Educause Security Discussion mailing list archives
Re: SIEM preferences for the budget conscious institution
From: Christopher Caldwell <caldwell () GWU EDU>
Date: Fri, 27 Jan 2017 13:51:19 -0500
Rob, Have you looked into an all-in-one solution? We are in the middle of a multi-year budget crisis and with Splunk we have not only sustained, but expanded our investment. It fulfills multiple roles (SEIM, ITSA, BI, etc) at a much lower TCO than any other solution that we have looked at. With a judicious use of Puppet to manage the Splunk infrastructure, I (1 person) manage three clusters (including one multi-site), totaling 12 indexers, 11 search heads, nearly 500 forwarders (both co-located and “syslog servers”) and 4TB of data by myself. Splunk strikes some people as expensive, but seeing recent quotes just for our FireEye subscription puts that into perspective for the value it provides. I’m hoping to kill off our buy into Tableau and other 3rd party BI products in the future as duplicative efforts.
On Jan 27, 2017, at 11:52 AM, Rob Milman <rob.milman () SAIT CA> wrote: Hi everyone, I have the approval to bring a SIEM into our institution and was hoping the community could provide me with insight into the various SIEM platforms pros and cons. We have looked at QRadar, Splunk, LogRythm, and Arcsight. I’ve been getting a lot of ads for AlienVault USM, but don’t know anyone who it using that. Any insight you can provide would be most appreciated. Thanks, Rob <image001.gif> Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca <mailto:rob.milman () sait ca>
-- Christopher Caldwell Senior Engineer The George Washington University caldwell @ gwu . edu | +1 202.994.4674 (w) | +1 202.409.0878 (c) PGP key ID: 0x0A0EC46C "Finish each day and be done with it. You have done what you could; some blunders and absurdities have crept in; forget them as soon as you can. Tomorrow is a new day; you shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.” - Ralph Waldo Emerson
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- SIEM preferences for the budget conscious institution Rob Milman (Jan 27)
- Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)
- Re: SIEM preferences for the budget conscious institution Baillio, Aaron (Jan 27)
- Re: SIEM preferences for the budget conscious institution Christopher Caldwell (Jan 27)
- Re: SIEM preferences for the budget conscious institution Johnson, Kyle A (Jan 27)
- Re: SIEM preferences for the budget conscious institution Kevin Wilcox (Jan 27)
- Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)