[Dshield] SEIM Tool recommendation
Albert Gonzalez
albertg at cerveau.us
Fri Feb 1 16:30:10 GMT 2008
I have deployed ArcSight several times and really enjoyed working with
it and the data management abilities it gave you. I have used NeuSecure
and didn't like it very much, and I recently saw the deployment of
Nitrosecurity's ESM.Choosing the right one really depends on your
requirements are. Events per second? Agentless? Can it export data? Get
payload? etc...
Just because you have 10000 devices you can send to a SEIM tool doesn't
mean you should, more data is not always useful. For a large scale
deployment, ArcSight would be my recommendation. I can't really make too
much of comments on Nitro's ESM as I just started playing :)
- Albert
--
Success comes to the person who does today what you are thinking of doing tomorrow.
GPG KeyID = 4914A9D4
On Fri, 2008-02-01 at 11:01 -0500, Joel Esler wrote:
> Arcsight seems to be the SEIM of choice in most of the places that I
> go nowadays. I have taken *some* training on it (ACIA), but not
> enough to recommend it.
>
> I do enjoy how they manage their data. Extremely efficient on the db
> side.
>
> Joel
>
> On Feb 1, 2008, at 10:47 AM, john.schlichting at osf.ok.gov wrote:
>
> >
> > I use QRadar from Q1 Labs. Works very well for me.
> >
> > /john
> >
> > list-bounces at lists.dshield.org wrote on 01/31/2008 10:31:43 PM:
> >
> >> My company is doing an RFP for a SEIM tool. Any recommendation will
> >> be
> >> highly appreciated .. ARCSIGHT, RSA, Symantec...etc.
> >>
> >> Regards
> >>
> >> Bass
> >>
>
> --
> Joel Esler
> joel.esler at sourcefire.com
> http://www.joelesler.net
>
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze up north if you can be in New Orleans. http://www.sans.org/info/15826
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.sans.org/pipermail/list/attachments/20080201/8eaa0948/attachment.bin
More information about the list
mailing list