How fast is Intellitactics SAFE - how many events per second can Intellitactics SAFE reliably process?
On the surface – this could be a trick question! Often times, people ask about the speed of Intellitactics SIEM solutions in a generic way and believe they can reliably compare SIEM solutions by comparing events per second or eps as quoted by the vendors. The trick to the question is that eps can be applied to acquisition speed or processing speed. Acquisition speeds may vary depending on whether the SIEM solution relies on agents or is agentless; the acquisition speed may vary depending on the devices that are being monitored.
Acquisition speeds can vary depending on what you are counting – raw logs or logs that are parsed and then stored as events. While the speed is an important measure, it’s equally important to understand the relationship between the capacity of the collector and the eps. You’ve heard the saying – put a big enough box in place and you can have all the speed you need. When buying an appliance this is especially true. Intellitactics SAFE for example is sold as 5 models and each model has a tested capacity that supports performance numbers.
Now to processing speeds - there are many functions that occur within the SIEM solution itself. Raw logs are stored and retrieved when you are trying to understand what is happening. Events are stored and then retrieved to populate the user interface and to generate reports. The data warehouse or repository of the SIEM solution is critical to the performance of your SIEM. Intellitactics SIEM solutions all use the Security Data Warehouse (SDW) which is optimized for speed of processing. This data warehouse stores logs in flat files and events in an optimized RDB. The SDW has been validated handling 500 million events per day in customer environments. Storage in the SDW is asynchronous; it queues reliably and handles significantly high peak rates.
Processing speed is the better measure for evaluating a SIEM solution.
Here are some numbers that represent the speed of the Intellitactics SIEM solutions:
Acquisition speed alone has been clocked at 30,000 events per second
The speed of the SDW which has major impact on the speed of generating reports and queries and searches and retrieval of events has been documented at 6,000 to 8,000 eps sustained every second of every hour of the day
If you have the need for speed, be sure and schedule a custom demonstration of Intellitactics SIEM solutions that best meet your needs. Ask for a calculation of the acquisition and processing speed you can expect based on what you plan to monitor. With over 12 years of experience as the SIEM for large global banks, cabinet level government agencies, energy companies, healthcare companies and more there isn’t anything we haven’t seen.
NOTE: If you’re selecting a SIEM to build a world class security operations center – then you should care about the speed of processing events for threat detection and threat evaluation. This is a reflection of how fast the SIEM solution can analyze and correlate security events, providing Alerts, unique to Intellitactics, and security incidents.
Tomorrow – the FIFTH and FINAL question – “What about these devices – can you monitor these devices? “ I’ll be revealing the secrets to device support.
Powered by Compendium Blogware
Comments for 5 QUESTIONS from SIEM Buyers - Question 4