Educause Security Discussion mailing list archives
Re: SIM
From: Mark Poepping <poepping () CMU EDU>
Date: Tue, 6 Dec 2005 21:19:03 -0500
Has anyone assembled (or discovered anywhere) documentation for a good use case in this area? Do you have requirements documentation that you'd be willing to share (privately if not publicly)? Thanks. Mark. Mark Poepping Computing Services, Carnegie Mellon
-----Original Message----- From: George Bailey [mailto:gbailey () IVYTECH EDU] Sent: Tuesday, December 06, 2005 8:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIM Ryan, I was in your shoes about 9 months ago. I ended up evaluating Open Service's SIM, Log Logic's SIM, and Network Intelligence's SIM. We ultimately choose Network Intelligence's EnVision product and have been running it since June of this year. The reasons why we choose Network Intelligence was because it had native support for many of our devices: Check Point McAfee ePO Nokia IPSO Cisco WebSense Intrushield IDS Nessus IIS the list goes on... During the EnVision evaluation, I had many of this products' log data being collected in a matter of hours. Running reports by the end of the first day. That wasn't the case with all the products I evaluated. I will tell you though the correlation piece is not easy, timely to setup and can be a bit slow depending on what you are trying to correlate. But the taxonomy is quite easy to understand and I found it to be most intitutive with the EnVision product. The fact that it runs on a Windows 2000 appliance caught me by surprise but it has been quite stable, and secure. I have ran various scans and have yet to crash the box. If you have any specific questions let me know. --gb -------------- George Bailey Security Engineer Ivy Tech Community College Indianapolis, INHello, We are in the process of evaluating Security Information Management appliances and are hoping to get some feedback from those of you who are currently using a SIM product or are in the process of evaluating. Currently we have a variety of products that we would like to have the SIM correlate events for - ISS Symentac PIX Tipping Point Etc. We are looking at three products - Cisco MARS TriGeo Network Intelligence Any feedback would be greatly appreciated. Ryan Rose