SIM/SIM-like usage poll

[Brian Smith-Sweeney <bsmithsweeney () NYU EDU>]

Greetings all,

I apologize to those that get this twice, as I'm cross-posting Unisog
and Educause.

I know this was mentioned briefly on Unisog recently, but I'd like to
take a quick poll of the group to find out who's using a SIM product
right now.  We're just starting to look at SIMs, but so far I've seen
two open-source solutions (OSSIM and OPENSIM) and some commercial
products as well (ArcSight,NetForensics,OPEN,NetMon2, Cisco) that seem
promising.   My questions are:

1) What, if any, SIM are you using, and would you recommend it?
2) Are you using it to handle incidents all across the network, just
monitor core systems, or some other subset of your network security
infrastructure?
3) What was the biggest draw to the solution you're using?

Any other thoughts, experiences, etc. are certainly appreciated.
Please send replies to any or all of the above off-list to
bsmithsweeney () nyu edu, and I'll summarize the results and post.

Cheers,
Brian

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney      Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney () nyu edu
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.