technology as a managed service. First, because we have a large number of customers from various verticals, we needed the capacity to support very diverse IT environments simultaneously. Second, we required the ability to support new devices and custom applications quickly as we added new customers. After testing a handful of vendors in our in-house lab, we selected Prism Microsystems EventTracker for its support of the most comprehensive list of devices out of the box, its easily extendable collection engine and its scalable architecture and pricing model.
We use EventTracker to monitor multiple customer environments in real time to detect signs of intrusions and suspicious activity before costly damage is caused. Its correlation and alerting capabilities allow us to focus on real threats rather than wasting time chasing false alarms or monitoring routine log data, and its more than 500 correlation rules allow us to monitor a range of activity including changes in user rights, login failures across multiple systems, unauthorized access, suspicious network activity, USB device activity, irregular user activity and more, giving us complete security insight into customer environments for quick remediation. On the compliance front, we use EventTracker’s preconfigured PCI, Sarbanes-Oxley, HIPAA, FISMA, GLBA and a number of other reports to provide vertical-specific expertise to customers. This really removes the headache of having to invest in additional technology to meet different agendas. Plus in the event that a client forgets to sign off on an internal change, which happens quite often, we can quickly pull up user activity and object change reports to prove to on-site auditors that due process was followed in accordance with internal policy.
A main strength of EventTracker is its comprehensive feature set, all included in one license fee, with no extra cost for compliance and advanced security modules. Another strength that saves us a lot of time is its central agent management capability. Agents offer us advanced capabilities such as USB monitoring, change auditing, application monitoring, custom log file monitoring, service monitoring, network connection monitoring, and can be centrally installed, configured and managed from the EventTracker Console without having to spend a number of hours visiting each system at each customer site for manual installation.
One limitation of EventTracker is that it can only run on Windows platforms.
Key areas where EventTracker surpassed the competition was its support of the most comprehensive list of devices from the network to the application layer, and a regular expression-based collection engine that can be easily extended by us to support almost any device or application that generates event log data in any customer environment. Another incentive was EventTracker’s simple pricing structure. Since pricing is based on the number of devices managed and not on event volume, we do not have to worry about expensive bulk upgrades, as is the case with appliance vendors, when event volume goes up. We can add devices one at a time, as needed, for a highly scalable alternative to appliance-based solutions.
With EventTracker we are able to securely transfer log data through highly encrypted tunnels to our security operation center in real time for analysis. We make use of EventTracker’s real-time security alerts, audit-ready reports for PCI, Sarbanes-Oxley, HIPAA, GLBA and other regulations, and reports on authentication activity, privileged user activity, USB device usage and application access.
Support was extremely responsive both during the evaluation phase and the actual implementation.
Documentation is fairly comprehensive and can easily be used to implement the product without additional support