Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: *EXT* Re: [SECURITY] SIEM Tools

From: "Kingsley, Gene" <GKingsley () UMASSP EDU>
Date: Mon, 22 Jan 2018 14:26:40 +0000
+ 1 for LogRhythm.





From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Velislav K Pavlov <VelislavPavlov () FERRIS 
EDU>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, January 22, 2018 at 8:43 AM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] *EXT* Re: [SECURITY] SIEM Tools


+1 for LogRhythm


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Seth A. 
Shestack
Sent: Monday, January 22, 2018 7:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: *EXT* Re: [SECURITY] SIEM Tools

WE are currently using LogRhythm and are extremely happy.
We also did a POC of Splunk which seemed very good, however we felt that Splunk would require a larger team to manage 
since it required more programming and LogRhythm had many of these correlation rules built out of the box.

A further caution, I am not sure of your log volume but we started with a smaller system (Trigeo which was bought out 
by Solarwinds) and found that we outgrew it because it couldn’t scale.
Make sure whatever system you buy will scale to any future needs.

Seth

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David D 
Grisham
Sent: Saturday, January 20, 2018 11:31 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] SIEM Tools

We are using Splunk and it is a very versatile tool.
Cheers.-grish David Grisham
David Grisham, PhD, CISM, CRISC
933 Bradbury Drive SE, Suite 3131
Manager, Cybersecurity, UNM Hospitals, UNM Health Science Center
505.272.5657 my email Dgrisham () salud UNM edu<mailto:Dgrisham () salud UNM edu>
DO NOT provide your username, password, or any personal information in any email.
UNMH WILL NEVER ask you for your username or password via email.
DO NOT CLICK links or attachments unless you are positive the content is safe.



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of WALTER 
KERNER
Sent: Friday, January 19, 2018 10:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] SIEM Tools

Hi Michael. We have had good luck with Alert Logic. It combines log analysis and IDS functions and has been very 
valuable.

On Fri, Jan 19, 2018 at 9:48 PM Madl, Michael <michael.madl () indwes edu<mailto:michael.madl () indwes edu>> wrote:
I am currently reviewing several SIEM products [QRadar, Alien Vault, Log Rhythm etc.].

Can anyone share any success stories with the product they are utilizing.  I have utilized Alien Vault in the past and 
the correlation functionality is pretty good.  Threat detection is also done well.

Gartner has been a great tool for review but wondering if anyone had any strong feelings/experiences with certain tools.


Thank you in advance,


MICHAEL MADL
INFORMATION SECURITY OFFICER
UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 SOUTH WASHINGTON 
STREET<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240013956&sdata=y8K9%2F3pwJG5jqPRAV1HRHT8XvQ73o%2BK9Y2sDRO0qI9M%3D&reserved=0>
MARION, IN 
46953<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=iXk80Q9F2DtNx46HfEOsXEgJK47xz64cOr%2BWBhj8V58%3D&reserved=0>

765<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmaps.google.com%2F%3Fq%3D4201%2BSOUTH%2BWASHINGTON%2BSTREET%250D%2BMARION%2C%2BIN%2B46953%250D%2B%25C2%25A0%250D%2B765%26entry%3Dgmail%26source%3Dg&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=iXk80Q9F2DtNx46HfEOsXEgJK47xz64cOr%2BWBhj8V58%3D&reserved=0>.677.2688
   |   765.677.2020 FAX
michael.madl () indwes edu<mailto:mike.madl () indwes edu>

INDWES.EDU/IT<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Findwes.edu%2FIT&data=02%7C01%7CVelislavPavlov%40ferris.edu%7Cec76183d7e4c4e8e2c7e08d56191ce74%7C64b0362e85c04e95a4ce5651d96cb739%7C1%7C1%7C636522201240170205&sdata=mdwO%2Bsnu2rTdhxAfW2YVI9gufHP8ugcHtVXB7MfvODY%3D&reserved=0>

[cid:image001.jpg@01D3436E.D1E0F1C0]

CONFIDENTIALITY NOTICE: This email, including applicable attachments, may include legally protected information.  If 
you are not the intended recipient of this message, you may not disclose, print, copy, save, or disseminate this 
information. If you have received this email in error, please notify the sender by replying to this message and 
immediately delete this message.


--
Walter Kerner
AVP and CISO
Fashion Institute of Technology
**Notice** This message is from a sender outside of the Ferris Office 365 mail system. Use caution when clicking links 
or opening attachments. For assistance determining if this email is safe, please contact TAC.
________________________________
Previous By Date Next
Previous By Thread Next

Current thread: