eIQnetworks, a Massachusetts-based provider of security and compliance solutions, has launched a new SIEM solution that the company says can be installed and fully deployed in one hour.
The new offering, SecureVue NGS, is what the company calls a next-generation SIEM solution that can help customers address security and compliance challenges by providing log management, event management, network behavioral analysis and “intelligent” security search.
While most SIEM solutions are expensive, complex deployments that require a good amount of resources for deployment in order to maximize investment, eIQnetworks says its new solution challenges that assumption.
When SecurityWeek asked what realistically could be done in the claimed one hour deployment time, John Linkous Vice President, Chief Security and Compliance Officer at eIQnetworks provided some additional details.
“The one hour time period is for a customized deployment, including download, registration, installation, and connectivity to IT assets across the environment, such as Windows and Linux hosts, firewalls, IDS/IPS, vulnerability scanners, etc.,” Linkous told SecurityWeek.
Regardless of initial deployment time, most organizations should try to maximize their investment and further tune their SIEM solutions for their particular environments, and take advantage of as many features as possible and protect as many IT assets as possible.
With that said, eIQ’s SecureVue does provide some assistance in the tuning process.
“While further customization and tuning of policies can certainly be done by the user, SecureVue NGS comes with over fifty common alert and monitoring policies, and customization requires no professional services,” Linkous explained.
SecureVue NGS customers can use wizards and an expression builder to easily create fully-customized alerts and monitoring policies in minutes, Linkous said.
In terms of SIEM deployment advice, IBM’s Chris Poulin suggests that SIEM solutions should be deployed in stages to best realize its benefits. “The practical reality is there are two general phases to SIEM deployment,” Poulin explained in a SecurityWeek column.
“The first phase is to get the solution fully deployed, collecting telemetry from key log sources, and general use cases implemented and tuned. Launching the kitchen sink at your SIEM out of the gate, every scrap of logs and every event that crosses the wire, is like going out one Saturday, buying every item at all the yard sales within a 20 mile radius of your house, and having it all dumped on your front lawn,” Poulin added.
eIQ says its SecureVue NGS helps customers address security and compliance challenges such as centralized log management, including the ability to centralize, encrypt, normalize and categorize all security-related logs and events, in support of regulations and standards including PCI, HIPAA, FISMA SOX, etc.
It also helps with detection of APTs, rogue insiders, zero-day malware and other cyber threats, the company said.
“SecureVue NGS supports multiple external threat feeds, including both free sources and commercial feeds,” Linkous told SecurityWeek. “We do not provide an out-of-box threat feed, which is an intentional decision; many organizations already license a third-party threat database which they can integrate into SecureVue NGS.”
Using this approach, Linkous explains, SecureVue NGS avoids “stove-piping” customers into content they may not want or need, while maintaining the maximum amount of flexibility for customers who want to leverage threat feeds.
“We were able to install SecureVue NGS, bring our critical servers, applications and network security devices onboard, and begin to gain valuable visibility into our IT security posture within an hour of downloading and installing the software,” said Dan Swanson, a Network security manager at Crossbeam Systems.
Pricing for SecureVue NGS starts at $12,595, which includes licensing for 25 nodes and a one year of maintenance and support.