Risk and Audit Management Platform
I was recently helped a medium sized corporation prepare
for security compliance review. It is a necessary step to go through
for compliance issues but I dreaded trying to find every node on the
client’s network. Once all of the dust had settled I decided to try
SecureVue from eIQNetworks. SecureVue combines Security information
management with real time governance risk and compliance to help any
organization get compliant and just as importantly stay compliant.
SecureVue’s integrated model allows logging, configuration and
compliance information to be viewed on a single stand alone system.
Installation
Installation is fairly straightforward. A pre-process check is performed to verify that the system being installed meets the prerequisites for SecureVue. From there you answer questions about installation locations and IP addresses. A website will be setup for you to view the settings as well. All very straight forward. Once the system has been installed we can get down to the business of configuring our network for discovery and have a look at what the product can do.Configuration
The first thing SecureVue wants is Data Sources. It needs to know what devices it is getting information from. Many devices can be auto discovered by SecureVue. For those that cannot there is a manual process. The remainder of the configuration revolves around licensing (for which you must have a license file) and editing the collection policy. The collection policy allows you to define various types of data such as that from vulnerability scanners, performance and configuration matrices as well as syslog events. Although this may sound somewhat daunting, the attached guides are concise and very easy to follow. Once the entire configuration has taken place it is time to have a look at the actual ease of use of the product.Ease of Use
Like many multi faceted systems, SecureVue has a dashboard which easily allows the administrator a quick glance of many of the aspects of the system. SecureVue ships with over 50 predefined dashboards which should satisfy the majority of your needs. If not you can always modify/create your own to best suit your needs. One of the greatest features I found was the auto discovery feature. This allows you to delve deep into your network. Once the discovery has taken place you can drill down on a specific node and bring up a plethora of data on that particular device. This is extremely useful when analysing past events as all of the data can be referenced and shown back to the administrator. If you are more on the lookout for security events, you can use the Topology tab from the dashboard and drill down based on criteria such as policy violations, vulnerabilities and many other security related issues.All are colour coded based on severity making it very easy to discern exactly what is going on with your infrastructure. Another likeable feature is QuickVue. QuickVue allows an administrator to see all of the details of every node on the network. With a simple click the administrator can then expand that node and obtain information such as summary, dashboards, configuration and vulnerabilities. So if a computer in accounting has a high security risk, using QuickVue quickly allows a drilldown to see why.
Quarantine
When an event triggers a security feature, the event could be placed in quarantine. On very busy networks, it is extremely difficult to sift through all of the logs and decide if something has gone wrong. With the Quarantine feature, any suspicious activity that trips predefined policies allow the systems to flag the logs and place them in the Quarantine section. Here the administrator can decide what action would be taken. The analytics the product has included is extremely impressive. Analytics such as vulnerability, configuration, asset and performance are all available at the click of a button; making navigation extremely simple. When you start up SecureVue you feel you are at the helm of a 747, with dials and information everywhere. However, once you start navigating around a little, the initial shock turns into pure glee (for those of us who get excited about anomaly detection and compliance anyway) as the product is taken out for a spin. The reporting is a click away with over 1500 canned reports included. The reports vary in audience from senior management all the way to the Security analyst you hired to look at your infrastructure. Filtering makes the reporting versatile and easy to find exactly what you want.Visit Their Web Site