as how 90%+ of all incoming mail is SPAM it's nice to not
have the Exchange server have to waste any cycles on them.
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Friday, January 27, 2012 11:08 AM
To: NT System Admin Issues
Subject: RE: DLP, SIEM, Network Access Control, VPN multi factor
is trying to use those devices without permission.
Security Information and Event Management (SIEM) system
The Credit Union should have a SIEM system in place to consolidate logs from
all devices and applications, encrypt those logs, have real time alerting,
and compliance reporting.
VPN
[mailto:kurt.b...@gmail.com]
Posted At: Friday, January 27, 2012 10:04 AM
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving
-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Posted At: Friday, January 27, 2012 10:04 AM
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi
.
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Posted At: Friday, January 27, 2012 10:04 AM
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
DLP is way more than just restricting access
AM
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
DLP is way more than just restricting
On Fri, Jan 27, 2012 at 11:25 AM, James Rankin kz2...@googlemail.com wrote:
DLP taken to logical extremes is extremely difficult.
Everything taken to logical extremes is extremely difficult.
(Note that I'm not disagreeing with you in the least.)
-- Ben
~ Finally, powerful endpoint
will be better.
-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Posted At: Friday, January 27, 2012 10:04 AM
Posted To: itli...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM
@lyris.sunbelt-software.com
Date: 01/27/2012 10:20 AM
Subject:Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
DLP is way more than just restricting access to removable devices.
http://code.google.com/p/opendlp/
VPN access restrictions
...@imcu.com
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
DLP is way more than just restricting access to removable
Conversation: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor
authentication, Moving Exchange into a DMZ
I always recommend that Sys Admins and IT Managers have a good
technology partner
,
** **
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
** **
*From:* itli...@imcu.com [mailto:itli...@imcu.com]
*Sent:* Wednesday, January 25, 2012 3:21 PM
*To:* NT System Admin Issues
*Subject:* RE: FW: SIEM
** **
So far
They are keying of the RSA log hacking to enforce the
encryption of the logs while in transit and at rest.
Blah Blah Blah.
Thanks. Anyone have a good SIEM product or appliance they use? I am
looking at LogRythm or SPLUNK???
From: Erik Goldoff [mailto:egold...@gmail.com]
Posted At: Wednesday, January 25
. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Thursday, January 26, 2012 9:13 AM
To: NT System Admin Issues
Subject: RE: FW: SIEM
I do that with my Kiwi Syslog software, Routers, Switches, Firewalls, Windows
NT events, Printer
need them but purchased them...
I feel like I am going to have a lot of work ahead of me.
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Posted At: Wednesday, January 25, 2012 5:12 PM
Posted To: itli...@imcu.com
Conversation: FW: SIEM
Subject: Re: FW: SIEM
You need to speak to your
yeah yeah yeah. I know I look dumb...but mostly because I am I
have always called it Log Management/ Monitoring???
Not SIEM???
From: David Lum [mailto:david@nwea.org]
Posted At: Wednesday, January 25, 2012 4:45 PM
Posted To: itli...@imcu.com
Conversation: FW: SIEM
Subject: RE: FW
was called it Log monitoring and
management. #2 They are keying of the RSA log hacking to enforce the
encryption of the logs while in transit and at rest.
Blah Blah Blah.
Thanks. Anyone have a good SIEM product or appliance they use? I am
looking at LogRythm or SPLUNK
NWEA just went through an extensive SIEM vendor evaluation process looking at
several vendors - we (mainly the SE team, they have more vested in this than I)
had a list of criteria, etc etc and decided on Arcsight for our SIEM solution.
Their hardware arrives next week and implementation starts
Not to worry! I had never heard the term SIEM until we started our process and
I was invited to the SIEM meetings, so my knowledge of the term predates you by
only a few weeks. :)
I wasn't mocking you not knowing the term, I was enjoying the tactfulness of
Steven's reply - it would
I am not sure either since syslog messaging is on a UDP port 514 and is
clear text in transit???
h curiouser and curiouser
From: Michael B. Smith [mailto:mich...@smithcons.com]
Posted At: Thursday, January 26, 2012 9:43 AM
Posted To: itli...@imcu.com
Conversation: FW: SIEM
Subject: RE
but purchased them…
I feel like I am going to have a lot of work ahead of me.
** **
** **
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Posted At:* Wednesday, January 25, 2012 5:12 PM
*Posted To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* Re: FW: SIEM
** **
You
, (SYSLOG and FireGen),
is enough but they also want everything encrypted.
** **
** **
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Posted At:* Wednesday, January 25, 2012 2:36 PM
*Posted To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* Re: FW: SIEM
** **
You've
://TheEssentialExchange.com
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Thursday, January 26, 2012 9:51 AM
To: NT System Admin Issues
Subject: RE: FW: SIEM
yeah yeah yeah. I know I look dumb...but mostly because I am I have
always called it Log Management/ Monitoring???
Not SIEM???
From: David Lum
…but mostly because I am…. I have
always called it Log Management/ Monitoring???
Not SIEM???
** **
*From:* David Lum [mailto:david@nwea.org]
*Posted At:* Wednesday, January 25, 2012 4:45 PM
*Posted To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* RE: FW: SIEM
:* RE: FW: SIEM
** **
I do that with my Kiwi Syslog software, Routers, Switches, Firewalls,
Windows NT events, Printer events, and IP camera logs but that wasn't good
enough because it doesn't encrypt the logs as well.
#1 I hadn't heard that term before. I was called it Log monitoring
hacking to enforce the
encryption of the logs while in transit and at rest.
Blah Blah Blah.
Thanks. Anyone have a good SIEM product or appliance they use? I am
looking at LogRythm or SPLUNK???
** **
*From:* Erik Goldoff [mailto:egold...@gmail.com]
*Posted At:* Wednesday
...@imcu.com
Conversation: FW: SIEM
Subject: Re: FW: SIEM
It's not so much that as the original quesiton was one line lacking
context. If you had tossed in Auditors and why you were asking
originally then i twould have made more sense.
On Thu, Jan 26, 2012 at 6:51 AM, itli...@imcu.com itli
of the logs while in transit and at rest.
Blah Blah Blah.
Thanks. Anyone have a good SIEM product or appliance they use? I am
looking at LogRythm or SPLUNK???
** **
*From:* Erik Goldoff [mailto:egold...@gmail.com]
*Posted At:* Wednesday, January 25, 2012 3:42 PM
*Posted To:* itli
To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* Re: FW: SIEM
** **
It's not so much that as the original quesiton was one line lacking
context. If you had tossed in Auditors and why you were asking originally
then i twould have made more sense.
On Thu, Jan 26, 2012 at 6:51
was called it Log monitoring and
management. #2 They are keying of the RSA log hacking to enforce the
encryption of the logs while in transit and at rest.
Blah Blah Blah.
Thanks. Anyone have a good SIEM product or appliance they use? I am
looking at LogRythm or SPLUNK
Subject: RE: FW: SIEM
I am not sure either since syslog messaging is on a UDP port 514 and is clear
text in transit???
h curiouser and curiouser
From: Michael B. Smith
[mailto:mich...@smithcons.com]mailto:[mailto:mich...@smithcons.com]
Posted At: Thursday, January 26, 2012 9:43 AM
Posted
, Jan 25, 2012 at 2:14 PM, itli...@imcu.com itli...@imcu.com wrote:
** **
** **
This is new to me. What is SIEM and what do I do with it?
** **
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
:
** **
** **
This is new to me. What is SIEM and what do I do with it?
** **
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read
Subject: FW: SIEM
This is new to me. What is SIEM and what do I do with it?
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums
Conversation: FW: SIEM
Subject: Re: FW: SIEM
You've got some fun auditors.
Google will help you here. (Understanding of the category, rather than
selection of the tool)
Why aren't you asking the auditors these questions?
ASB
http://XeeMe.com/AndrewBaker
Harnessing the Advantages
Security Event Information Management ... security event log/alerting ?
On Wed, Jan 25, 2012 at 2:14 PM, itli...@imcu.com itli...@imcu.com wrote:
** **
** **
This is new to me. What is SIEM and what do I do with it?
** **
~ Finally, powerful endpoint security that ISN'T a resource
Security Information and Event Management. You could try OSSIM by
Alienvault.
Op 25 jan. 2012 20:35 schreef itli...@imcu.com itli...@imcu.com het
volgende:
** **
** **
This is new to me. What is SIEM and what do I do with it?
** **
~ Finally, powerful endpoint security that ISN'T
PM
*Posted To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* Re: FW: SIEM
** **
You've got some fun auditors.
** **
Google will help you here. (Understanding of the category, rather than
selection of the tool)
** **
Why aren't you asking the auditors
That was some impressive restraint Steven, s close to LMGTFY but yet, not
quite!
From: Steven Peck [mailto:sep...@gmail.com]
Sent: Wednesday, January 25, 2012 11:42 AM
To: NT System Admin Issues
Subject: Re: FW: SIEM
I would imagine you put the anacronym in the search engine of your choice
Those people are simply checking off boxes on a form.
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: itli...@imcu.com [mailto:itli...@imcu.com]
Sent: Wednesday, January 25, 2012 3:21 PM
To: NT System Admin Issues
Subject: RE: FW: SIEM
So far
]
*Posted At:* Wednesday, January 25, 2012 2:36 PM
*Posted To:* itli...@imcu.com
*Conversation:* FW: SIEM
*Subject:* Re: FW: SIEM
** **
You've got some fun auditors.
** **
Google will help you here. (Understanding of the category, rather than
selection of the tool
Start here, and see how far down the rabbit hole goes:
http://en.wikipedia.org/wiki/Siem
On Wed, Jan 25, 2012 at 11:14, itli...@imcu.com itli...@imcu.com wrote:
This is new to me. What is SIEM and what do I do with it?
~ Finally, powerful endpoint security that ISN'T a resource hog
Yeah, I would say Splunk would need to be on that shortlist a well.
Stu
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Thursday, November 10, 2011 12:04 AM
To: NT System Admin Issues
Subject: Re: SIEM solutions
I've played with Nitro a little bit, and I'm familiar with LogRythm
]
Sent: Wednesday, November 09, 2011 1:35 PM
To: NT System Admin Issues
Subject: SIEM solutions
We are looking at some SIEM (Security Information and Event Management)
solutions and are looking at products from the following vendors - does
anyone here have a SIEM solution or experience and have
Issues
Subject: RE: SIEM solutions
How big is the environment? What is the scope of devices?
SEIMs are designed to take logs from multiple sources, do log
collection/analysis, event correlation/alerting. Something like SCOM isn't
designed for that, and ACS does Windows only (AFAIK). How about
For log aggregation and alerting, wouldn't a syslogger do it?
From: David Lum [mailto:david@nwea.org]
Sent: Thursday, November 10, 2011 7:50 AM
To: NT System Admin Issues
Subject: RE: SIEM solutions
Three physical locations, hundreds of devices and I don't know how many
different types
Might want to take a look at AlienVault's offerings. They offer a
pay-for SIEM, (http://www.alienvault.com/) and a community version
called OSSIM (http://www.alienvault.com/community)
Haven't had the time to work with OSSIM, but working with a free
version will either fill your needs, or allow
What about http://www.manageengine.com/it-compliance-suite.html
We are interested in from ITIL, ip monitor, AD perspective
On Thu, Nov 10, 2011 at 7:34 AM, David Lum david@nwea.org wrote:
We are looking at some SIEM (Security Information and Event Management)
solutions and are looking
November 2011 9:50 PM
To: NT System Admin Issues
Subject: RE: SIEM solutions
Three physical locations, hundreds of devices and I don't know how many
different types of sources, but a lot. Web servers, app servers, DB's, routers,
switches, etc.
Thanks,
Dave
From: Ken Schaefer
[mailto:k
RSA? Given their recent history, I'd be asking them some very tough
questions, like 'Was your own product protecting you when you were
hacked?' and 'If not, why not, and if it was, well, WTF, over?'
On Wed, Nov 9, 2011 at 10:34, David Lum david@nwea.org wrote:
We are looking at some SIEM
://TheEssentialExchange.com
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 09, 2011 1:35 PM
To: NT System Admin Issues
Subject: SIEM solutions
We are looking at some SIEM (Security Information and Event Management)
solutions and are looking at products from the following vendors - does
on this
project.
The vendor list I sent out was narrowed down from a bigger selection. I was
simply looking for anyone who has deployed or evaluated SIEM products from the
listed vendors is all.
Dave
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, November 09, 2011 10:44 AM
selection. I
was simply looking for anyone who has deployed or evaluated SIEM products
from the listed vendors is all.
** **
Dave
** **
*From:* Michael B. Smith [mailto:mich...@smithcons.com]
*Sent:* Wednesday, November 09, 2011 10:44 AM
*To:* NT System Admin Issues
*Subject:* RE
Aye aye. I misunderstood
goes back to work now
Regards,
Michael B. Smith
Consultant and Exchange MVP
http://TheEssentialExchange.com
From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, November 09, 2011 1:55 PM
To: NT System Admin Issues
Subject: RE: SIEM solutions
For me, it's
Cheers
Ken
From: James Rankin [mailto:kz2...@googlemail.com]
Sent: Thursday, 10 November 2011 3:07 AM
To: NT System Admin Issues
Subject: Re: SIEM solutions
System Center Operations Manager with Audit Collection Services can do all this
and more, if I am getting the gist of your requirements
I've played with Nitro a little bit, and I'm familiar with LogRythm,
although I've never deployed it.
Also consider TriGeo, Splunk Enterprise, and
http://alienvault.com/products/unified-siem/siem
This is not a cheap category of product...
* *
*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing
Thanks, will check out Nitro.
-mb
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, March 16, 2011 9:10 AM
To: NT System Admin Issues
Subject: Re: SIEM
I've heard really good things about Nitro as well
http://www.nitrosecurity.com/
ASB (Find me online via About.Mehttp
| 7: 812.471.9866 | *: cweatherf...@scvl.com
From: Matthew Bullock [mailto:mbull...@root9.com]
Sent: Monday, March 14, 2011 15:29
To: NT System Admin Issues
Subject: RE: SIEM
Just the general splunk product.
Trustwave is the PCI auditor and they were trying to sell us their
appliance
11:43 AM
To: NT System Admin Issues
Subject: RE: SIEM
We have MARS...but rumor is its days are numbered. Not to mention you
cannot get details or customize alerts.
I just finished implementing TriGeo. So far I really like it and support
is great!
Chad Weatherford | Network/Security
:* RE: SIEM
Just the general splunk product.
Trustwave is the PCI auditor and they were trying to sell us their
appliance during the last audit. One requirement for us is that the product
be available as a software virtual appliance, so I’ll check on their
offering again.
I’ll also
/Security Administrator | *Shoe Carnival,
Inc. **| *(:812.867.8314 | 7: 812.471.9866 | *: *cweatherf...@scvl.com*
*From:* Matthew Bullock [mailto:mbull...@root9.com]
*Sent:* Monday, March 14, 2011 15:29
*To:* NT System Admin Issues
*Subject:* RE: SIEM
Just the general splunk product
Administrator | *Shoe Carnival,
Inc. **| *(: 812.867.8314 812.867.8314812.867.8314 | 7:
812.471.9866 812.471.9866812.471.9866 | *: *cweatherf...@scvl.com*
*From:* Matthew Bullock [mailto:mbull...@root9.com]
*Sent:* Monday, March 14, 2011 15:29
*To:* NT System Admin Issues
*Subject:* RE: SIEM
: RE: SIEM
What a coincidence! One of our servers was just chocking on the TriGeo
agent. I've only been at this company a few months and just heard about
this. I haven't looked into this yet, but apparently the TG agent will
consume the CPU every once in awhile. Have you witnessed this in your
Does anyone have any experience/opinions with implementing SIEM or logging
solutions? Right now, we're looking mainly at Accelops, Log Logic and Log
Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I would
love to hear anyone's thoughts on these or any other solutions
14, 2011 at 12:33 PM, Matthew Bullock mbull...@root9.comwrote:
Does anyone have any experience/opinions with implementing SIEM or logging
solutions? Right now, we’re looking mainly at Accelops, Log Logic and Log
Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I
would
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, March 14, 2011 9:40 AM
To: NT System Admin Issues
Subject: Re: SIEM
Other options include:
* http://www.trigeo.com/
* http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z
What devices will you be tracking?
ASB (Find
for
Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL,
IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog.
-matt
*From:* Andrew S. Baker [mailto:asbz...@gmail.com]
*Sent:* Monday, March 14, 2011 9:40 AM
*To:* NT System Admin Issues
*Subject:* Re: SIEM
.
From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Monday, March 14, 2011 10:59 AM
To: NT System Admin Issues
Subject: Re: SIEM
Did you look at the security product, or just the general Splunk product?
Also look at TrustWave.
Lastly, SC Magazine is one of the best sources for useful reviews
Hello all!
We are currently using GFI EventsManager for our event management but we
are now looking to expand the monitoring to 300+ locations with
everything coming back to HQ. This led us to look at other products and
I was wondering if any of you may be using these could tell me what you
We are currently going through a similar exercise.
We have Arcsight now. It is a bear to manage. They even told us if we went
above the Express product, we would need to hire a full time administrator.
Looked at enVision. I talked to a large user reference and they said while
it does it's
Take a look at the following:
- http://www.trigeo.com/
- http://www.loglogic.com
- http://www.eeye.com/Products/Retina/REM.aspx
*ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker
*Exploiting Technology for Business Advantage...*
* *
On Fri, Nov 5, 2010 at 2:39 PM, Weatherford,
72 matches
Mail list logo
