Thanks, will check out Nitro. -mb From: Andrew S. Baker [mailto:[email protected]] Sent: Wednesday, March 16, 2011 9:10 AM To: NT System Admin Issues Subject: Re: SIEM
I've heard really good things about Nitro as well http://www.nitrosecurity.com/ ASB (Find me online via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Wed, Mar 16, 2011 at 11:57 AM, Rob Bonfiglio <[email protected]<mailto:[email protected]>> wrote: We went with Nitro for our new data center as well. I was not part of the eval process for that though, so I can't really answer too many questions about it. On Wed, Mar 16, 2011 at 11:48 AM, Kevin Lundy <[email protected]<mailto:[email protected]>> wrote: I do believe MARS is on life support. We evaluated Nitro Security appliances (FIPS certified), along with Splunk, Arcsight and one other whose name is escaping me. We liked Splunk's "search for IT" perspective, but didn't like having to build all the rules and alerts from scratch. Once I get funding, I will likely go with Nitro. On Wed, Mar 16, 2011 at 11:42 AM, Weatherford, Chad <[email protected]<mailto:[email protected]>> wrote: We have MARS...but rumor is its days are numbered. Not to mention you cannot get details or customize alerts. I just finished implementing TriGeo. So far I really like it and support is great! Chad Weatherford | Network/Security Administrator | Shoe Carnival, Inc. | *:812.867.8314<tel:812.867.8314> | 7: 812.471.9866<tel:812.471.9866> | *: [email protected]<mailto:[email protected]> From: Matthew Bullock [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, March 14, 2011 15:29 To: NT System Admin Issues Subject: RE: SIEM Just the general splunk product. Trustwave is the PCI auditor and they were trying to sell us their appliance during the last audit. One requirement for us is that the product be available as a software virtual appliance, so I'll check on their offering again. I'll also dig around SC, thanks. From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, March 14, 2011 10:59 AM To: NT System Admin Issues Subject: Re: SIEM Did you look at the security product, or just the general Splunk product? Also look at TrustWave. Lastly, SC Magazine is one of the best sources for useful reviews on this category of products. They are thorough in their review methodology. ASB (Find me online via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Mon, Mar 14, 2011 at 1:20 PM, Matthew Bullock <[email protected]<mailto:[email protected]>> wrote: I took a look at Splunk 6 months ago, but decided it was a bit raw and didn't have enough built-in reports. I'd like to see native support for Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL, IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog. -matt From: Andrew S. Baker [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, March 14, 2011 9:40 AM To: NT System Admin Issues Subject: Re: SIEM Other options include: * http://www.trigeo.com/ * http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z What devices will you be tracking? ASB (Find me online via About.Me<http://about.me/Andrew.S.Baker/bio>) Exploiting Technology for Business Advantage... On Mon, Mar 14, 2011 at 12:33 PM, Matthew Bullock <[email protected]<mailto:[email protected]>> wrote: Does anyone have any experience/opinions with implementing SIEM or logging solutions? Right now, we're looking mainly at Accelops, Log Logic and Log Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I would love to hear anyone's thoughts on these or any other solutions worth looking into. Thanks, -matt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
