You say SIM, I say SEM

Discussion in 'Computer Security' started by Anon, Mar 17, 2006.

  1. Anon

    Anon Guest

    I've been looking at SEM solutions, and have identified four as
    possible solutions.

    Arcsight, Network Intelligence, Consul, and Intellitactics.

    Am I missing the best solution?

    Do any of you have real world experience with any of these solutions
    and can offer me advice?

    Thank in advance for any feedback.
    Anon, Mar 17, 2006
    1. Advertisements

    Hash: RIPEMD160

    ArcSight is by far the best, however, it ain't cheap. You will spend a
    lot of time learning the intricacies of the console, since there is a
    ton of customizable features. Agent/sensor and manager installation is
    fairly straightforward, and both the manager and consoles run on Linux,
    Solaris and Windows. Their support is excellent as well (so far for me).

    I don't know how much data you'll be analyzing, but if it helps - the
    company I'm working with now processes millions of events daily from
    IPS, proxies, vuln. scanners, firewalls, etc without choking.

    - --
    Randal T. Rioux | Procyon Labs
    IT Security R&D and Consulting
    Physical: DC / Baltimore
    PGP: gpg --keyserver --recv-keys 0xD08D1941

    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird -

    -----END PGP SIGNATURE-----
    *** Free account sponsored by ***
    *** Encrypt your Internet usage with a free VPN account from ***
    Randal T. Rioux, Mar 18, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.