RE: Centralized firewall management and log analysis tools

["Mikhail A. Utin" <mutin () commonwealthcare org>]

ArcSight, Q1Labs, NitroSecurity, AlienVault, RSA, eiQNetworks, LogRhythm, Tenable Security, etc. The list of major 
vendors in approximately 15 names.
I would not recommend ArcSight by people's opinion, my personal review of SIEN vendors, and possible price of 
implementation. AlienVault could cost $25K, when ArcSight goes for more than $110K. It is HP/ArcSight though.


Mikhail Utin, CISSP
Information Security Analyst




-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Anwar Khan
Sent: Thursday, May 03, 2012 8:17 AM
To: Daniel Gil
Cc: security-basics () securityfocus com
Subject: Re: Centralized firewall management and log analysis tools

Hi Daniel,

Check out the tool called ArcSight (arcsight.com) instead of Splunk.
It does log analysis and real time monitoring with Correlation to identify APT and many many more things which we can't 
even imagine.
And gives you a robust job profile as well if you work on this tool.

It integrate with all product in the market and gives you one console to do complete deep analysis of the security 
posture of an org.

This is for Log analysis and Real time monitoring and Correlation, not for Administration for any product.

Hope this will help you.



On Thu, May 3, 2012 at 4:00 PM, Daniel Gil <the900 () gmail com> wrote:
> Hi list!
>
> Recently I've been tasked with designing a solution for a company that 
> has multiple offices, each with a database server and firewall, 
> connected to the central headquarters through vpn. They administer 
> each of these offices individually and would like a centralized server 
> for firewall administration, log analysis and possibly IDS/vpn 
> administration.
>
> I've been thinking about splunk+snort+a firewall that provides 
> centralized management. Is there a better set of tools for the job? Or 
> even better, a single tool that integrates all features?
>
> I'd love to hear from you people with experience in implementing 
> similar solutions which tools worked best for you.
>
> Best regards,
> Dan

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------