Re: NitroSecurity SIEM platform

[Brian Epstein <bepstein () IAS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

        We have been NitroSecurity customers for a number of years now.  We
have always been impressed with the software they provide and their
reporting infrastructure.

        We have run into various hardware issues over the years, specifically
with their IPS device.  I believe that they have worked out many of the
kinks.  Only suggestion I have is to purchase their products that
utilize disk mirroring and redundant power supplies.

        For critical networks, you may decide to make redundant networking
paths around their IPS in the event of total hardware failure.

        They have typically been very responsive with problems and have taken
some suggestions for feature updates.  I think with recent acquisitions,
they have really gone far with their SIEM product.  I'm excited to
upgrade to 8.3 soon.

        One last note, as with any IPS & SIEM device, it takes a lot of time to
tune.  In the educational sector, you may allow certain things that
corporations would not.  This means you have to go through and disable
certain protections on by default in the IPS.  This takes time.

        In the end, solid product, cost effective.  Be aware of hardware and
redundancy limitations, and make sure to have time and resources for
proper configuration.

Thanks,
ep

- -- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Network and Security Officer            Institute for Advanced Study
Key fingerprint = 128A 38F4 4CFA 5EDB 99CE  4734 6117 4C25 0371 C12A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFKafr9YRdMJQNxwSoRAk/7AJ9ZQRsDFMAVvjklvb2d+CgSbF1vSgCff/vz
b/lSnCKqEudhY9yAIIuxKn4=
=dkxn
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature