Re: Centralized firewall management and log analysis tools

["exzactly" <exzactly () hotmail com>]

check out Algosec

-----Original Message----- 
From: Mahmoud Kaddoura
Sent: Tuesday, May 08, 2012 12:27 PM
To: Mikhail A. Utin ; Anwar Khan ; Ron McKown
Cc: Marian Paun ; security-basics () securityfocus com
Subject: RE: Centralized firewall management and log analysis tools

We have done POC for many of these products (Arcsight , RSA, ...) and all of 
them have issues and limitations
Archsight needs some effort to get implemented but they have an amazing 
dashboard where you can easily identify abnormalities in your network
While others and mainly RSA , it is agentless , easy to deploy for many 
products but it needs some experts/high skills to identify abnormalities

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On 
Behalf Of Mikhail A. Utin
Sent: Monday, May 07, 2012 5:45 PM
To: Anwar Khan; Ron McKown
Cc: Marian Paun; security-basics () securityfocus com
Subject: RE: Centralized firewall management and log analysis tools

I would say that nothing is perfect in this world. The opinion below sounds 
as not professional. Even careful consideration of Gartner research of 2011 
will show that ArcSight, Q1Labs and NitroSecurity are very close in Gartner 
used parameters/capabilities. Not to mention a few others. Each has own 
approach, but features and capabilities are very close. People consider that 
Q1Lab is much easier to install and use than ArcSight. There are some 
examples when people switch from ArcSight to other products because of 
complexity of ArcSight management and configuration. AlienVault, for 
instance, is the leader in installations, by the information on their site, 
but I would not expect them cheating. As far as I remember, ArcSight does 
not provide such very important feature as "external database logging". This 
is actually my term. It means that database logs are extracted from either 
network traffic or from internal transactions, and which is 10 times better 
than any original database logging. For instance, you can catch SQL 
injection.  NitroSecurity does that, and, BTW, has IDS/IPS completely 
integrated with other appliances.
This list can continue for dozens of pages. The point is - there is no ideal 
solution, and this is NOT money issue at all.


Mikhail Utin, CISSP
Information Security Analyst




-----Original Message-----
From: Anwar Khan [mailto:anwarrhce () gmail com]
Sent: Friday, May 04, 2012 11:57 PM
To: Ron McKown
Cc: Mikhail A. Utin; Marian Paun; security-basics () securityfocus com
Subject: Re: Centralized firewall management and log analysis tools

Hi All,

I would say, if you have budget and looking for long time solution, ArcSight 
is best as we are using it.

All competitors have limitations and drawbacks, not ArcSight.



On Fri, May 4, 2012 at 10:45 PM, Ron McKown <RMcKown () apptio com> wrote:
> Mikhail,
>
> I would very much like to see your SIEM research paper.
>
> Thanks.
>
> - Ron McKown, CISSP
> - Sent from a tablet device
>
> On May 4, 2012, at 9:56 AM, "Mikhail A. Utin" <mutin () commonwealthcare org> 
> wrote:
>
> > By my research, and a couple of published in 2011 reviews, all ArcSight 
> > competitors provide very similar features and capabilities. They reached 
> > the point where they can only improve, but not invent or develop 
> > something really different. I would not trust Gartner in its research 
> > (they rated ArcSight as top of the line product) and the Magic Quadrant 
> > as well. Guys were missing point very often. Each SIEM vendor has its own 
> > approach how to create a line of SIEM products. Almost all are 
> > appliances. There are just a few software providing vendors. Almost all 
> > have "all-in-one" low end appliance solution.
> >
> > Yes, HP got ArcSight to use in its services, which are expensive, and 
> > that started affecting the company's "technical" position. BTW, two other 
> > major vendors - Q1Lab and NitroSecurity are not independent anymore as 
> > well.
> >
> > If the list is interested, I can polish my SIEM research draft and 
> > publish it.
> >
> > Mikhail Utin, CISSP
> > Information Security Analyst
> >
> >
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Marian Paun
> > Sent: Friday, May 04, 2012 4:37 AM
> > To: security-basics () securityfocus com
> > Subject: RE: Centralized firewall management and log analysis tools
> >
> > We had several years experiente with Quest Intrust and were not very
> > impressed by it (huge performance issues when the event rate or
> > number of event sources grow above a certain threshold, ridiculous
> > correlation capabilities, administration nightmare). For around one
> > year and half we are using Arcsight and are delighted with it. It
> > _is_ expensive, but great value for money. Not very sure if the
> > product will keep up after Arcsight was purchased by HP :(
> >
> > Marian
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Andy Smith
> > Sent: Friday, May 04, 2012 12:04 AM
> > To: security-basics () securityfocus com
> > Subject: Re: Centralized firewall management and log analysis tools
> >
> > On Thu, May 3, 2012 at 7:12 PM, john dow <guest01 () gmail com> wrote:
> > > If money is not a concern, I would recommend Check Point. We have
> > > quite a big Check Point deployment as well as Juniper Firewalls,
> > > Phion/Baracuda Firewalls and some Cisco Firewalls (ASA, PIX). Check
> > > Point has by far the best tools for managing a centralized deployment.
> > > Even their IPS-blade is much better now that I has been before. For
> > > log analysis you could use Check Point Eventia Reporter and with
> > > Tufin, you can do much more, e.g. track changes, compliance, ...
> > > I am not a Check Point guy and I regularly complain about Check
> > > Point myself, but it is definitely the best package I have experienced 
> > > yet.
> >
> > CONFIDENTIALITY NOTICE: This email communication and any attachments
> > may contain confidential and privileged information for the use of
> > the designated recipients named above. If you are not the intended
> > recipient, you are hereby notified that you have received this
> > communication in error and that any review, disclosure,
> > dissemination, distribution or copying of it or its contents is
> > prohibited. If you have received this communication in error, please
> > reply to the sender immediately or by telephone at (617) 426-0600 and 
> > destroy all copies of this communication and any attachments. For further 
> > information regarding Commonwealth Care Alliance's privacy policy, please 
> > visit our Internet web site at http://www.commonwealthcare.org.
> >
> >
> > ---------------------------------------------------------------------
> > --- Securing Apache Web Server with thawte Digital Certificate In
> > this guide we examine the importance of Apache-SSL and who needs an SSL 
> > certificate.  We look at how SSL works, how it benefits your company and 
> > how your customers can tell if a site is secure. You will find out how to 
> > test, purchase, install and use a thawte Digital Certificate on your 
> > Apache web server. Throughout, best practices for set-up are highlighted 
> > to help you ensure efficient ongoing management of your encryption keys 
> > and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
> > 442f727d1
> > ---------------------------------------------------------------------
> > ---
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL 
> certificate.  We look at how SSL works, how it benefits your company and 
> how your customers can tell if a site is secure. You will find out how to 
> test, purchase, install and use a thawte Digital Certificate on your 
> Apache web server. Throughout, best practices for set-up are highlighted 
> to help you ensure efficient ongoing management of your encryption keys 
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --



--
Regards,
Anwar
+91-915-806-9094
CONFIDENTIALITY NOTICE: This email communication and any attachments may 
contain confidential and privileged information for the use of the 
designated recipients named above. If you are not the intended recipient, 
you are hereby notified that you have received this communication in error 
and that any review, disclosure, dissemination, distribution or copying of 
it or its contents is prohibited. If you have received this communication in 
error, please reply to the sender immediately or by telephone at (617) 
426-0600 and destroy all copies of this communication and any attachments. 
For further information regarding Commonwealth Care Alliance's privacy 
policy, please visit our Internet web site at 
http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we 
examine the importance of Apache-SSL and who needs an SSL certificate.  We 
look at how SSL works, how it benefits your company and how your customers 
can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. 
Throughout, best practices for set-up are highlighted to help you ensure 
efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Disclaimer:
This e-mail message is intended solely for the individual or organization to 
which it is addressed. This message with all of its attachments (if any) may 
contain privileged and/or confidential information.
Views, opinions or conclusive remarks expressed in this message are those of 
the sender and do not necessarily express the views of Injazat Data Systems 
LLC and its related companies.
If you are not the intended recipient of this message, please immediately 
advise the sender by reply email or by telephone call to the number above or 
+971 2 699 2700; please also permanently delete this message.
Any unauthorized use, printing, copying, retention, disclosure or 
distribution of this message is strictly prohibited.

This email message has been scanned for the presence of computer viruses.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL 
certificate.  We look at how SSL works, how it benefits your company and how 
your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web 
server. Throughout, best practices for set-up are highlighted to help you 
ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------