Re: SIM

[George Bailey <gbailey () IVYTECH EDU>]

Ryan,

I was in your shoes about 9 months ago.  I ended up evaluating Open
Service's SIM, Log Logic's SIM, and Network Intelligence's SIM.  We
ultimately choose Network Intelligence's EnVision product and have been
running it since June of this year.

The reasons why we choose Network Intelligence was because it had native
support for many of our devices:

Check Point
McAfee ePO
Nokia IPSO
Cisco
WebSense
Intrushield IDS
Nessus
IIS
the list goes on...

During the EnVision evaluation, I had many of this products' log data
being collected in a matter of hours.  Running reports by the end of the
first day.  That wasn't the case with all the products I evaluated.

I will tell you though the correlation piece is not easy, timely to setup
and can be a bit slow depending on what you are trying to correlate.  But
the taxonomy is quite easy to understand and I found it to be most
intitutive with the EnVision product.

The fact that it runs on a Windows 2000 appliance caught me by surprise
but it has been quite stable, and secure.  I have ran various scans and
have yet to crash the box.

If you have any specific questions let me know.

--gb
--------------
George Bailey
Security Engineer
Ivy Tech Community College
Indianapolis, IN

> Hello,
>
>
>
> We are in the process of evaluating Security Information Management
> appliances and are hoping to get some feedback from those of you who are
> currently using a SIM product or are in the process of evaluating.
> Currently we have a variety of products that we would like to have the
> SIM correlate events for -
>
>
>
> ISS
>
> Symentac
>
> PIX
>
> Tipping Point
>
> Etc.
>
>
>
> We are looking at three products -
>
>
>
> Cisco MARS
>
> TriGeo
>
> Network Intelligence
>
>
>
> Any feedback would be greatly appreciated.
>
>
>
> Ryan Rose