RE: Re: Picking a SIEM: How's envision compared with Arcsight?

["Mikhail A. Utin" <mutin () commonwealthcare org>]

Hello,
According to RSA's web site, enVision runs on Windows 2003 server platform.
Do we need any other comments to such Vision?

Mikhail Utin, CISSP
________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of bit1976 [bittu23 () yahoo com]
Sent: Monday, February 13, 2012 11:41 AM
To: security-basics () securityfocus com
Subject: Re: Re: Picking a SIEM: How's envision compared with Arcsight?

Well my experience has been completely different working on both the
products. Arcsight is a superior correlation engine compared to RSA envision
which for me is like a High school project (sorry for being rude). Yes i
believe Arcsight has been using Oracle DB but they have changed to a much
more robust flat file database in their newly launched express appliances.
Secondly looking at the overall solution from a day to day perspective in
case of RSA for writing complex rules, reports one needs to to SQL in detail
whereas Arcsight is pretty cool with their interactive GUI...more over
rules, reports, dashboards based on categories enable the environment to be
future proof any not depend on the end device vendor.
I don't see any complexity in the product maintenance where i have seen
large environments like MSSP's running in a fully automated fashion...so the
complexity part is really for me is really not true....Inspite i would put
it the other way is that it may time for any environment to mature...but
once done things don't need much day to day involvement.RSA is ok if once
needs log management at a cheap price but if real correlation is needed
which is the heart of an SIEM it has to be Arcsight.

roys81 wrote:
> Hi,
>
> i'm sorry to be rude but the guy who answered you about arcsight and
> envision obviously don't understand much in envision - i've been deploying
> envision for 5 years now and i can tell you a thing or two about it, 1st
> of all arcsight is a great product but it does have it's weaknesses.
> envision supports: wmi, lea, odbc, http/https, ftp/sftp, syslog and snmp -
> if you want to be more precise, if there is a log you can read it with
> envision also you can develop a parser for every unknown device so
> envision will recognize it and a little secret about it - it's free of
> charge. if you want to compare the two systems than you need to know that
> arcsight is based on oracle DB (for better and worse) while envision's
> using IPDB (flat file storage method) i'm not saying that envision is a
> perfect solution you'll need to do some out of the box developing to get
> some special features out of it but the simplicity of connecting devices,
> storing data at envision is the best i've seen in the market.
> another thing that you need to know about arcsight is that it's one of the
> most complexed SIEM products in the markek and you'll probably need at
> least one person in a full time job to deploy and maintain it for you (and
> that's not cheep at all). if you have more questions about envision i'll
> be glad to help you.
>
> -
CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------