This article can also be found in the Premium Editorial Download "Information Security magazine: Security Products Readers' Choice Awards 2007."
Download it now to read this article plus other related content.
GOLD | ArcSight Enterprise Security Manager
Organizations looking for a security information management (SIM) solution have a lot of vendors to choose from, but ArcSight Enterprise Security
ArcSight ESM also scored well in its ability to map information to security policy or compliance regulations, and its granular and flexible policy definitions.
The biggest benefit of ArcSight ESM is its dashboard graphics for analysis of security events, says Tim Maletic, manager of information security at Priority Health, a Michigan-based health insurance company.
The product allows him to easily view events, drill down through various displays and pull data to research events.
In addition to using ArcSight ESM for incident detection and response, Priority Health uses the product to help with various compliance efforts. "It does a good job of recording what you do with the tool," Maletic says.
"I can use that data to back up my incident response policy and other policies we get audited on, and prove we're doing what we say we're doing," he adds.
Maletic says the list of devices ArcSight ESM supports is impressive. Priority Health uses the product to integrate data from IDSes, firewalls, Windows, UNIX and Linux servers, antivirus, and vulnerability assessment systems. The company also is writing customized agents for homegrown applications.
The fine-grained policies ArcSight ESM provides for user management can be a little daunting to set up, but provide valuable flexibility, he says.
Last year, ArcSight bolstered ESM with the release of its Compliance Insight Packages. The packages bundle rules and reports based on ISO 17799 and NIST 800-53 standards to help organizations meet regulatory requirements such as SOX, HIPAA, and the Payment Card Industry (PCI) Data Security Standard.
Also in 2006, ArcSight expanded beyond its core capabilities in security management with its acquisition of ENIRA Technologies, a supplier of technology for automating network management tasks. After the acquisition, ArcSight released Network Response Manager, which automates network responses in order to block worm outbreaks, hacker attacks or other security events, and Network Configuration Manager for automated network discovery and configuration management.
SILVER | NetIQ Security Manager
Price: Console, $2,500
Readers noted NetIQ Security Manager's management interface and compatibility with existing systems, earning it a silver medal.
The product helps organizations cope with compliance and the deluge of security events by consolidating and archiving log and event data. It provides a single system for event correlation, analysis, real-time intrusion protection, and reporting. NetIQ, acquired by Attachmate last year, released last fall NetIQ SM 5.6. It includes an enhanced UI with customized views of data from multiple sources, improved access control to support multiple roles during incident response, and reporting flexibility to allow for creation and viewing of reports based on audience and priority.
BRONZE | Check Point Eventia Suite
Check Point Software Technologies
Check Point Software Technologies' Eventia Suite won the bronze medal, scoring high marks from readers for its ability to map information to security policy or compliance regulations, and its event correlation capabilities.
Eventia also scored well in ROI--readers said they get their money's worth with the product. The Eventia Suite consists of the Eventia Analyzer for real-time security event correlation and Eventia Reporter for historical trend analysis. The suite helps organizations filter security events to zero-in on the ones that matter, respond in real time to incidents, and ease compliance efforts with centralized analysis and reporting.
This was first published in April 2007