Re: SIEM Solution Recommendation

["Basgen, Brian" <bbasgen () PIMA EDU>]

 FWIW, our sysadmins and dbas have found our Nitro SIEM quite useful for
troubleshooting some system issues that have occurred. In any event, I
think you are quite right that such a criteria of use by other groups is
very important. I find that our most successful security products are
those that are widely used outside of our security group.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Basgen
Director of Client Services (Acting)
& Information Security Officer
Pima Community College
Office: 520-206-4873
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





On 10/29/11 9:34 PM, "Will Froning" <will.froning () GMAIL COM> wrote:

> Hello Abigail,
>
> I will second the vote for Splunk with Enterprise Security Suite. I
> tested Nitro, NetIQ and Splunk head-to-head and found Splunk the best
> of the three. The real win is the ability to use Splunk beyond just
> the initial project. The SIEM is really only usable by the Security
> group, but with Splunk I've given access to the web team, systems,
> networking, banner group and even the IT director. Each of them have
> used it to solve a number of problems that would have otherwise been
> difficult or time consuming with raw logs. Now the big investment has
> a quicker ROI for the University.
>
> The Splunk licensing model is very straightforward; X number of GB
> indexed per day and the ability to exceed that limit a few times a
> month without penalty. If you find the reporting too slow, you just
> buy another search head and distribute the load with no additional
> licensing cost.
>
> Thanks,
> Will
>
> On Wed, Oct 26, 2011 at 7:38 PM, Burton, Abigail F <afburton () bcm edu>
> wrote:
> > Greetings All:
> >
> > We are in the process of doing dog and pony shows for SIEM solutions
> > and I would like to get a general perspective of what you have
> > experienced in-house and those that belong in the out-house :-)
> >
> > We are looking at:
> > ArcSight
> > RSA
> > NitroSecurity
> > NetIQ
> >
> > to just name a few. Any thoughts would be very helpful. Please feel
> > free to contact me directly.
> >
> > Best regards,
> > --
> > Abigail Burton
> > Sr. Information Security Analyst
> > Enterprise IT Security and Compliance
> > Baylor College Of Medicine
> > http://www.bcm.edu
> >
> > Voice: 713.798.4559     afburton () bcm edu
> > Main:  713.798.3900     itsc () bcm edu
> > Fax:   713.798.1205
> >
> > This email and any files transmitted with it are confidential and are
> > intended solely for the use of the individual or entity to which they
> > are addressed.
> > This communication may contain material that is privileged and legally
> > protected from disclosure by federal law, including the Health Insurance
> > Portability and Accountability Act (HIPAA).  If you are not the intended
> > recipient or the person responsible for delivering the email to the
> > intended recipient, be advised that you have received this email in
> > error and that any use, dissemination, forwarding, printing, or copying
> > of this email is strictly prohibited.
> > If you have received this email in error, please immediately notify the
> > sender and delete this message.
>
>
>
> -- 
> Will Froning
> Unix SysAdmin
> Will.Froning () GMail com
> MSN: wfroning () angui sh
> YIM: will_froning
> AIM: willfroning