Educause Security Discussion mailing list archives
Re: SIM/SIEM sample RFP
From: Wes Young <wcyoung () BUFFALO EDU>
Date: Tue, 4 Sep 2007 15:05:03 -0400
On Tue, 2007-09-04 at 13:43 -0500, Youngquist, Jason R. wrote:
Does anyone have a SIM/SEIM sample RFP or recommendations on SIMs? We are looking for SIM products similar to Cisco MARS and Q1 Radar. The SIM needs to be cost effective, able to collect log data from multiple sources, correlate it, look for abnormal behavior, take automatic/manual action against malicious activity, and generate detailed and summarized reports for management.
We did an in-house, week long eval ~2 years or so ago. Top two were Arcsight (www.arcsight.com) and Cisco MARS. MARS (IMO) didn't even come close to what ArcSight provided. -- Wes Young Network Security Analyst University at Buffalo ----------------------------------------------- | my OpenID: | http://tinyurl.com/2zu2d3 | -----------------------------------------------
Current thread:
- SIM/SIEM sample RFP Youngquist, Jason R. (Sep 04)
- <Possible follow-ups>
- Re: SIM/SIEM sample RFP Wes Young (Sep 04)
- Re: SIM/SIEM sample RFP Harris, Michael C. (Sep 04)
- Re: SIM/SIEM sample RFP Greg Vickers (Sep 06)