Re: Picking a SIEM: How's envision compared with Arcsight?

["Sandeep Cheema " <51l3n7 () live in>]

Arcsight's definitely the best with it's smartconnector's for pulling the logs. Flexconnector's are there for devices 
that are not supported and these have to be custom developed. Arcsight charges a lot for this part. They also provide a 
Flexconnector training, which would be the way to go if you are looking at lot of devices and long run. You do not have 
to purchase lot of logger appliances, rather go for like 2 primary and 2 backup with a NAS environment. The loggers can 
talk to NAS. Support should not be an issue for large enterprise who have a dedicated or shared TAM.

RSA Envision is expensive. Much more than Arcsight. Also, it just supports syslog and you cannot pull logs. For devices 
that have UDP syslog capability only, the packets are bound to be lost. RSA supports NAS too.

Sorry, I haven't evaluated QRadar.

My 0.02$ for Arcsight

Regards,
Sandeep
Sent from my BlackBerry® smartphone

-----Original Message-----
From: xxuuyyong () gmail com
Date: Thu, 2 Feb 2012 21:45:26 
To: <security-basics () securityfocus com>
Subject: Picking a SIEM: How's envision compared with Arcsight?

We are looking for a new SIEM for a very large enterprise environment.
  
ArcSight's sales people are always like you must be idiots if you are not using our product.  But my concern is that 
they got acquired by HP, and our past experience dealing with HP's customer support hasn't been very pleasant.  There 
are also rumors that ArcSight has been losing its talents after acquired by HP.

I also looked at QRadar and it's a wonderful product.  However, it's acquired by IBM.  Is it a good idea to invest a 
lot of money and effort on a product that's bound to be discontinued and unsupported in a short couple of years in 
order to be replaced by a re-branded product?

Then there's the RSA envision.  It's been under RSA's product line-up for many years and EMC got it integrated with its 
archer and netwitness products.  This makes it a more stable pick to me.  Can anyone comment on the performance, 
support, and the maintenance complexity of the envision compared to the ArcSight?  

TIA

Ian

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------