Educause Security Discussion mailing list archives
Re: SIEM preferences for the budget conscious institution
From: "Johnson, Kyle A" <KAJohnson () INDIANATECH EDU>
Date: Fri, 27 Jan 2017 19:13:35 +0000
I used Splunk in a previous job and I absolutely loved it. I am trying to push for it here as well. I used Splunk strictly for incident response, and it worked tremendously well. There are also a great deal of add-on applications that can be integrated within Splunk. Very easy to customize dashboards, receive emailed reports/alerts, etc. I would highly recommend it, especially if you integrate some sort of threat intel solution with it. The Splunk classes are worth your time and money as well. Regards, Kyle Johnson, GSEC, CEH Information Security Officer kajohnson () indianatech edu <mailto:kajohnson () indianatech edu> / www.IndianaTech.edu <http://www.indianatech.edu/> O: 260-422-5561 x2107 M: 260-343-1606 1600 E. Washington Blvd. / Fort Wayne, IN 46803 PHISHING? Forward the email to <mailto:abuse () indianatech edu> abuse () indianatech edu for reporting and investigation From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Caldwell Sent: Friday, January 27, 2017 1:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SIEM preferences for the budget conscious institution Rob, Have you looked into an all-in-one solution? We are in the middle of a multi-year budget crisis and with Splunk we have not only sustained, but expanded our investment. It fulfills multiple roles (SEIM, ITSA, BI, etc) at a much lower TCO than any other solution that we have looked at. With a judicious use of Puppet to manage the Splunk infrastructure, I (1 person) manage three clusters (including one multi-site), totaling 12 indexers, 11 search heads, nearly 500 forwarders (both co-located and “syslog servers”) and 4TB of data by myself. Splunk strikes some people as expensive, but seeing recent quotes just for our FireEye subscription puts that into perspective for the value it provides. I’m hoping to kill off our buy into Tableau and other 3rd party BI products in the future as duplicative efforts. On Jan 27, 2017, at 11:52 AM, Rob Milman <rob.milman () SAIT CA <mailto:rob.milman () SAIT CA> > wrote: Hi everyone, I have the approval to bring a SIEM into our institution and was hoping the community could provide me with insight into the various SIEM platforms pros and cons. We have looked at QRadar, Splunk, LogRythm, and Arcsight. I’ve been getting a lot of ads for AlienVault USM, but don’t know anyone who it using that. Any insight you can provide would be most appreciated. Thanks, Rob <image001.gif> Rob Milman Security & Compliance Analyst Information Systems Southern Alberta Institute of Technology EH Crandell Building, GA 214 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 (Office) 403.774.5401 (Cell) 403.606.3173 rob.milman () sait ca <mailto:rob.milman () sait ca> -- Christopher Caldwell Senior Engineer The George Washington University caldwell @ gwu . edu | +1 202.994.4674 (w) | +1 202.409.0878 (c) PGP key ID: 0x0A0EC46C "Finish each day and be done with it. You have done what you could; some blunders and absurdities have crept in; forget them as soon as you can. Tomorrow is a new day; you shall begin it serenely and with too high a spirit to be encumbered with your old nonsense.” - Ralph Waldo Emerson
Attachment:
smime.p7s
Description:
Current thread:
- SIEM preferences for the budget conscious institution Rob Milman (Jan 27)
- Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)
- Re: SIEM preferences for the budget conscious institution Baillio, Aaron (Jan 27)
- Re: SIEM preferences for the budget conscious institution Christopher Caldwell (Jan 27)
- Re: SIEM preferences for the budget conscious institution Johnson, Kyle A (Jan 27)
- Re: SIEM preferences for the budget conscious institution Kevin Wilcox (Jan 27)
- Re: SIEM preferences for the budget conscious institution Barnes, William (Jan 27)