Re: SIEM Solution Recommendation

[Brad Judy <win-hied () BRADJUDY COM>]

A vendor calling you in response to a list posting is a violation of the
Educause list participation rules:

 

"Please note that unsolicited commercial communications to constituent group
participants as a result of postings to a Constituent or Discussion list
violate the promotional messages and advertising provisions of these
guidelines and may result in the loss of access to the listserv in
question."

 

I recommend anyone report such contacts to security-council () educause edu to
keep the vendors in check.  

 

Brad Judy

 

Emory University

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, Chip
Sent: Wednesday, October 26, 2011 6:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

 

Thanks David.  We should also bear in mind that some vendors could be
monitoring these discussions.  I have already received a phone call from a
vendor mentioned in this email chain wondering if we had any projects.
Ironic.......

 

  _____  

From: The EDUCAUSE Security Constituent Group Listserv
[SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Escalante
[david.escalante () BC EDU]
Sent: Wednesday, October 26, 2011 5:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

It depends upon what you're getting them for.  I don't view them as
interchangeable solutions, and they cost a lot of money, plus the monitoring
one does once they're installed.  Can you share more detailed requirements
as to what the SIEM is expected to do, how big an environment it has to
scale to, what number of FTEs you intend to have tend it once installed,
etc...? 

 

Also, people replying to this message should bear in mind that this mailing
list is archived and made available to the entire Internet essentially
forever, so endorsements or disparagements of specific products will be
public for a long time, and when you say "we use X at school Y" that is also
available to any bad guy trying to penetrate you assuming they do some
research on Google on hit upon any information your message(s) reveal in
this mailing list....

--

David Escalante

Boston College

 

We are in the process of doing dog and pony shows for SIEM solutions and I
would like to get a general perspective of what you have experienced
in-house and those that belong in the out-house :-)

 

We are looking at:

ArcSight

RSA

NitroSecurity

NetIQ

 

to just name a few. Any thoughts would be very helpful. Please feel free to
contact me directly.

 

 

  _____  

Information Services (including the HelpDesk) will NEVER ask for your
password or other personal data via email. Messages requesting such details
are fraudulent. DELETE THEM WITHOUT REPLY.