I've heard really good things about Nitro as well http://www.nitrosecurity.com/
*ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) *Exploiting Technology for Business Advantage... * On Wed, Mar 16, 2011 at 11:57 AM, Rob Bonfiglio <[email protected]>wrote: > We went with Nitro for our new data center as well. I was not part of the > eval process for that though, so I can't really answer too many questions > about it. > > > On Wed, Mar 16, 2011 at 11:48 AM, Kevin Lundy <[email protected]> wrote: > >> I do believe MARS is on life support. >> >> We evaluated Nitro Security appliances (FIPS certified), along with >> Splunk, Arcsight and one other whose name is escaping me. We liked Splunk's >> "search for IT" perspective, but didn't like having to build all the rules >> and alerts from scratch. Once I get funding, I will likely go with Nitro. >> >> On Wed, Mar 16, 2011 at 11:42 AM, Weatherford, Chad < >> [email protected]> wrote: >> >>> We have MARS…but rumor is its days are numbered. Not to mention you >>> cannot get details or customize alerts. >>> >>> >>> >>> I just finished implementing TriGeo. So far I really like it and support >>> is great! >>> >>> >>> >>> >>> >>> >>> >>> *Chad Weatherford* | Network/Security Administrator | *Shoe Carnival, >>> Inc. **| *(: <812.867.8314> <812.867.8314>812.867.8314 | 7: >>> <812.471.9866> <812.471.9866>812.471.9866 | *: *[email protected]* >>> >>> >>> >>> *From:* Matthew Bullock [mailto:[email protected]] >>> *Sent:* Monday, March 14, 2011 15:29 >>> >>> *To:* NT System Admin Issues >>> *Subject:* RE: SIEM >>> >>> >>> >>> Just the general splunk product. >>> >>> >>> >>> Trustwave is the PCI auditor and they were trying to sell us their >>> appliance during the last audit. One requirement for us is that the product >>> be available as a software virtual appliance, so I’ll check on their >>> offering again. >>> >>> >>> >>> I’ll also dig around SC, thanks. >>> >>> >>> >>> *From:* Andrew S. Baker [mailto:[email protected]] >>> *Sent:* Monday, March 14, 2011 10:59 AM >>> *To:* NT System Admin Issues >>> *Subject:* Re: SIEM >>> >>> >>> >>> Did you look at the security product, or just the general Splunk product? >>> >>> >>> >>> Also look at TrustWave. >>> >>> >>> >>> Lastly, SC Magazine is one of the best sources for useful reviews on this >>> category of products. They are thorough in their review methodology. >>> >>> >>> >>> *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) >>> >>> *Exploiting Technology for Business Advantage...** >>> * >>> * * >>> >>> >>> >>> On Mon, Mar 14, 2011 at 1:20 PM, Matthew Bullock <[email protected]> >>> wrote: >>> >>> I took a look at Splunk 6 months ago, but decided it was a bit raw and >>> didn’t have enough built-in reports. I’d like to see native support for >>> Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL, >>> IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog. >>> >>> >>> >>> -matt >>> >>> >>> >>> *From:* Andrew S. Baker [mailto:[email protected]] >>> *Sent:* Monday, March 14, 2011 9:40 AM >>> *To:* NT System Admin Issues >>> *Subject:* Re: SIEM >>> >>> >>> >>> Other options include: >>> >>> - http://www.trigeo.com/ >>> - http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z >>> >>> >>> >>> What devices will you be tracking? >>> >>> >>> >>> *ASB *(Find me online via About.Me <http://about.me/Andrew.S.Baker/bio>) >>> >>> *Exploiting Technology for Business Advantage...** >>> * >>> * * >>> >>> >>> >>> On Mon, Mar 14, 2011 at 12:33 PM, Matthew Bullock <[email protected]> >>> wrote: >>> >>> Does anyone have any experience/opinions with implementing SIEM or >>> logging solutions? Right now, we’re looking mainly at Accelops, Log Logic >>> and Log Rhythm, as well as an upgrade to our existing Cisco MARS appliance >>> and I would love to hear anyone’s thoughts on these or any other solutions >>> worth looking into. >>> >>> >>> >>> Thanks, >>> >>> >>> >>> -matt >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
