Re: NitroSecurity SIEM platform

[Paul Keser <pkeser () STANFORD EDU>]

Eric-

I would love a copy of your methodology and your findings.

-PaulK

Paul Keser
Assoc. Information Security Officer
Stanford University
650.724.9051
GPG Fingerprint:  DBA3 E20F CE91 28AA DA1C  4A77 3BD9 C82D 2699 24FB

Erik Decker wrote:
> Howdy!
>
>
> Loyola University Chicago recently went through an involved RFP and
> evaluation process on SIEM.  We looked at 4 competitors:  RSA, Novell,
> NitroSecurity and QRadar.  In the end, NitroSecurity won.  In fact, the
> boxes just shipped to us yesterday.
>
>
> It was certainly not an easy choice.  All of the vendors had their own
> 'spin' on SIEM that was impressive.  In the end, however, NItroSecurity
> won Loyola's business based on the following criteria:  Upfront cost,
> long term cost (the won here hands down), functionality, overhead,
> management, product development and vendor relations.
>
>
> My analysis went over a span of several months.  It included scoring RFP
> responses, vendor meetings, cost negotiations, training negotiations,
> enterprise architecture, technical resource 'draw' and "fit" for the
> culture.  It's hard to say that on SIEM is better than any other.  I can
> say, however, that I was in the exact same comparison between RSA and
> Nitro and struggled with the same choice.  They are both very good
> products, and I would be proud to maintain either of them.  However, due
> to the size of Loyola and the deployment plan for an enterprise
> installation, RSA was extremely expensive.
>
>
> I will put in one other plug about NitroSecurity - everyone in their
> organization, including their leadership, is very involved with their
> customers.  That means a lot to us.  At one point during our product
> demo we had the CEO, VP of Sales and VP of Engineering on the phone.  We
> didn't get that kind of attention from RSA. :)
>
>
> Hope that helps!  Again, if you would like to see our methodology I
> could throw it out to you off-list.  I'm pretty proud of it.
>
>
> Thanks,
>
>
>
>
>
> ----
>
> Erik Decker
>
> Security Administrator
>
> Information Technology Services
>
>  >>> Anand S Malwade <Anand.Malwade () SHU EDU> 07/24/09 10:26 AM >>>
>
>
> Hi,
>
>
> Curious to know if other Universities have deployed or compared RSA
> Envision to Nitro or other SIEM solutions.
>
>
> Thanks,
>
>
> Anand
>
>
>
>
>
> Anand Malwade,
>
>
> Information Security Officer,
>
>
> Seton Hall University,
>
>
> Anand.Malwade () shu edu
>
>
> 973 275 2209
>
>
>
>
>
>
>
>
>
>
>
> From:
>
> The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Dexter Caldwell
> *Sent:* Friday, July 24, 2009 11:23 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] NitroSecurity SIEM platform
>
>
>
>
> Hi Charles,
>
>
>         We use the NitroSecurity SIEM. We recently purchased and have
> been using it for a few short months now.   I had the same impression as
> you did from the demo and after a vigorous eval we decided it was the
> best system for our needs.  Those needs centered around the
> following:  analysis capabilities, 3rd party platform logging support,
> scalabillity, performance, technical support, storage, short-term value
> ($$$) and long-term dollar cost, management overhead, and possible
> integration with other tools we have or might be looking to in the
> future .  We evaluated a few other products all of which had their
> strenghths, weaknesses, but NitroSecurity came out on top for us.  If
> you'd like details I feel free to contact me off-list.
>
>
>
>
> Thanks,
>
>
>
>
> Dexter Caldwell
>
>
> Information Security Administrator
>
>
> Computing & Information Services
>
>
> Furman University
>
>
> 3300 Poinsett Hwy
>
>
> Greenville, SC 29613
>
>
> email: dexter.caldwell () furman edu <mailto:dexter.caldwell () furman edu>
>
>
> office: 864-294-3566
>
>
> facsimile: 864-294.3001
>
>
>
>
> The EDUCAUSE Security Constituent Group Listserv
> <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
> writes:
>
>
> Does anyone on this list use the NitroSecurity SIEM platform who would
> care to share their experiences? We saw a demo of it yesterday, and to
> say the least, I was impressed. It appears to be far beyond what our
> current solution is capable of in terms of speed and functionality, but
> of course the proof is in the pudding, so to speak.
>
>
>
>
> Thanks,
>
>
>
>
> Charlie
>
>
> ------------------------------------------------------------------------
>
>
> Charles A. Seitz
>
>
> Senior Security Analyst
>
>
> University of Tennessee Information Security Office
>
>
> Martin Campus
>
>
> cseitz () tennessee edu
>
>
> (731) 881-7966