Educause Security Discussion mailing list archives

Re: SIM/SIEM sample RFP

From: Wes Young <wcyoung () BUFFALO EDU>
Date: Tue, 4 Sep 2007 15:05:03 -0400

On Tue, 2007-09-04 at 13:43 -0500, Youngquist, Jason R. wrote:

Does anyone have a SIM/SEIM sample RFP or recommendations on SIMs?  We
are looking for SIM products similar to Cisco MARS and Q1 Radar.   The
SIM needs to be cost effective, able to collect log data from multiple
sources, correlate it, look for abnormal behavior, take automatic/manual
action against malicious activity, and generate detailed and summarized
reports for management.


We did an in-house, week long eval ~2 years or so ago. Top two were
Arcsight (www.arcsight.com) and Cisco MARS.

MARS (IMO) didn't even come close to what ArcSight provided.
--
Wes Young
Network Security Analyst
University at Buffalo
 -----------------------------------------------
| my OpenID:        | http://tinyurl.com/2zu2d3 |
 -----------------------------------------------

Current thread:

SIM/SIEM sample RFP Youngquist, Jason R. (Sep 04)
- <Possible follow-ups>
- Re: SIM/SIEM sample RFP Wes Young (Sep 04)
- Re: SIM/SIEM sample RFP Harris, Michael C. (Sep 04)
- Re: SIM/SIEM sample RFP Greg Vickers (Sep 06)