Re: Network flow log consolidation

[John Rasmussen <rasmusse () OHSU EDU>]

We currently use the MARS, it is very nice.  It also works well with a number of applications.  We pull McAfee EPO info 
in addition to Cisco logs.  
 
But, it's not the cheapest solution around.
 
John
 
 
 
 
John Rasmussen, CISSP, GCIH
Manager, Security Engineering
OHSU Information Technology Group
Oregon Health and Science University
503-494-8480
rasmusse () ohsu edu
MC: ITG05

> > > Dover () HARPETHHALL ORG 4/25/2006 1:00:58 PM >>>

Cisco MARS is VERY nice.  Especially if you have an entire Cisco infrastructure.  I hope to have one someday.  I have 
seen it in action.

Justin Dover
Harpeth Hall School
615-346-0082

The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on Tuesday, April 25, 2006 at 2:43 
PM -0600 wrote:
Commercially, ArcSight and Cisco have decent products... Requirements
for hardware and software are higher... but might be worth checking
out....

Arcsight is a software based solution and Cisco has the CS-MARS
appliance.

Cisco does well in basic log correlation and trends... Arcsight is much
more advanced in correlation and incident analysis (getting down to the
nitty gritty)....

Both deal with Netflow...