September 09, 2010

User-configurable dashboards, risk-prioritized alerting, high-speed indexed search, point and click pattern analysis, and customizable behavior analysis deliver on Prism’s vision of SIEM, simplified

Columbia, MD – Prism Microsystems, a leading provider of comprehensive SIEM solutions for the midsize enterprise, today announced the immediate availability of EventTracker 7. With expertise derived from over 10 years of building log and event management solutions, and insight gained from serving over 900 organizations worldwide, EventTracker 7 delivers on Prism’s vision of SIEM, simplified. Instead of transferring the burden to the end-user to figure out what conditions to look for, EventTracker 7 provides intuitive interfaces and pre-built knowledge that puts critical and relevant data in front of the right person in the right format.

Key features include:

  • Risk-prioritized alerting – EventTracker 7 offers a user-configurable alert mechanism that prioritizes alerts based on event criticality, asset value and vulnerability status. This approach allows users to focus on the most critical threats to their environments and eliminates the need to manually parse through multiple alerts to identify events that need immediate attention. Vulnerability data is obtained through integration with popular vulnerability scanners from vendors such as Tenable, Qualys and Rapid 7.
  • High-speed indexed search – The enhanced search interface offers automated indexing, weighted tag clouds, trending information, and point and click selection of hundreds of conditions and search variables to further simplify the log analysis process.
  • User configurable dashboards – This capability is part of Prism’s mission to support everybody in the enterprise whether an admin, auditor, IT manager, security analyst, help-desk employee, executive manager etc. Users can configure dashboards depending on their role to ensure they see the information that is relevant to them in the format they desire, for an intuitive SIEM experience.
  • User configurable behavior analysis – While standard correlation engines in traditional SIEM solutions require knowledge of a condition to write a rule, and expertise on the part of the end-user to understand the exact pattern of what to look for, the behavior analysis module in version 7 uses statistical and behavioral correlation to identify anomalies and help users answer the question – “What don’t I know that can hurt me?” EventTracker learns the normal activity patterns of the network, systems, applications, processes and users and detects and alerts on any new, different or unusual behavior. Users also have the ability to add behavior dashlets to monitor any custom events and categories.

“With EventTracker 7 we’re bringing more value, flexibility and intelligence to the SIEM experience. The new version is powerful enough for sophisticated analysts to execute the most complex tasks, yet simple enough for the average user to detect risky and critical conditions without having to author intricate queries or have in-depth knowledge,” said A.N. Ananth, CEO of Prism Microsystems. “EventTracker 7 is truly SIEM simplified – the vast amount of knowledge embedded in the product enables us to do all the digging for you, so you don’t have to waste time and resources chasing false positives for that one condition that has the potential to cause costly damage to your assets.”

“The level of automation provided by EventTracker has been critical in helping us react to the events and anomalies that really matter – we were able to achieve the security and compliance goals of many of our customers’ right out of the gate with minimal time and effort spent configuring the system,” said Douglas Davidson, President, Jacadis. “Having beta-tested version 7, we are excited by what this new release brings to the table, especially new features such as the behavior analysis capability, which will provide us with unprecedented visibility into system behavior, allowing us to head off potential problems before they even occur.”

Other new features in version 7 include a configuration assessment module that enables compliance with benchmarks such as FDCC and DISA STIGs, or those defined internally by the end user; support for netflow v5 and v9; a dual mode Windows agent that supports both real-time and batch transmission of events, as well as FIPS 140-2 compliant encryption of data transmission between consoles and from agent to console.

About Prism Microsystems

Prism Microsystems delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized intelligence that will fundamentally change your perception of the utility, value and organizational potential inherent in log files. Prism’s leading solutions offer Security Information and Event Management (SIEM), real-time Log Management, and powerful Change and Configuration Management to optimize IT operations, detect and deter costly security breaches, and comply with multiple regulatory mandates.

Visit for more information. Follow us on Twitter @logtalk.