GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

Transcription

1 GFI Product Comparison GFI EventsManager 2013 vs. WhatsUp EventLog

2 Features GFI EventsManager 2013 WhatsUp Log Installs prerequisites automatically Real-time event log monitoring Real-time event log archiving Network discovery Windows domains Windows domains Data retention/ save log entries to database File based proprietary storage engine Microsoft SQL Server, Microsoft Access database, text file Indexes log data? Dynamic columns and normalization of Windows event data Drill-down browsing Ability to automatically interpret and categorize events based on built-in intelligence offered by the vendor as well as other To a small extent criteria (during/outside normal operational time, etc.) Data centralization and management functionality (from multiple instances or appliances) with various options to import, backup, delete and move data from/into main, backup, custom or rollover databases or backup files Out-of-the-box configuration (predefined computer groups, configured to use appropriate processing rules) Role-based authentication in the console Audit the actions of users operating the application Dashboard views available Real-time operations status and statistics available on dashboard Real-time "top important logons" statistics available on dedicated dashboard Real-time "critical and high importance events" statistics available on dedicated dashboard Real-time "top Windows service status" statistics available on dashboard Real-time "top network activity events" statistics available on dashboard (based on Windows Vista+ events) Filter events based on basic event information: category, source, computer, etc. Advanced filtering for general forensics and breach investigation - filter events based on extended event information Monitor Syslog devices (routers, firewalls, switches) and/or Linux, Unix computers GFI EventsManager 2013 vs. WhatsUp EventLog 2

3 GFI EventsManager 2013 WhatsUp Log Built-in SNMP trap server for monitoring routers, firewalls, switches, sensors, etc. Monitor Windows.EVT(X) formats Monitor Windows custom log in.evt(x) format Support for collecting text based logs any format. Monitor Microsoft SQL Server c2 style auditing Monitor Oracle 9, 10, 11 servers Monitor W3C / W3C EXT logs (Microsoft IIS, Exchange, ISA) Out-of-the- box support for native SharePoint events (embedded or through 3rd party tools) Monitor various Windows events generated by applications such as antivirus software, Exchange servers, ISA servers, web servers, etc. Change monitoring Detect inactive users and inactive domain machines Detect if Microsoft firewalls are not enabled Detect if IPSec policies are not assigned Detect if machines respond slow or do not respond to PING Detect if there are no volumes encrypted by Microsoft solutions (i.e., BitLocker ) Detect if there are disk volumes that are getting full Detect and integrate summaries of scan results from vulnerability scanners, missing patches, service packs, open ports, antivirus presence and status, and unauthorized applications installed (integrates with GFI LanGuard) User-based activity monitoring To a small extent Security policy monitoring To a small extent Authorization and authentication mechanisms monitoring To a small extent Health monitoring To a small extent Performance monitoring File monitoring (based on logs) (based on logs) With (based on logs) Flexible reporting Running correlation rules on historical data USB control Limited* (integrates with GFI EndpointSecurity) GFI EventsManager 2013 vs. WhatsUp EventLog 3

4 GFI EventsManager 2013 WhatsUp Log Automatic synchronization of the list of the machines with the machines registered in AD Built-in intelligence to interpret, categorize and translate events Very slim Event handling based on fully customizable processing rules Ability to identify actions performed by the users with administrative privileges on Windows systems based on realtime monitoring and privilege change history Noise reduction Technical reports available Statistical reports available Account usage reports Account management reports Policy changes reports Object access reports Application management reports Print server reports HTTP activity reports Windows Event Log system reports PCI compliance reports SOX compliance reports GLBA compliance reports HIPAA compliance reports GCSx Code of Connection compliance reports Real time alerting SMS/ /Net Message Pager / / Database/Syslog Reactivity run code, perform actions on detection of certain events Scalability Only limited by the hardware (can report gracefully on 2 Billion events? on average server hardware) Advanced, active monitoring features in terms of availability and performance Monitoring of network protocols via generic TCP/IP Check Monitoring of network devices via SNMP and WMI Monitoring of server services Web servers URL availability, ISA/TMG Servers, etc. GFI EventsManager 2013 vs. WhatsUp EventLog 4

5 Monitoring of server services Mail servers Exchange, IMAP, SMTP, POP3, route, etc. Monitoring of server services NNTP Monitoring of server services NTP Monitoring of server services Database servers SQL, ADO, ODBC Monitoring of server services Terminal services Monitoring of servers services Print servers Monitoring of infrastructure services Active Directory / LADAP Monitoring of infrastructure services DHCP Monitoring of infrastructure services DNS Monitoring of infrastructure services - WINS GFI EventsManager 2013 WhatsUp Log Node Monitoring - Windows node availability Node Monitoring - Windows availability of resources and services Node Monitoring Windows performance Node Monitoring Windows script output? Node Monitoring Linux /Unix node availability Node Monitoring Linux /Unix script output? Node Monitoring Linux/Unix availability of resources and services GFI EventsManager 2013 vs. WhatsUp EventLog Competitor Weaknesses EventsManager Strengths The log collection/archiving and monitoring processes are not real time. The product offers real time collection, monitoring/ analysis and archival of events. There is no engine to intelligently classify information, and offer default intelligence on what the events mean, in real time. The product is based on an intelligent engine that interprets and classifies events out of the box, in real time, at processing level. It offers customization capabilities and a vast array of preconfigured parameters. GFI EventsManager 2013 vs. WhatsUp EventLog 5

6 The product doesn t offer minimal preconfigured event source groups based on the log type or functional roles The product cannot detect activities of users with administrative privileges The product lacks built-in support for scanning native audit logs of SQL Server and Oracle database servers. The product cannot monitor text files, which means it cannot monitor text based logs of popular applications. (other than W3C as indicated in the comparison) Only basic filtering is available. Real forensic investigation is impossible. There is no real normalization and consolidation of logs Presentation suffers; the UI is cumbersome, unintuitive and uses rather old technology. There is no dashboard, each module is managed separately. Difficult to deploy, configure and run: different packages for archiving, analyzing and reporting on log data, each configurable from its own console The product is shipped with lots of predefined groups that have associated correlation rules based on the type of device (e.g. Windows domain controllers, Exchange servers, SQL Server servers, Oracle servers, etc.) The product records the group dynamics of user groups with administrative privileges and is able to determine with 100% accuracy if a certain user triggering a log entry was an administrator at the time when the event was logged exactly what is required by PCI compliance, for example irrespective of when the log entry is collected by the product, or used in reports. The product offers additional scanning capabilities: it can monitor database servers, native SharePoint events and IBM iseries events (through 3rd party apps) The product can monitor text logs based on a user-defined, customizable schema thus greatly enlarging the coverage in terms of log collection (anti-virus software, custom applications, anything that logs text) Filtering and searching works at very granular level enabling both regular expressions support and Windows advanced filtering capabilities based on he extended tags of the Windows events. The product offers data normalization across various log types and three layers of log consolidation: encryption, controlled and audited access to logs and hashing of log data. Presentation delivers dashboards, drill down capabilities for viewing logs and intuitive wizards to accomplish common tasks Easier to install configure and run due to the fact that everything is already in the product (no need to install anything or configure network infrastructure), there is an AD sync function built in and wizards are present all over the place. Active network and server monitoring Active network and server monitoring functionality is offered in two additional functionality is integrated into the product at no products at significant extra cost. extra cost. GFI EventsManager 2013 vs. WhatsUp EventLog 6

7 The product does not offer the ability to react to the information it finds The product lacks out of the box functionality and consequently, pre-configured items (except pre-configured reports) The product offers the possibility to run scripts, code or third party applications when certain incidents occur. The product offers preconfigured roledependent computer groups, processing rules and filters thus eliminating the important requirement of knowing what events to look for or which logs to scan. At the same time it offers a large number of preconfigured reports, including compliance related Conclusion In terms of log management and SIEM, GFI EventsManager offers significantly better technology, functionality, features and user experience than WhatsUp Log. On the other hand, in terms of network and server monitoring, the specialized product from WhatsUp, called (not covered in this comparison in detail) together with its add-ons (extra price) offers a strong collection of features which matches the capabilities of GFI EventsManager and has a better presentation layer together with some extra features regarding network discovery and support for flow analysis. The extra value which GFI EventsManager adds on the side of network and server monitoring is the unique combination of active monitoring (similar to ) and passive monitoring based on log data (similar to WhatsUp Log Management) which enables IT administrators to identify not only the problems but their causes as well (having the log data) without leaving the console of the product. GFI EventsManager 2013 vs. WhatsUp EventLog 7

8 USA, CANADA AND CENTRAL AND SOUTH AMERICA 4309 Emperor Blvd, Suite 400, Durham, NC 27703, USA Telephone: +1 (888) Fax: +1 (919) GFI 2280 aug13 ENGLAND AND IRELAND Magna House, London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) Fax: +44 (0) EUROPE, MIDDLE EAST & AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: Fax: AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: Fax: sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit: Disclaimer GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.