eIQ SecureVue
Date:
By: Philip Howard
Classification: InDetail
SecureVue from eIQnetworks is a security
information and event management (SIEM) offering.
Like other SIEM products, SecureVue
collects and monitors log and event data that
might be pertinent in identifying and analysing
both internal and external threats to your
IT environment. Unlike other SIEM products,
SecureVue also collects other types of securityrelated
data, including configuration and asset
data, vulnerability data, network flow data, and
performance data.
Most SIEM vendors collect two types of data:
security events that derive from external attacks
on your corporate firewall, and log
data that collects information on how both
software and devices are being used, so that
internal threats that may be fraudulent or
malicious can be detected. Such an approach
also enables a variety of other functions such
as eDiscovery, forensics and compliance monitoring
and reporting.
However, precisely because this is the sort of
information that typical SIEM products collect,
a number of types of attack have been developed
that specifically seek to avoid detection
by logging. As a result, some vendors have
added vulnerability and network flow data
to their offerings but eIQnetworks has gone
further by also collecting configuration, asset
and performance data to further enhance its
capabilities and its correlation engine spans
all of these event types in order to recognise
attacks. While we will discuss the relevance of
these capabilities in due course, this makes
SecureVue the most complete product in the
SIEM market in terms of its breadth of data
collection capabilities.