Educause Security Discussion mailing list archives

Re: SIEM

From: "King, Ronald A." <raking () NSU EDU>
Date: Fri, 29 Apr 2011 13:38:05 -0400

I concur with this and Nitro.  In addition, they have been very responsive
in adding support for devices not initially included in their rule-set and
addressing support requests.  They are also very willing to do demos/trials
on site.

 

 

Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

700 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email: raking () nsu edu

http://security.nsu.edu

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ferris, Joe
Sent: Friday, April 29, 2011 11:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM

 

We have been using NitroSecurity (ESM) for a few years and have been very
satisfied with our deployment.  The direction of their product aligns well
with what we are trying to protect, monitor and log for compliance.  The
console is powerful and built with Flash so it is incredibly customizable...
the downside of Flash is that it takes Windows users about two weeks before
they stop trying to "right click" everything.  We are currently logging
flows, IDS, IPS, firewalls, access logs, multiple Server Logs, NeXpose and
more into one SIEM.  Also, the underlying database has always been very fast
and reliable for us.  If you are evaluating SIEM solutions, I would suggest
adding them to the mix.

Joe Ferris  
Information Security
Florida State University


On 4/28/11 5:23 PM, "Rob Milman" <rob.milman () SAIT CA> wrote:

Hi all,
 
I've been asked to evaluate products in order to implement a SIEM solution
for our core infrastructure. What, if any, SIEM solutions are working for
you? Is anyone using OSSIM by alienvault?
 
Thanks,
 
Rob
 
Security and Compliance Analyst, Information Systems, SAIT Polytechnic
1301 - 16 Avenue NW, Calgary, Alberta, Canada  T2M 0L4
Ph (403) 210.4229, Cell (403) 606.3173, Fax (403) 284-8811
http://www.sait.ca  <http://www.sait.ca/> <http://www.sait.ca/>

Attachment: smime.p7s
Description:

Current thread:

SIEM Rob Milman (Apr 28)
- Re: SIEM Matthew Gracie (Apr 28)
- Re: SIEM Pratt, Benjamin E. (Apr 29)
  - Re: SIEM Aaron Sigmon (Apr 29)
    - Re: SIEM James R. Pardonek (Apr 29)
  - Re: SIEM Chris Vakhordjian (Apr 29)
- Re: SIEM Ferris, Joe (Apr 29)
  - Re: SIEM King, Ronald A. (Apr 29)
- Re: SIEM Gibson, Nathan J. (HSC) (Apr 29)