GFI Product Comparison. GFI EventsManager 2013 vs. WhatsUp EventLog Management Suite

Similar documents
Evaluation Guide. The purpose of this document is to help evaluating users install and configure GFI EventsManager.

Evaluation guide. Online Demo Evaluation Guide

GFI Product Comparison. GFI MailEssentials vs Sophos PureMessage

GFI product comparison: GFI LanGuard 12 vs Microsoft Windows Intune (February 2015 Release)

GFI Product Manual. Evaluation Guide

GFI FaxMaker and HIPAA compliance

User Guide. Learn how to archive items with GFI Archiver.

GFI Product Manual. Deployment Guide

GFI Product Comparison. GFI WebMonitor 2015 vs. McAfee Web Gateway

GFI Product Manual. Installation Guide

GFI Product Manual. Evaluation Guide Part 1: Quick Install

Managing security in a devicedriven Windows environment

GFI Product comparison. vs. Archiver

GFI Product comparison. vs. Archiver

GFI Product comparison. vs. Archiver

GFI Product Manual. User Manual

Why one virus engine is not enough

GFI Product Manual. Client Manual

GFI product comparison: GFI MailEssentials vs. Barracuda Spam Firewall

ManageEngine EventLog Analyzer Quick Start Guide

GFI Product Manual. Client Manual

GFI product comparison: GFI MailEssentials vs. McAfee Security for Servers

GFI product comparison: GFI MailEssentials vs. LogicNow - Control

GFI product comparison: GFI MailEssentials vs. Trend Micro ScanMail Suite for Microsoft Exchange

GFI product comparison: GFI MailEssentials vs Symantec Mail Security for Microsoft Exchange 7.5

Technical factsheet Cloud Backup

Quick Installation Guide. Learn how to quickly set up GFI WebMonitor for trial.

Symantec Enterprise Vault

Upgrading from VIPRE Security for Exchange to GFI MailEssentials

Administrator Guide. Find out how to set up and use MyKerio to centralize and unify your Kerio software administration.

ADMINISTRATOR GUIDE. Learn how to configure advanced features and use GFI EventsManager.

Nokia Intrusion Prevention with Sourcefire. Appliance Quick Setup Guide

GFI MailSecurity 2011 for Exchange/SMTP. Administration & Configuration Manual

ISO27001 Preparing your business with Snare

Data Breach Risk Scanning and Reporting

Netwrix Auditor. Event Log Export Add-on Quick-Start Guide. Version: 8.0 6/3/2016

Netwrix Auditor for Active Directory

Nokia Intrusion Prevention with Sourcefire Appliance Quick Setup Guide. Sourcefire Sensor on Nokia v4.8

Netwrix Auditor Competitive Checklist

CRYPTTECH. Cost-effective log management for security and forensic analysis, ensuring compliance with mandates and storage regulations

Altiris Software Management Solution 7.1 from Symantec User Guide

NetIQ Secure Configuration Manager Installation Guide. October 2016

GFI Product Manual. Manual

Symantec Endpoint Protection Integration Component User's Guide. Version 7.0

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CipherCloud CASB+ Connector for ServiceNow

Symantec Control Compliance Suite Getting Started Guide. Version: 11.0

Compliance and Privileged Password Management

Installation Guide. EventTracker Enterprise. Install Guide Centre Park Drive Publication Date: Aug 03, U.S. Toll Free:

Netwrix Auditor for SQL Server

Veritas NetBackup Appliance Security Guide

Altiris IT Analytics Solution 7.1 from Symantec User Guide

CommandCenter NOC. CommandCenter NOC - Features and Benefits. Out of Band access to target systems. Network management. Windows system management

Altiris Client Management Suite 7.1 from Symantec User Guide

DIGIPASS Authentication for F5 BIG-IP

Symantec ServiceDesk 7.1 SP1 Implementation Guide

ITSM SERVICES. Delivering Technology Solutions With Passion

Netwrix Auditor for Active Directory

WhatsUpGold. v14.1. Getting Started Guide

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.6

Symantec Enterprise Security Manager IBM DB2 Modules User Guide for Windows and UNIX. Version 4.2

Symantec NetBackup OpsCenter Reporting Guide. Release 7.7

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Red Hat Enterprise Linux 5

Evolution Of The Need For IAM. Securing connections between people, applications, and networks

MOBILE NETWORK ACCESS CONTROL

For the latest news about this release, including any hotfixes, subscribe to

OpenService NerveCenter Event Correlation Network Management

Veritas NetBackup Appliance Security Guide

SecureVue. SecureVue

Carbon Black PCI Compliance Mapping Checklist

One Identity Manager 8.0. Administration Guide for Connecting Unix-Based Target Systems

Security Content Update Release Notes for CCS 12.x

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. AIX 5.3 and 6.1

MA0-104.Passguide PASSGUIDE MA0-104 Intel Security Certified Product Specialist Version 1.0

WhatsUpGold. v14. Getting Started Guide

IBM PowerSC. Designed for Enterprise Security & Compliance in Cloud and Virtualised environments. Highlights

Archive Legislation: archiving in the United Kingdom. The key laws that affect your business

Netwrix Auditor. Administration Guide. Version: /31/2017

Compare Security Analytics Solutions

Oracle Database Vault

Log Data: A Source of Value. Nagios Enterprises LLC Nagios Enterprises 2017 Logs: A Source of Value // 1

UNIFICATION OF TECHNOLOGIES

NetWrix Group Policy Change Reporter

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Symantec Enterprise Vault

CSP & PCI DSS Compliance on HPE NonStop systems

Symantec Encryption Management Server and Symantec Data Loss Prevention. Integration Guide

VERITAS NetBackup 6.0 Enterprise Server INNOVATIVE DATA PROTECTION DATASHEET. Product Highlights

Cisco Security Monitoring, Analysis and Response System 4.2

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Network Configuration Manager

McAfee Security Management Center

Configuring Symantec AntiVirus for BlueArc Storage System

GFI Product Manual. GFI LanGuard Central Management Server

Symantec Disaster Recovery Advisor Release Notes

IBM Internet Security Systems Proventia Management SiteProtector

Best practices with Snare Enterprise Agents

NETWRIX GROUP POLICY CHANGE REPORTER

Transcription:

GFI Product Comparison GFI EventsManager 2013 vs. WhatsUp EventLog

Features GFI EventsManager 2013 WhatsUp Log Installs prerequisites automatically Real-time event log monitoring Real-time event log archiving Network discovery Windows domains Windows domains Data retention/ save log entries to database File based proprietary storage engine Microsoft SQL Server, Microsoft Access database, text file Indexes log data? Dynamic columns and normalization of Windows event data Drill-down browsing Ability to automatically interpret and categorize events based on built-in intelligence offered by the vendor as well as other To a small extent criteria (during/outside normal operational time, etc.) Data centralization and management functionality (from multiple instances or appliances) with various options to import, backup, delete and move data from/into main, backup, custom or rollover databases or backup files Out-of-the-box configuration (predefined computer groups, configured to use appropriate processing rules) Role-based authentication in the console Audit the actions of users operating the application Dashboard views available Real-time operations status and statistics available on dashboard Real-time "top important logons" statistics available on dedicated dashboard Real-time "critical and high importance events" statistics available on dedicated dashboard Real-time "top Windows service status" statistics available on dashboard Real-time "top network activity events" statistics available on dashboard (based on Windows Vista+ events) Filter events based on basic event information: category, source, computer, etc. Advanced filtering for general forensics and breach investigation - filter events based on extended event information Monitor Syslog devices (routers, firewalls, switches) and/or Linux, Unix computers GFI EventsManager 2013 vs. WhatsUp EventLog 2

GFI EventsManager 2013 WhatsUp Log Built-in SNMP trap server for monitoring routers, firewalls, switches, sensors, etc. Monitor Windows.EVT(X) formats Monitor Windows custom log in.evt(x) format Support for collecting text based logs any format. Monitor Microsoft SQL Server c2 style auditing Monitor Oracle 9, 10, 11 servers Monitor W3C / W3C EXT logs (Microsoft IIS, Exchange, ISA) Out-of-the- box support for native SharePoint events (embedded or through 3rd party tools) Monitor various Windows events generated by applications such as antivirus software, Exchange servers, ISA servers, web servers, etc. Change monitoring Detect inactive users and inactive domain machines Detect if Microsoft firewalls are not enabled Detect if IPSec policies are not assigned Detect if machines respond slow or do not respond to PING Detect if there are no volumes encrypted by Microsoft solutions (i.e., BitLocker ) Detect if there are disk volumes that are getting full Detect and integrate summaries of scan results from vulnerability scanners, missing patches, service packs, open ports, antivirus presence and status, and unauthorized applications installed (integrates with GFI LanGuard) User-based activity monitoring To a small extent Security policy monitoring To a small extent Authorization and authentication mechanisms monitoring To a small extent Health monitoring To a small extent Performance monitoring File monitoring (based on logs) (based on logs) With (based on logs) Flexible reporting Running correlation rules on historical data USB control Limited* (integrates with GFI EndpointSecurity) GFI EventsManager 2013 vs. WhatsUp EventLog 3

GFI EventsManager 2013 WhatsUp Log Automatic synchronization of the list of the machines with the machines registered in AD Built-in intelligence to interpret, categorize and translate events Very slim Event handling based on fully customizable processing rules Ability to identify actions performed by the users with administrative privileges on Windows systems based on realtime monitoring and privilege change history Noise reduction Technical reports available Statistical reports available Account usage reports Account management reports Policy changes reports Object access reports Application management reports Print server reports HTTP activity reports Windows Event Log system reports PCI compliance reports SOX compliance reports GLBA compliance reports HIPAA compliance reports GCSx Code of Connection compliance reports Real time alerting SMS/Email/Net Message Pager /Email/ Database/Syslog Reactivity run code, perform actions on detection of certain events Scalability Only limited by the hardware (can report gracefully on 2 Billion events? on average server hardware) Advanced, active monitoring features in terms of availability and performance Monitoring of network protocols via generic TCP/IP Check Monitoring of network devices via SNMP and WMI Monitoring of server services Web servers URL availability, ISA/TMG Servers, etc. GFI EventsManager 2013 vs. WhatsUp EventLog 4

Monitoring of server services Mail servers Exchange, IMAP, SMTP, POP3, Email route, etc. Monitoring of server services NNTP Monitoring of server services NTP Monitoring of server services Database servers SQL, ADO, ODBC Monitoring of server services Terminal services Monitoring of servers services Print servers Monitoring of infrastructure services Active Directory / LADAP Monitoring of infrastructure services DHCP Monitoring of infrastructure services DNS Monitoring of infrastructure services - WINS GFI EventsManager 2013 WhatsUp Log Node Monitoring - Windows node availability Node Monitoring - Windows availability of resources and services Node Monitoring Windows performance Node Monitoring Windows script output? Node Monitoring Linux /Unix node availability Node Monitoring Linux /Unix script output? Node Monitoring Linux/Unix availability of resources and services GFI EventsManager 2013 vs. WhatsUp EventLog Competitor Weaknesses EventsManager Strengths The log collection/archiving and monitoring processes are not real time. The product offers real time collection, monitoring/ analysis and archival of events. There is no engine to intelligently classify information, and offer default intelligence on what the events mean, in real time. The product is based on an intelligent engine that interprets and classifies events out of the box, in real time, at processing level. It offers customization capabilities and a vast array of preconfigured parameters. GFI EventsManager 2013 vs. WhatsUp EventLog 5

The product doesn t offer minimal preconfigured event source groups based on the log type or functional roles The product cannot detect activities of users with administrative privileges The product lacks built-in support for scanning native audit logs of SQL Server and Oracle database servers. The product cannot monitor text files, which means it cannot monitor text based logs of popular applications. (other than W3C as indicated in the comparison) Only basic filtering is available. Real forensic investigation is impossible. There is no real normalization and consolidation of logs Presentation suffers; the UI is cumbersome, unintuitive and uses rather old technology. There is no dashboard, each module is managed separately. Difficult to deploy, configure and run: different packages for archiving, analyzing and reporting on log data, each configurable from its own console The product is shipped with lots of predefined groups that have associated correlation rules based on the type of device (e.g. Windows domain controllers, Exchange servers, SQL Server servers, Oracle servers, etc.) The product records the group dynamics of user groups with administrative privileges and is able to determine with 100% accuracy if a certain user triggering a log entry was an administrator at the time when the event was logged exactly what is required by PCI compliance, for example irrespective of when the log entry is collected by the product, or used in reports. The product offers additional scanning capabilities: it can monitor database servers, native SharePoint events and IBM iseries events (through 3rd party apps) The product can monitor text logs based on a user-defined, customizable schema thus greatly enlarging the coverage in terms of log collection (anti-virus software, custom applications, anything that logs text) Filtering and searching works at very granular level enabling both regular expressions support and Windows advanced filtering capabilities based on he extended tags of the Windows events. The product offers data normalization across various log types and three layers of log consolidation: encryption, controlled and audited access to logs and hashing of log data. Presentation delivers dashboards, drill down capabilities for viewing logs and intuitive wizards to accomplish common tasks Easier to install configure and run due to the fact that everything is already in the product (no need to install anything or configure network infrastructure), there is an AD sync function built in and wizards are present all over the place. Active network and server monitoring Active network and server monitoring functionality is offered in two additional functionality is integrated into the product at no products at significant extra cost. extra cost. GFI EventsManager 2013 vs. WhatsUp EventLog 6

The product does not offer the ability to react to the information it finds The product lacks out of the box functionality and consequently, pre-configured items (except pre-configured reports) The product offers the possibility to run scripts, code or third party applications when certain incidents occur. The product offers preconfigured roledependent computer groups, processing rules and filters thus eliminating the important requirement of knowing what events to look for or which logs to scan. At the same time it offers a large number of preconfigured reports, including compliance related Conclusion In terms of log management and SIEM, GFI EventsManager offers significantly better technology, functionality, features and user experience than WhatsUp Log. On the other hand, in terms of network and server monitoring, the specialized product from WhatsUp, called (not covered in this comparison in detail) together with its add-ons (extra price) offers a strong collection of features which matches the capabilities of GFI EventsManager and has a better presentation layer together with some extra features regarding network discovery and support for flow analysis. The extra value which GFI EventsManager adds on the side of network and server monitoring is the unique combination of active monitoring (similar to ) and passive monitoring based on log data (similar to WhatsUp Log Management) which enables IT administrators to identify not only the problems but their causes as well (having the log data) without leaving the console of the product. GFI EventsManager 2013 vs. WhatsUp EventLog 7

USA, CANADA AND CENTRAL AND SOUTH AMERICA 4309 Emperor Blvd, Suite 400, Durham, NC 27703, USA Telephone: +1 (888) 243-4329 Fax: +1 (919) 379-3402 ussales@gfi.com GFI 2280 aug13 ENGLAND AND IRELAND Magna House, 18-32 London Road, Staines, Middlesex, TW18 4BP, UK Telephone: +44 (0) 870 770 5370 Fax: +44 (0) 870 770 5377 sales@gfi.com EUROPE, MIDDLE EAST & AFRICA GFI House, San Andrea Street, San Gwann, SGN 1612, Malta Telephone: +356 2205 2000 Fax: +356 2138 2419 sales@gfi.com AUSTRALIA AND NEW ZEALAND 83 King William Road, Unley 5061, South Australia Telephone: +61 8 8273 3000 Fax: +61 8 8273 3099 sales@gfiap.com For a full list of GFI offices/contact details worldwide, please visit: http://www.gfi.com/contactus Disclaimer 2013. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. The information and content in this document is provided for informational purposes only and is provided as is with no warranty of any kind, either express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages, including any consequential damages, of any kind that may result from the use of this document. The information is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of information and is not responsible for misprints, outof-date information, or errors. GFI makes no warranty, express or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information contained in this document. If you believe there are any factual errors in this document, please contact us and we will review your concerns as soon as practical.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback