Educause Security Discussion mailing list archives
Re: SIEM Solution Recommendation
From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Wed, 26 Oct 2011 11:52:50 -0700
I've been relatively content while being in denial about the McAfee take over, but it isn't helping with folks bringing it up! :) I've heard two stories: the first is that McAfee will leave them alone and keep them as an independent company. The second is that there will be some sort of integration with e-Policy. I feel reasonably confident that McAfee will more or less leave them alone, and that while the SIEM may end up working well with e-Policy, they will be kept separate. One issue to consider is that just about every SIEM has been purchased by someone. My greatest fear is proprietary lock-down of sorts: a SIEM isn't worth much if it isn't highly adaptable to very diverse environments. The SIEM story overall, I think, has quite a bit yet to be written: they've emerged from being nascent technologies that are something that can be very useful, but now that they are becoming more mainstream with these acquisitions, how they will the major vendors handle them? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Director of Client Services (Acting) & Information Security Officer Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Burton, Abigail F Sent: Wednesday, October 26, 2011 9:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIEM Solution Recommendation Thanks to everyone’s response so far. Please keep them coming. Under the same note, as Chip mentioned, there is a concern on acquisitions just in general. How will McAfee’s acquisition of NitroSecurity affect the current product particularly with support, application integration and their “new” roadmap. It feels like we are in limbo to a certain degree as we move forward with other acquisitions within the SIEM market like IBM acquiring Q1 labs and Novell acquired NetIQ. I will admit that it is hard to “shop” for a solid system that will address the institution’s requirements but it is especially harder to justify the cost to your stakeholders, declaring ROI and knowing that there is a higher risk of flat results based on the how volatile the market shift is at this point. abby From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, Chip Sent: Wednesday, October 26, 2011 11:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIEM Solution Recommendation Are there any specific concerns or thoughts about the acquisition by McAfee of NitroSecurity? We are looking into different SIEM Solutions as well and was wonder what you may have heard as a customer. Chip From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mayne, Jim Sent: Wednesday, October 26, 2011 12:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIEM Solution Recommendation TCU also uses NitroSecurity and we are happy with it. Jim From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter Caldwell Sent: Wednesday, October 26, 2011 10:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIEM Solution Recommendation I'll second that for NitroSecurity. Dexter Caldwell Dir. Systems & Networks Information Technology Services Furman University 3300 Poinsett Hwy Greenville, SC 29613 email: dexter.caldwell () furman edu office: 864-294-3566 facsimile: 864-294.3001 The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes: Abigail, We've had some good successes from our Nitrosecurity product over the last several years. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Basgen Director of Client Services (Acting) & Information Security Officer Pima Community College Office: 520-206-4873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Burton, Abigail F Sent: Wednesday, October 26, 2011 8:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] SIEM Solution Recommendation Greetings All: We are in the process of doing dog and pony shows for SIEM solutions and I would like to get a general perspective of what you have experienced in-house and those that belong in the out-house :-) We are looking at: ArcSight RSA NitroSecurity NetIQ to just name a few. Any thoughts would be very helpful. Please feel free to contact me directly. Best regards, -- Abigail Burton Sr. Information Security Analyst Enterprise IT Security and Compliance Baylor College Of Medicine http://www.bcm.edu Voice: 713.798.4559 afburton () bcm edu Main: 713.798.3900 itsc () bcm edu Fax: 713.798.1205 This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication may contain material that is privileged and legally protected from disclosure by federal law, including the Health Insurance Portability and Accountability Act (HIPAA). If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, please immediately notify the sender and delete this message. ________________________________________ Information Services (including the HelpDesk) will NEVER ask for your password or other personal data via email. Messages requesting such details are fraudulent. DELETE THEM WITHOUT REPLY.
Current thread:
- are you getting spam from "Ray" Bob Bayn (Oct 26)
- Re: are you getting spam from "Ray" Seth Aronson (Oct 26)
- Re: are you getting spam from "Ray" Bob Bayn (Oct 26)
- Re: are you getting spam from "Ray" Tim Faircloth (Oct 26)
- SIEM Solution Recommendation Burton, Abigail F (Oct 26)
- Re: SIEM Solution Recommendation Basgen, Brian (Oct 26)
- Re: SIEM Solution Recommendation Dexter Caldwell (Oct 26)
- Re: SIEM Solution Recommendation Mayne, Jim (Oct 26)
- Re: SIEM Solution Recommendation Greene, Chip (Oct 26)
- Re: SIEM Solution Recommendation Burton, Abigail F (Oct 26)
- Re: SIEM Solution Recommendation Basgen, Brian (Oct 26)
- Re: SIEM Solution Recommendation David Escalante (Oct 26)
- Re: SIEM Solution Recommendation Greene, Chip (Oct 26)
- Re: SIEM Solution Recommendation Brad Judy (Oct 27)
- Re: SIEM Solution Recommendation Burton, Abigail F (Oct 27)
- Re: are you getting spam from "Ray" Bob Bayn (Oct 26)
- Re: are you getting spam from "Ray" Seth Aronson (Oct 26)
- Re: SIEM Solution Recommendation Mike Lococo (Oct 26)
- Re: SIEM Solution Recommendation Everett, Alex D (Oct 26)
- Re: SIEM Solution Recommendation King, Ronald A. (Oct 26)
- Re: SIEM Solution Recommendation Will Froning (Oct 29)
- Re: SIEM Solution Recommendation John Kaftan (Oct 30)
- Re: SIEM Solution Recommendation Basgen, Brian (Oct 30)