Educause Security Discussion mailing list archives
Re: SIEM Solution Recommendation
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Sun, 30 Oct 2011 09:24:37 -0700
FWIW, our sysadmins and dbas have found our Nitro SIEM quite useful for troubleshooting some system issues that have occurred. In any event, I think you are quite right that such a criteria of use by other groups is very important. I find that our most successful security products are those that are widely used outside of our security group. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Director of Client Services (Acting) & Information Security Officer Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On 10/29/11 9:34 PM, "Will Froning" <will.froning () GMAIL COM> wrote:
Hello Abigail, I will second the vote for Splunk with Enterprise Security Suite. I tested Nitro, NetIQ and Splunk head-to-head and found Splunk the best of the three. The real win is the ability to use Splunk beyond just the initial project. The SIEM is really only usable by the Security group, but with Splunk I've given access to the web team, systems, networking, banner group and even the IT director. Each of them have used it to solve a number of problems that would have otherwise been difficult or time consuming with raw logs. Now the big investment has a quicker ROI for the University. The Splunk licensing model is very straightforward; X number of GB indexed per day and the ability to exceed that limit a few times a month without penalty. If you find the reporting too slow, you just buy another search head and distribute the load with no additional licensing cost. Thanks, Will On Wed, Oct 26, 2011 at 7:38 PM, Burton, Abigail F <afburton () bcm edu> wrote:Greetings All: We are in the process of doing dog and pony shows for SIEM solutions and I would like to get a general perspective of what you have experienced in-house and those that belong in the out-house :-) We are looking at: ArcSight RSA NitroSecurity NetIQ to just name a few. Any thoughts would be very helpful. Please feel free to contact me directly. Best regards, -- Abigail Burton Sr. Information Security Analyst Enterprise IT Security and Compliance Baylor College Of Medicine http://www.bcm.edu Voice: 713.798.4559 afburton () bcm edu Main: 713.798.3900 itsc () bcm edu Fax: 713.798.1205 This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication may contain material that is privileged and legally protected from disclosure by federal law, including the Health Insurance Portability and Accountability Act (HIPAA). If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete this message.-- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Current thread:
- Re: SIEM Solution Recommendation, (continued)
- Re: SIEM Solution Recommendation Basgen, Brian (Oct 26)
- Re: SIEM Solution Recommendation David Escalante (Oct 26)
- Re: SIEM Solution Recommendation Greene, Chip (Oct 26)
- Re: SIEM Solution Recommendation Brad Judy (Oct 27)
- Re: SIEM Solution Recommendation Burton, Abigail F (Oct 27)
- Re: SIEM Solution Recommendation Mike Lococo (Oct 26)
- Re: SIEM Solution Recommendation Everett, Alex D (Oct 26)
- Re: SIEM Solution Recommendation King, Ronald A. (Oct 26)
- Re: SIEM Solution Recommendation Will Froning (Oct 29)
- Re: SIEM Solution Recommendation John Kaftan (Oct 30)
- Re: SIEM Solution Recommendation Basgen, Brian (Oct 30)
- Re: SIEM Solution Recommendation Foerst, Daniel P. (Oct 30)