Security Basics mailing list archives
RE: Re: Picking a SIEM: How's envision compared with Arcsight?
From: "Mikhail A. Utin" <mutin () commonwealthcare org>
Date: Tue, 14 Feb 2012 11:14:24 -0500
Hello, According to RSA's web site, enVision runs on Windows 2003 server platform. Do we need any other comments to such Vision? Mikhail Utin, CISSP ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of bit1976 [bittu23 () yahoo com] Sent: Monday, February 13, 2012 11:41 AM To: security-basics () securityfocus com Subject: Re: Re: Picking a SIEM: How's envision compared with Arcsight? Well my experience has been completely different working on both the products. Arcsight is a superior correlation engine compared to RSA envision which for me is like a High school project (sorry for being rude). Yes i believe Arcsight has been using Oracle DB but they have changed to a much more robust flat file database in their newly launched express appliances. Secondly looking at the overall solution from a day to day perspective in case of RSA for writing complex rules, reports one needs to to SQL in detail whereas Arcsight is pretty cool with their interactive GUI...more over rules, reports, dashboards based on categories enable the environment to be future proof any not depend on the end device vendor. I don't see any complexity in the product maintenance where i have seen large environments like MSSP's running in a fully automated fashion...so the complexity part is really for me is really not true....Inspite i would put it the other way is that it may time for any environment to mature...but once done things don't need much day to day involvement.RSA is ok if once needs log management at a cheap price but if real correlation is needed which is the heart of an SIEM it has to be Arcsight. roys81 wrote:
Hi, i'm sorry to be rude but the guy who answered you about arcsight and envision obviously don't understand much in envision - i've been deploying envision for 5 years now and i can tell you a thing or two about it, 1st of all arcsight is a great product but it does have it's weaknesses. envision supports: wmi, lea, odbc, http/https, ftp/sftp, syslog and snmp - if you want to be more precise, if there is a log you can read it with envision also you can develop a parser for every unknown device so envision will recognize it and a little secret about it - it's free of charge. if you want to compare the two systems than you need to know that arcsight is based on oracle DB (for better and worse) while envision's using IPDB (flat file storage method) i'm not saying that envision is a perfect solution you'll need to do some out of the box developing to get some special features out of it but the simplicity of connecting devices, storing data at envision is the best i've seen in the market. another thing that you need to know about arcsight is that it's one of the most complexed SIEM products in the markek and you'll probably need at least one person in a full time job to deploy and maintain it for you (and that's not cheep at all). if you have more questions about envision i'll be glad to help you. -
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please reply to the sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, please visit our Internet web site at http://www.commonwealthcare.org. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Picking a SIEM: How's envision compared with Arcsight? xxuuyyong (Feb 02)
- <Possible follow-ups>
- Re: Picking a SIEM: How's envision compared with Arcsight? Sandeep Cheema (Feb 03)
- Re: Re: Picking a SIEM: How's envision compared with Arcsight? roys81 (Feb 05)
- Re: Re: Picking a SIEM: How's envision compared with Arcsight? bit1976 (Feb 13)
- RE: Re: Picking a SIEM: How's envision compared with Arcsight? Mikhail A. Utin (Feb 14)
- Message not available
- RE: Re: Picking a SIEM: How's envision compared with Arcsight? Mikhail A. Utin (Feb 14)
- Re: Re: Picking a SIEM: How's envision compared with Arcsight? bit1976 (Feb 13)