Re: SIEM Solution Recommendation

["Burton, Abigail F" <afburton () BCM EDU>]

Good advice. I for one do not condone such things. I have not received any communication from vendors based on the 
inquiry in this listserv. If I do, I will make sure that they are reported.

Thanks!
abby

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Thursday, October 27, 2011 7:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

A vendor calling you in response to a list posting is a violation of the Educause list participation rules:

"Please note that unsolicited commercial communications to constituent group participants as a result of postings to a 
Constituent or Discussion list violate the promotional messages and advertising provisions of these guidelines and may 
result in the loss of access to the listserv in question."

I recommend anyone report such contacts to security-council () educause edu<mailto:security-council () educause edu> to 
keep the vendors in check.

Brad Judy

Emory University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greene, 
Chip
Sent: Wednesday, October 26, 2011 6:07 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation

Thanks David.  We should also bear in mind that some vendors could be monitoring these discussions.  I have already 
received a phone call from a vendor mentioned in this email chain wondering if we had any projects.  Ironic.......

________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Escalante 
[david.escalante () BC EDU]
Sent: Wednesday, October 26, 2011 5:31 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM Solution Recommendation
It depends upon what you're getting them for.  I don't view them as interchangeable solutions, and they cost a lot of 
money, plus the monitoring one does once they're installed.  Can you share more detailed requirements as to what the 
SIEM is expected to do, how big an environment it has to scale to, what number of FTEs you intend to have tend it once 
installed, etc...?

Also, people replying to this message should bear in mind that this mailing list is archived and made available to the 
entire Internet essentially forever, so endorsements or disparagements of specific products will be public for a long 
time, and when you say "we use X at school Y" that is also available to any bad guy trying to penetrate you assuming 
they do some research on Google on hit upon any information your message(s) reveal in this mailing list....
--
David Escalante
Boston College

We are in the process of doing dog and pony shows for SIEM solutions and I would like to get a general perspective of 
what you have experienced in-house and those that belong in the out-house :-)

We are looking at:
ArcSight
RSA
NitroSecurity
NetIQ

to just name a few. Any thoughts would be very helpful. Please feel free to contact me directly.


________________________________
Information Services (including the HelpDesk) will NEVER ask for your password or other personal data via email. 
Messages requesting such details are fraudulent. DELETE THEM WITHOUT REPLY.