The product collects, compresses, encrypts, and archives security logs and aggregates security-event data, categorizes it according to preset priorities, and then correlates the data to identify anomalies. The software identifies high-priority and low-priority events, and handles user-access control, device management, and system configuration.
EIQ has developed one of the industry's first enterprise-scale security-management architectures, which is needed as businesses cope with managing security threats for more devices, gather more security data, and are required to generate more security reports, says Jon Oltsik, an analyst at Enterprise Strategy Group. Many security products don't scale well, resulting in lag times between security events and getting enough information to know what to do about them. "EIQ appears to have the horsepower to know about events as they happen and all the ramifications," he says.
The software also generates compliance and security-management reports and lets security professionals create configurable monitors, event managers, and monitoring dashboards. It offers 800 options for forensic analysis and has an embedded database. Finally, it can identify attacks, viruses, and worms; reduce false positives; and send out alerts.
Timothy Guy, a senior network administrator at a billion-dollar manufacturing holding company, says he used to spend six hours a day parsing through as much as 700 Mbytes worth of security-event logs and writing his own queries for "access denied" reports or other problems. With Network Security Analyzer, he says, "we spend 10 minutes clicking while we open up the main console."