Full Text

The power and complexity of NetlQ's Security Manager 5.0 - the latest version of the company's security event management product - is well masked by its consistent user interface and overall ease of use.

When we first tested security event management products late last year, NetIQ opted out because it was working on this new version of its product. Measured using the same methodology as our original test, Security Manager 5.0 places a close second to ArcSight's ArcSight 2.5 product, which earned top honors (www.nwfusion.com, DocFinder: 2921). Security Manager is easy to install and is scalable, but the ArcSight product supports more devices out-of-the-box and has a slightly better GUI.

Security Manager comprises three main components: Event Manager, Intrusion Manager and Log Manager. Event Manager is the central console that manages and displays security events. Intrusion Manager watches incoming logs for signs of intrusion and either generates alerts or takes a defined action when an incident is suspected. Log Manager is the workhorse, handling collection,standardization and archiving of all managed logs. In our tests, we installed all components on one server without running into performance issues (see How we did it, right). For a production environment where you would watch a large number of events, you'd probably want to split these components up onto multiple machines.

Security Manager is an...