Dan's Take

EventTracker 7.6: Digging into Details for Intrusion Detection

Finding security problems isn't easy, with all the information generated by a typical datacenter. It's worth your time to investigate solutions.

• By Dan Kusnetzky
• 10/17/2014

A while ago, A. N. Ananth, CEO of EventTracker, visited to introduce himself and his company, and to discuss the need for comprehensive security information and event management (SIEM). He highlighted the need for tools that can simplify the process of searching through operational logs, analyzing the results and creating useful insight from operational and machine data. The goal, he pointed out, is to quickly and effectively find potential security issues. Considering the rash of recent stories about break-ins and data theft experienced by many retailers, I thought the conversation was both timely and useful.

What Is EventTracker?
EventTracker is a company that focuses itself on diving into machine and operational log data to develop actionable, prioritized intelligence. The aim is allowing organizations to change their perception of their IT resources and gain useful insight. The company offers tools that address SIEM, real-time log management change and configuration management.

EventTracker 7.6
EventTracker 7.6 is designed to delve into the operational and machine data an organization's IT infrastructure collects as it operates, and quickly identify patterns, isolate problems, and make it possible to diagnose potential security and other problems. Once isolated, the organization can take steps to address the issues found in the operational logs. Here's what the company has to say about its new product:

"EventTracker Enterprise 7.6 comes complete with several new and enhanced features including Smart Search, designed to simplify the extraction of operational and security intelligence from machine data. Applications include identifying data patterns, isolating problems, and diagnosing potential security and operational issues. Smart Search incorporates intelligence directly into EventTracker, thereby greatly simplifying and speeding up log review and investigation of security and operational problems.

Additional features in EventTracker Enterprise 7.6 include LogWatch, a feature that provides an auto updated real-time view of data corresponding to any selection criteria. This allows operators to pin a window on any particular behavior of interest. EventTracker Enterprise 7.6 also includes new Knowledge Packs, improved dashboard features, close integration with AWS Cloudtrail and Simple Email Services and an easier-than-ever installation process."

Dan's Take: A Crowded, but Important, Field
Modern applications are constructed of distributed services. Each of these services might be created through the use of multiple tiers of application components, each of which might be executing on different physical or virtual systems and be housed in different datacenters. This makes it quite challenging to make sure only authorized use is enabled for the organization's IT resources and data.

It's somewhat likely that attempts to breach security and access customer data, such as credit cards or identifying information, have been detected by some of the application components that make up the distributed services, that in turn are presented as applications. Because these application components produce huge and ever-growing piles of operational data, it's difficult to search through the data, find meaningful patterns, and find these attempts at intrusion before malicious individuals or groups can break in and steal information.

EventTracker is one of a number of companies that has seen this problem and addressed it with technology. While the company appears to be offering interesting capabilities, similar capabilities can be found in products from suppliers such as Splunk, Sumo Logic, Logly, or Loglogic. An open source community offers logstash that can be used to address the same requirements. It would be wise for IT decision makers to review the products offered by these suppliers to learn how they can help.