Splunk is powerful, but hideously expensive. Start by looking at AlienVault or TriGeo... I was a fan of NitroSecurity, but now that they've been purchased by McCrappy, expect deterioration and needless complexity and high cost to become major factors.
Encryption of everything causes significant burdens, many of which can only be *eased* by money. You're going to need really good key management, or else the whole system will be burdensome and yet easily undermined. Just make sure you log data is being saved to a location that has very limited access by anyone else, and lock it down. Or, price out encryption to the fullest and have your management team faint. Then, show them this thread and get them to manage their risks in a more balanced way. * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Jan 26, 2012 at 9:12 AM, [email protected] <[email protected]> wrote: > I do that with my Kiwi Syslog software, Routers, Switches, Firewalls, > Windows NT events, Printer events, and IP camera logs but that wasn't good > enough because it doesn't encrypt the logs as well.**** > > #1 I hadn't heard that term before. I was called it Log monitoring and > management. #2 They are keying of the RSA log hacking to enforce the > encryption of the logs while in transit and at rest.**** > > Blah Blah Blah.**** > > Thanks. Anyone have a good SIEM product or appliance they use? I am > looking at LogRythm or SPLUNK???**** > > ** ** > > *From:* Erik Goldoff [mailto:[email protected]] > *Posted At:* Wednesday, January 25, 2012 3:42 PM > > *Posted To:* [email protected] > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM**** > > ** ** > > Security Event Information Management ... security event log/alerting ?*** > * > > On Wed, Jan 25, 2012 at 2:14 PM, [email protected] <[email protected]> > wrote:**** > > **** > > **** > > This is new to me. What is SIEM and what do I do with it?**** > > **** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
