[unisog] SIM/SIM-like usage poll

Brian Smith-Sweeney bsmithsweeney at nyu.edu
Thu Apr 21 21:06:46 GMT 2005


Greetings all,

I apologize to those that get this twice, as I'm cross-posting Unisog 
and Educause.

I know this was mentioned briefly on Unisog recently, but I'd like to 
take a quick poll of the group to find out who's using a SIM product 
right now.  We're just starting to look at SIMs, but so far I've seen 
two open-source solutions (OSSIM and OPENSIM) and some commercial 
products as well (ArcSight,NetForensics,OPEN,NetMon2, Cisco) that seem 
promising.   My questions are:

1) What, if any, SIM are you using, and would you recommend it? 
2) Are you using it to handle incidents all across the network, just 
monitor core systems, or some other subset of your network security 
infrastructure?
3) What was the biggest draw to the solution you're using?

Any other thoughts, experiences, etc. are certainly appreciated.   
Please send replies to any or all of the above off-list to 
bsmithsweeney at nyu.edu, and I'll summarize the results and post. 

Cheers,
Brian

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney      Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney at nyu.edu
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the unisog mailing list