Security Basics: Re: SIM questions.

[auto37865 () hushmail com]

We love both Security Center and Qradar for a SIM.  Hurts a bit paying for Security Center but I've used Nessus for 
free for years (with the best results aside from expensive services like Qualys) so I can't begrudge Tenable at all.  
We like doing our own scans as opposed to having a vendor provide SAAS, for us its much quicker and easy to do follow 
up scans for remediation.

Q1 labs Qradar, though not cheap, was our choice for a SIM tool and would be again should I move to another company.  
We've done extensive research and have been stuck with, and used, other SIM tools with much less than desirable 
results.  

Qradar was up and running very quickly (less than 2 days) Adding rules and tuning doesn't require irritating regex or 
much time at all.  Writing and customizing rules is nearly as easy as an email rule.  

Qradar will also does nmap and nessus scans but we haven't played with it much as our networks are extremely segmented. 
 The two products complement each other nicely and has fit in to our workflow and resource constraints very nicely.