eIQ SecureVue

Cover from eIQ SecureVue

Date: 27th July, 2009
Format: InDetail

Free Download (subject to terms)

SecureVue from eIQnetworks is a security information and event management (SIEM) offering. Like other SIEM products, SecureVue collects and monitors log and event data that might be pertinent in identifying and analysing both internal and external threats to your IT environment. Unlike other SIEM products, SecureVue also collects other types of securityrelated data, including configuration and asset data, vulnerability data, network flow data, and performance data.

Most SIEM vendors collect two types of data: security events that derive from external attacks on your corporate firewall, and log data that collects information on how both software and devices are being used, so that internal threats that may be fraudulent or malicious can be detected. Such an approach also enables a variety of other functions such as eDiscovery, forensics and compliance monitoring and reporting.

However, precisely because this is the sort of information that typical SIEM products collect, a number of types of attack have been developed that specifically seek to avoid detection by logging. As a result, some vendors have added vulnerability and network flow data to their offerings but eIQnetworks has gone further by also collecting configuration, asset and performance data to further enhance its capabilities and its correlation engine spans all of these event types in order to recognise attacks. While we will discuss the relevance of these capabilities in due course, this makes SecureVue the most complete product in the SIEM market in terms of its breadth of data collection capabilities.