[unisog] any experience with Q1Labs?

James D. Perry II jperry1 at utk.edu
Mon Jun 13 11:40:57 GMT 2005

We recently completed an evaluation of several SEM systems here at the
University of Tennessee.  Although there are several vendors who provide
very similar capabilities, only a couple meet our specific needs for
integration with third-party applications like HP OpenView and ARS Remedy.

I would suggest that you take a look at ArcSight (if you want comprehensive
analysis and correlation capabilities - and aren't concerned with disk
storage - does use an Oracle database) or Network Intelligence (fast system
with minimal disk requirements - proprietary database).

James Perry 
IT Team Lead, Information Security Office
University of Tennessee
Jperry1 at utk.edu
(865) 974-3592

-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of sunia
Sent: Friday, June 10, 2005 7:22 PM
To: unisog at lists.sans.org
Subject: [unisog] any experience with Q1Labs?

Hi, All!

We're just beginning to evaluate SEM/SIMs.  Q1Labs came to talk to us 
and seemed to understand networking.   Just wondering if anyone had any 
experience with them.

We're also looking at NetForensics and Protego - getting eval units.


Sunia Yang
Network Engineer
Stanford University
sunia.yang at stanford.edu

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list