Educause Security Discussion mailing list archives
Re: SIM
From: George Bailey <gbailey () IVYTECH EDU>
Date: Tue, 6 Dec 2005 20:31:35 -0500
Ryan, I was in your shoes about 9 months ago. I ended up evaluating Open Service's SIM, Log Logic's SIM, and Network Intelligence's SIM. We ultimately choose Network Intelligence's EnVision product and have been running it since June of this year. The reasons why we choose Network Intelligence was because it had native support for many of our devices: Check Point McAfee ePO Nokia IPSO Cisco WebSense Intrushield IDS Nessus IIS the list goes on... During the EnVision evaluation, I had many of this products' log data being collected in a matter of hours. Running reports by the end of the first day. That wasn't the case with all the products I evaluated. I will tell you though the correlation piece is not easy, timely to setup and can be a bit slow depending on what you are trying to correlate. But the taxonomy is quite easy to understand and I found it to be most intitutive with the EnVision product. The fact that it runs on a Windows 2000 appliance caught me by surprise but it has been quite stable, and secure. I have ran various scans and have yet to crash the box. If you have any specific questions let me know. --gb -------------- George Bailey Security Engineer Ivy Tech Community College Indianapolis, IN
Hello, We are in the process of evaluating Security Information Management appliances and are hoping to get some feedback from those of you who are currently using a SIM product or are in the process of evaluating. Currently we have a variety of products that we would like to have the SIM correlate events for - ISS Symentac PIX Tipping Point Etc. We are looking at three products - Cisco MARS TriGeo Network Intelligence Any feedback would be greatly appreciated. Ryan Rose