Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network flow log consolidation

From: Wes Young <wcyoung () BUFFALO EDU>
Date: Tue, 25 Apr 2006 15:43:05 -0400
On Tue, 2006-04-25 at 12:18 -0700, Logan Browne wrote:

Tangential to the discussion of syslog parsing, are any others on the
list evaluating or implementing products to consolidate network flow
logs? This would be a precursor to trend analysis and perhaps some
security event correlation processes.

I have looked at some products in a past position and am wondering which
products or systems you find valuable.



Commercially, ArcSight and Cisco have decent products... Requirements
for hardware and software are higher... but might be worth checking
out....

Arcsight is a software based solution and Cisco has the CS-MARS
appliance.

Cisco does well in basic log correlation and trends... Arcsight is much
more advanced in correlation and incident analysis (getting down to the
nitty gritty)....

Both deal with Netflow...
--
Wes Young
Network Security Analyst
University at Buffalo
 -----------------------------------------------
| My Security Blog: | http://tinyurl.com/9av4k  |
| My RSS:           | http://tinyurl.com/ceopv  |
| My Life:          | http://tinyurl.com/l18g   |
| CPAN:             | http://tinyurl.com/mujm5  |
 -----------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: