Educause Security Discussion mailing list archives

Re: SIEM preferences for the budget conscious institution

From: Christopher Caldwell <caldwell () GWU EDU>
Date: Fri, 27 Jan 2017 13:51:19 -0500

Rob,

Have you looked into an all-in-one solution? We are in the middle of a multi-year budget crisis and with Splunk we have 
not only sustained, but expanded our investment. It fulfills multiple roles (SEIM, ITSA, BI, etc) at a much lower TCO 
than any other solution that we have looked at. With a judicious use of Puppet to manage the Splunk infrastructure, I 
(1 person) manage three clusters (including one multi-site), totaling 12 indexers, 11 search heads, nearly 500 
forwarders (both co-located and “syslog servers”) and 4TB of data by myself.  Splunk strikes some people as expensive, 
but seeing recent quotes just for our FireEye subscription puts that into perspective for the value it provides. I’m 
hoping to kill off our buy into Tableau and other 3rd party BI products in the future as duplicative efforts.

On Jan 27, 2017, at 11:52 AM, Rob Milman <rob.milman () SAIT CA> wrote:

Hi everyone,

I have the approval to bring a SIEM into our institution and was hoping the community could provide me with insight 
into the various SIEM platforms pros and cons. We have looked at QRadar, Splunk, LogRythm, and Arcsight. I’ve been 
getting a lot of ads for AlienVault USM, but don’t know anyone who it using that. Any insight you can provide would 
be most appreciated.


Thanks,

Rob

<image001.gif>
Rob Milman
Security & Compliance Analyst
Information Systems

Southern Alberta Institute of Technology
EH Crandell Building, GA 214
1301 – 16 Avenue NW, Calgary AB, T2M 0L4

(Office) 403.774.5401  (Cell) 403.606.3173
rob.milman () sait ca <mailto:rob.milman () sait ca>

--
Christopher Caldwell

Senior Engineer
The George Washington University
caldwell @ gwu . edu | +1 202.994.4674 (w) | +1 202.409.0878 (c)
PGP key ID: 0x0A0EC46C

"Finish each day and be done with it. You have done what you could;
some blunders and absurdities have crept in; forget them as soon as
you can. Tomorrow is a new day; you shall begin it serenely and with
too high a spirit to be encumbered with your old nonsense.”
 - Ralph Waldo Emerson

Attachment: signature.asc
Description: Message signed with OpenPGP

Current thread:

SIEM preferences for the budget conscious institution Rob Milman (Jan 27)
- Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)
  - Re: SIEM preferences for the budget conscious institution Baillio, Aaron (Jan 27)
- Re: SIEM preferences for the budget conscious institution Christopher Caldwell (Jan 27)
  - Re: SIEM preferences for the budget conscious institution Johnson, Kyle A (Jan 27)
  - Re: SIEM preferences for the budget conscious institution Kevin Wilcox (Jan 27)