Re: SIEM preferences for the budget conscious institution

["Johnson, Kyle A" <KAJohnson () INDIANATECH EDU>]

I used Splunk in a previous job and I absolutely loved it. I am trying to push for it here as well. I used Splunk 
strictly for incident response, and it worked tremendously well. There are also a great deal of add-on applications 
that can be integrated within Splunk. Very easy to customize dashboards, receive emailed reports/alerts, etc. I would 
highly recommend it, especially if you integrate some sort of threat intel solution with it. The Splunk classes are 
worth your time and money as well. 

 

Regards,

 

Kyle Johnson, GSEC, CEH

Information Security Officer



kajohnson () indianatech edu <mailto:kajohnson () indianatech edu>  / www.IndianaTech.edu <http://www.indianatech.edu/> 

O: 260-422-5561 x2107

M: 260-343-1606

1600 E. Washington Blvd. / Fort Wayne, IN 46803

 

PHISHING? Forward the email to  <mailto:abuse () indianatech edu> abuse () indianatech edu for reporting and 
investigation

 

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christopher Caldwell
Sent: Friday, January 27, 2017 1:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SIEM preferences for the budget conscious institution

 

Rob,

 

Have you looked into an all-in-one solution? We are in the middle of a multi-year budget crisis and with Splunk we have 
not only sustained, but expanded our investment. It fulfills multiple roles (SEIM, ITSA, BI, etc) at a much lower TCO 
than any other solution that we have looked at. With a judicious use of Puppet to manage the Splunk infrastructure, I 
(1 person) manage three clusters (including one multi-site), totaling 12 indexers, 11 search heads, nearly 500 
forwarders (both co-located and “syslog servers”) and 4TB of data by myself.  Splunk strikes some people as expensive, 
but seeing recent quotes just for our FireEye subscription puts that into perspective for the value it provides. I’m 
hoping to kill off our buy into Tableau and other 3rd party BI products in the future as duplicative efforts.

 

 

On Jan 27, 2017, at 11:52 AM, Rob Milman <rob.milman () SAIT CA <mailto:rob.milman () SAIT CA> > wrote:

 

Hi everyone,

 

I have the approval to bring a SIEM into our institution and was hoping the community could provide me with insight 
into the various SIEM platforms pros and cons. We have looked at QRadar, Splunk, LogRythm, and Arcsight. I’ve been 
getting a lot of ads for AlienVault USM, but don’t know anyone who it using that. Any insight you can provide would be 
most appreciated.

                

 

Thanks,

 

Rob

 


<image001.gif>

Rob Milman

Security & Compliance Analyst

Information Systems

 

Southern Alberta Institute of Technology

EH Crandell Building, GA 214

1301 – 16 Avenue NW, Calgary AB, T2M 0L4

 

(Office) 403.774.5401  (Cell) 403.606.3173

rob.milman () sait ca <mailto:rob.milman () sait ca> 

 

--

Christopher Caldwell

Senior Engineer
The George Washington University
caldwell @ gwu . edu | +1 202.994.4674 (w) | +1 202.409.0878 (c)
PGP key ID: 0x0A0EC46C

"Finish each day and be done with it. You have done what you could; 

some blunders and absurdities have crept in; forget them as soon as 

you can. Tomorrow is a new day; you shall begin it serenely and with 

too high a spirit to be encumbered with your old nonsense.”

 - Ralph Waldo Emerson

Attachment: smime.p7s
Description: