Re: SIEM Solutions

[Debbie Montano <debbie () METAFLOWS COM>]

Another option...

MetaFlows offers Security-software-as-a-Service (SaaS), with a low monthly subscription rate.  MetaFlows Security 
System (MSS) provides SIEM & log management, in MetaFlows secure cloud, plus an advanced network intrusion 
detection systems (IDS) and a rich forensic interface, providing full malware detection, prevention & analysis.  
You can also get MetaFlows Security System as a fully managed service via MetaFlows partners.

(And going the other direction -- for the do-it-yourself-er's -- you can provision and run MetaFlows Security System on 
your own private infrastructure/servers, if you prefer.)

See: www.metaflows.com or contact me directly if you want additional info.

Debbie

Debbie Montano
MetaFlows, Inc
303 378 9762
debbie () metaflows com
www.MetaFlows.com




---- On Tue, 12 Jun 2012 14:11:37 -0600 Jeff Howlett <howlettj () MEREDITH EDU> wrote ---- 


We tried the AlienVault implementation at Meredith, but did not have 
the staff time to make it work like it should. Instead we went with a 
managed AlienVault system by Trusted Metrics www.trustedmetrics.com 
(they are the only US based certified AlienVault MMSP) and have been 
extremely happy. We have been running for 1.5 years with 24/7 support 
by Trusted Metrics and my staff loves the system. 
 
The cost is very reasonable, a little more than AlienVault pro, but 
monthly rather than in an unmanageable (for us) cost directly to 
AlienVault for the software license and without the training costs and 
time for my engineers. I would highly recommend anyone looking into a 
SIEM to check into the MMSP model. 
 
Feel free to contact me with any questions. 
 
Jeff 
 
_________________________ 
Jeffrey R. Howlett 
Chief Information Officer 
Meredith College 
3800 Hillsborough Street 
Raleigh, NC 27607 
howlettj () meredith edu 
Phone: (919) 760-8828 
Fax: (919) 760-2325 
 
 
On Tue, Jun 12, 2012 at 3:04 PM, Shawn Kohrman <skohrman () apu edu> wrote: 
> Matthew, 
> Here are the total responses I've received. 
> 
> Shawn 
> ----- 
> Shawn A. Kohrman, Security Architect 
> 
> Azusa Pacific University 
> Information & Media Technology 
> 901 E. Alosta Ave., PO Box 7000 
> Azusa, CA 91702-7000 
> 
> P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/ 
> ----- 
> 
> 
> 
> On Wed, Jun 6, 2012 at 8:44 PM, Matthew Hodgett <m.hodgett () qut edu au> 
> wrote: 
>> 
>> Shawn, 
>> 
>> I was hoping to see some of the responses myself. We have been using a 
>> syslog server as a forensic store for many years, and diverting information 
>> to a SEIM for live analyses. Both of these systems can also collect data 
>> directly that would otherwise be missing. The time is right for us to 
>> re-assess our situation and are interested to hear what others are doing. 
>> 
>> Regards 
>> Matthew 
>> 
>> 
>> On 06/06/12 09:33, Shawn Kohrman wrote: 
>>> 
>>> Many thanks to all of you who responded!  I'll keep you posted as we move 
>>> forward. 
>>> 
>>> Shawn 
>>> ----- 
>>> Shawn A. Kohrman, Security Architect 
>>> 
>>> Azusa Pacific University 
>>> Information & Media Technology 
>>> 901 E. Alosta Ave., PO Box 7000 
>>> Azusa, CA 91702-7000 
>>> 
>>> P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/ 
>>> ----- 
>>> 
>>> 
>>> 
>>> On Tue, Jun 5, 2012 at 8:52 AM, Paul Hanson <paulh () haas berkeley edu 
>>> <mailto:paulh () haas berkeley edu>> wrote: 
>>> 
>>>    We're currently evaluating the community edition of Alienvault since 
>>> it supports ossec, syslog, arpwatch, p0f, and snort.  There are a plethora 
>>> of other products it supports but those are the big hitters.  I've heard the 
>>> professional version is leaps and bounds above the free version but haven't 
>>> gotten that far. 
>>> 
>>>    In terms of alternatives I've heard good things about 
>>>    IBM QRadar (formerly Q1 Labs) 
>>>    Tenable Log Correlation Engine 
>>>    Solarwinds Log & Event Manager (formerly Trigeo) 
>>> 
>>>    Cheers! 
>>>    Paul 
>>> 
>>> 
>>>    -----Original Message----- 
>>>    From: The EDUCAUSE Security Constituent Group Listserv 
>>> [mailto:SECURITY () LISTSERV EDUCAUSE EDU 
>>> <mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Shawn Kohrman 
>>>    Sent: Monday, June 04, 2012 2:49 PM 
>>>    To: SECURITY () LISTSERV EDUCAUSE EDU 
>>> <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
>>>    Subject: [SECURITY] SIEM Solutions 
>>> 
>>>    Hello, 
>>>    I am currently working on a proposal for implementing a central 
>>> logging system for our various services/devices.  I was wondering if I 
>>> should be looking for a SIEM solution to consolidate event correlation with 
>>> log management. 
>>> 
>>>    I'm curious to know what others have done or are planning in this 
>>> area. 
>>> 
>>>    Shawn 
>>> 
>>>    ----- 
>>>    Shawn A. Kohrman, Security Architect 
>>> 
>>> 
>>>    Azusa Pacific University 
>>>    Information & Media Technology 
>>>    901 E. Alosta Ave., PO Box 7000 
>>>    Azusa, CA 91702-7000 
>>> 
>>>    P: 626.815.2054 <tel:626.815.2054> | F: 626.815.2061 
>>> <tel:626.815.2061> | http://www.apu.edu/ 
>>>    ----- 
>>> 
>>> 
>> 
>> -- 
>> Matthew Hodgett, MInfTech, CISSP 
>> IT Security Engineer | Queensland University of Technology 
>> Phone: (07) 313 89454 | Fax: (07) 31382921 
>> 
>> QUT Classifications, refer MOPP F/1.2.5 
>> CRISCO No. 00213J 
> 
>