|
Security Basics
mailing list archives
Re: SIM Suggestions
From: "R Buena" <dreamsbig () gmail com>
Date: Sun, 3 Aug 2008 01:44:22 -0400
I would like to add to this thread by asking a question about the
administrative overhead of everyone's respective SIM? This will
probably help Ricardo in shopping for a SIM.
I find once you get a SIM to start collecting, correlating, and
reporting it tends to break more as it is a system with a lot of
"moving parts" collecting logs from operating systems event logs,
syslogs, database audit tables, proxy logs, and whatever else logs you
have or want to collect. When I mean break, I find that managing and
maitaining a SIM daily is a full time job or what amounts to a lot of
overtime for an admin. Given this, it is important to have a very
good technical support team and support contract from the vendor of
your SIM and a whole LOT of patience. Make sure you also get the
latest and greatest hardware to run your SIM. I believe this later
suggestion may have added to the issues I currently have with a SIM.
There seems to be a lot of response about Cisco MARS, but does anyone
else use any of the Gartner leading SIM solutions such as
NetForensics, enVision, TriGeo,Arcsight, or Intellitactics?
FYI-I use enVision
On Tue, Jul 29, 2008 at 10:29 AM, Lafosse, Ricardo <rlafosse () sfwmd gov> wrote:
Hello all,
I know this is going to be a full loaded answer however we are
interested in acquiring a SIM. Any good/bad experiences and/or
suggestions would be greatly appreciated. We are a medium sized
organization.
Thanks,
Ricardo
 By Date 
By Thread
Current thread:
- Re: SIM Suggestions R Buena (Aug 03)
|
Intro
