Re: SIEM Solution Recommendation

["Basgen, Brian" <bbasgen () PIMA EDU>]

 I've been relatively content while being in denial about the McAfee take over, but it isn't helping with folks 
bringing it up! :)

 I've heard two stories: the first is that McAfee will leave them alone and keep them as an independent company. The 
second is that there will be some sort of integration with e-Policy. I feel reasonably confident that McAfee will more 
or less leave them alone, and that while the SIEM may end up working well with e-Policy, they will be kept separate. 

 One issue to consider is that just about every SIEM has been purchased by someone. My  greatest fear is proprietary 
lock-down of sorts: a SIEM isn't worth much if it isn't highly adaptable to very diverse environments.  The SIEM story 
overall, I think, has quite a bit yet to be written: they've emerged from being nascent technologies that are something 
that can be very useful, but now that they are becoming more mainstream with these acquisitions, how they will the 
major vendors handle them? 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Basgen
Director of Client Services (Acting)
& Information Security Officer
Pima Community College
Office: 520-206-4873
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Burton, 
Abigail F
Sent: Wednesday, October 26, 2011 9:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

Thanks to everyone’s response so far. Please keep them coming.
Under the same note, as Chip mentioned, there is a concern on acquisitions just in general. How will  McAfee’s 
acquisition of NitroSecurity affect the current product particularly with support, application integration and their 
“new” roadmap. It feels like we are in limbo to a certain degree as we move forward with other acquisitions within the 
SIEM market like IBM acquiring Q1 labs and Novell acquired NetIQ. I will admit that it is hard to “shop” for a solid 
system that will address the institution’s requirements but it is especially harder to justify the cost to your 
stakeholders, declaring ROI and knowing that there is a higher risk of flat results based on the how volatile the 
market shift is at this point. 
abby

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, 
Chip
Sent: Wednesday, October 26, 2011 11:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

Are there any specific concerns or thoughts about the acquisition by McAfee of NitroSecurity?  We are looking into 
different SIEM Solutions as well and was wonder what you may have heard as a customer.
Chip

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mayne, 
Jim
Sent: Wednesday, October 26, 2011 12:05 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation
TCU also uses NitroSecurity and we are happy with it.
Jim
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter 
Caldwell
Sent: Wednesday, October 26, 2011 10:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

I'll second that for NitroSecurity.

Dexter Caldwell
Dir. Systems & Networks
Information Technology Services
Furman University
3300 Poinsett Hwy
Greenville, SC 29613
email: dexter.caldwell () furman edu
office: 864-294-3566
facsimile: 864-294.3001
The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
Abigail,

We've had some good successes from our Nitrosecurity product over the last several years. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Basgen
Director of Client Services (Acting)
& Information Security Officer
Pima Community College
Office: 520-206-4873
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Burton, 
Abigail F
Sent: Wednesday, October 26, 2011 8:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] SIEM Solution Recommendation

Greetings All:

We are in the process of doing dog and pony shows for SIEM solutions and I would like to get a general perspective of 
what you have experienced in-house and those that belong in the out-house :-) 

We are looking at:
ArcSight
RSA
NitroSecurity
NetIQ

to just name a few. Any thoughts would be very helpful. Please feel free to contact me directly.

Best regards,
--
Abigail Burton
Sr. Information Security Analyst
Enterprise IT Security and Compliance
Baylor College Of Medicine
http://www.bcm.edu
Voice: 713.798.4559     afburton () bcm edu
Main:  713.798.3900     itsc () bcm edu
Fax:   713.798.1205
This email and any files transmitted with it are confidential and are intended solely for the use of the individual or 
entity to which they are addressed.  
This communication may contain material that is privileged and legally protected from disclosure by federal law, 
including the Health Insurance Portability and Accountability Act (HIPAA).  If you are not the intended recipient or 
the person responsible for delivering the email to the intended recipient, be advised that you have received this email 
in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited.  
If you have received this email in error, please immediately notify the sender and delete this message.


________________________________________
Information Services (including the HelpDesk) will NEVER ask for your password or other personal data via email. 
Messages requesting such details are fraudulent. DELETE THEM WITHOUT REPLY.