Network Intelligence enVision
Network Intelligence's enVision, a Windows-based, turnkey SIM, has come a long way since we last tested it. The product now includes more advanced correlation capabilities, customizable dashboards, and a wider range of supported devices and transport protocols. One additional selling point that Network Intelligence promotes is that enVision doesn't use a RDBMS under the hood to manage data; rather, the company built its own storage technology, called LogSmart IPDB, that does away with much of the unnecessary overhead found in most commercial RDBMSs. Although we couldn't increase the data in our test environment to the terabyte-size range required to measure this feature, we believe the move away from conventional RDBMS could be good if done right.

We brought enVision online in a few hours. In less than half a day we had the product up, running and taking all the feeds from our data sources. However, the device provisioning process was not as smooth as it was with High Tower's product; we had to define and configure every one of our log sources because the product lacks an autodetection mechanism. This wasn't a huge drawback for us, because we had fewer than 40 nodes sending data into the SIM environment, but organizations with hundreds or thousands of devices might be less tolerant of the provisioning process.

After spending months with the product, we believe enVision's selling point is that it covers most feature requirements reasonably well: It has a real-time console, can perform correlation functions, includes basic reporting components, and we could get around the product without too much headache. However, its feature set is not as comprehensive as that of ArcSight ESM, and its UI isn't nearly as polished.

But given that enVision can get most jobs done and its no-hassle pricing model, we anticipate Network Intelligence will continue to give other SIM providers a run for their money.