Features
Review: Cellebrite UFED Touch Ultimate
The Cellebrite UFED Touch Ultimate is a fully equipped mobile forensic tool that enables quick and easy data acquisition from more than 8,000 mobile devices, including not only cellphones, but handheld GPS units, tablets and other mobile platforms.
May 15 2013 10:51AM
Security
Review: Cyber Security Technologies Mac Marshal
Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits. Each allows users to access a computer with ease and flexibility. While these offerings were designed originally for Mac OS X to access data, logs and virtual machines running within the Mac OS, the Forensic Edition for PCs will also work with MS Windows.
May 15 2013 10:48AM
Security
Review: Guidance Software EnCase Forensic v7
Encase Forensic v7 is a tool for computer investigation that both searches a computer system for information, as well as aids in the process of developing this information into a complete report. This software can decrypt high-level forms of encryption, create an image of the physical drive, and then generate reports on the evidence.
May 15 2013 10:45AM
Security
Review: Technology Pathways ProDiscover Incident Response 7.4
ProDiscover Incident Response (IR) from Technology Pathways is a computer security tool that allows users to preview, image, view, search, analyze and report. ProDiscover also provides solutions for corporate policy compliance investigation, e-discovery and computer forensics.
May 14 2013 5:00PM
Security
Review: CRU WiebeTech Forensic ComboDock v5
The Forensic ComboDock is a read/write blocker. It makes it impossible to unintentionally turn off write-blocking. Every time it is turned on, it asks the user to choose either write-blocking or read/write mode, avoiding problems that can occur when the user forgets to change the mode to write-blocking. Its LED indicator light and a screen menu also clearly identify the work mode.
May 14 2013 4:57PM
Security
Review: AlienVault Unified Security Management (AV-USM) v4.1
AlienVault's Unified Security Management (AV-USM) platform combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioral monitoring and security intelligence/event correlation.
May 14 2013 4:55PM
Security
Review: eIQnetworks SecureVue v3.6.3
SecureVue provides all of the elements one would expect in a SIEM - log consolidation, threat correlation, incident management (including ticket issuance), event analytics, forensic analysis, compliance reporting, change auditing, event alerting, an array of user definable/customizable alerting and reporting options, and more.
May 14 2013 4:47PM
Security
Review: GFI EventsManager 2013
GFI EventsManager collects, centralizes, normalizes, consolidates and analyzes a wide range of log types, such as World Wide Web Consortium (W3C) and any text-based formats, Windows events, SQL Server and Oracle audits, and syslog and simple network management protocol (SNMP) traps generated by devices, such as firewalls, servers, routers, switches, sensors, SQL server systems, PCs and custom devices.
May 9 2013 5:43PM
Security
Review: HP ArcSight Express
The HP ArcSight Express appliance features a full set of SIEM capabilities, including security event correlation, log management, IT search, NetFlow monitoring and compliance reporting. Using this tool, security professionals and system administrators can identify and investigate many security events and rule violatations - all from a single interface. Along with the usual monitoring and reporting functions of a SIEM, this offering also features user activity and role monitoring, which provides a more complete picture of certain security events and how they occurred.
May 9 2013 3:58PM
Security
Review: LogRhythm
The LogRhythm appliance goes way beyond traditional security event monitoring and management. This appliance features log and event management functions as with any SIEM, but beyond that it includes advanced correlation and pattern recognition driven by its onboard Advanced Intelligence Engine, with host activity and file integrity monitoring, and drill-down capabilities to get to the raw log data for analysis and forensics.
May 9 2013 3:50PM
Security
Review: McAfee Enterprise Security Manager
The McAfee Enterprise Security Manager is back this year after a full transformation from its former self, the NitroView ESM. Many of the obvious differences are skin deep, and much of the robustness of the previous product remain intact, including the familiar management console, but more on that shortly. For those who do not know this product, the Enterprise Security Manager is the ultimate high-powered SIEM. This tool uses a proprietary backend database that allows it to collect more than 18,000 events per second from a single receiver and feed them through an advanced correlation engine for deep analysis.
May 9 2013 3:44PM
Security
Review: NetIQ Sentinel
Sentinel from NetIQ offers a lot of robust SIEM features and functions. This product features log collection, aggregation, correlation and analysis and reporting - all from one single point that is easy to use and manage. Administrators and security personnel can use this tool to gain a great amount of insight into security events, as well as prevent threats that may be unseen without the use of Sentinel's powerful log correlation engine.
May 9 2013 3:41PM
Security
Review: SolarWinds Log & Event Manager
The SolarWinds Log & Event Manager, also known as the LEM, is a virtual appliance capable of collecting logs and events from almost any network-connected device and then correlating that data for further analysis. The LEM virtual appliance can be deployed in either a VMware ESX or Microsoft Hyper-V virtual environment and can provide insight into security events, as well as help with performance monitoring and compliance management.
May 9 2013 3:37PM
Security
