You say SIM, I say SEM

I've been looking at SEM solutions, and have identified four as
possible solutions.

Arcsight, Network Intelligence, Consul, and Intellitactics.

Am I missing the best solution?

Do any of you have real world experience with any of these solutions
and can offer me advice?

Thank in advance for any feedback.
Chris

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

wrote:
> I've been looking at SEM solutions, and have identified four as
> possible solutions.
>
> Arcsight, Network Intelligence, Consul, and Intellitactics.
>
> Am I missing the best solution?
>
> Do any of you have real world experience with any of these solutions
> and can offer me advice?

ArcSight is by far the best, however, it ain't cheap. You will spend a
lot of time learning the intricacies of the console, since there is a
ton of customizable features. Agent/sensor and manager installation is
fairly straightforward, and both the manager and consoles run on Linux,
Solaris and Windows. Their support is excellent as well (so far for me).

I don't know how much data you'll be analyzing, but if it helps - the
company I'm working with now processes millions of events daily from
IPS, proxies, vuln. scanners, firewalls, etc without choking.

- --
Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Virtual: www.procyonlabs.com
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEHA/pRrGMQdCNGUERA6ZMAJ4hVCa8QmrnAnIGcKXZk0Dmvc1wWwCdFQHj
og0mCPkPaUBY06FK3pBdbdA=
=vzds
-----END PGP SIGNATURE-----
*** Free account sponsored by SecureIX.com ***
*** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***