You say SIM, I say SEM

Discussion in 'Computer Security' started by Anon, Mar 17, 2006.

  1. Anon

    Anon Guest

    I've been looking at SEM solutions, and have identified four as
    possible solutions.

    Arcsight, Network Intelligence, Consul, and Intellitactics.

    Am I missing the best solution?

    Do any of you have real world experience with any of these solutions
    and can offer me advice?

    Thank in advance for any feedback.
    Chris
     
    Anon, Mar 17, 2006
    #1
    1. Advertisements

  2. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    ArcSight is by far the best, however, it ain't cheap. You will spend a
    lot of time learning the intricacies of the console, since there is a
    ton of customizable features. Agent/sensor and manager installation is
    fairly straightforward, and both the manager and consoles run on Linux,
    Solaris and Windows. Their support is excellent as well (so far for me).

    I don't know how much data you'll be analyzing, but if it helps - the
    company I'm working with now processes millions of events daily from
    IPS, proxies, vuln. scanners, firewalls, etc without choking.

    - --
    Randal T. Rioux | Procyon Labs
    IT Security R&D and Consulting
    Virtual: www.procyonlabs.com
    Physical: DC / Baltimore
    PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFEHA/pRrGMQdCNGUERA6ZMAJ4hVCa8QmrnAnIGcKXZk0Dmvc1wWwCdFQHj
    og0mCPkPaUBY06FK3pBdbdA=
    =vzds
    -----END PGP SIGNATURE-----
    *** Free account sponsored by SecureIX.com ***
    *** Encrypt your Internet usage with a free VPN account from http://www.SecureIX.com ***
     
    Randal T. Rioux, Mar 18, 2006
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.