Home page logo
/

basics logo Security Basics mailing list archives

RE: Re: Picking a SIEM: How's envision compared with Arcsight?
From: Greg Carson <gregkcarson () gmail com>
Date: Tue, 14 Feb 2012 19:20:59 -0800

There is support for 2008 already and official release is expected
soon. Virtualization is now available as well.

My point is that it's easy to poke holes in any product if that is all
you are looking for. Gartner would agree envision is a strong product
especially considering how young it is and the coming integration with
archer and netwitness.

Arcsight has more than its share of faults, I work with both products
extensively.

Sent from my Windows Phone
From: Mikhail A. Utin
Sent: 14/02/2012 6:18 PM
To: Greg Carson
Cc: bit1976; security-basics () securityfocus com
Subject: RE: Re: Picking a SIEM: How's envision compared with Arcsight?
Well,
It is NOT about hardening of OS based on a "standard". Neither about
*NIX holes. The number "2003" means outdated OS of almost 10 years
old. 2008 is available for more than 3 years. Should I continue and
explain how the companyRSA/EMC keeps the solution updated?

Mikhail Utin, CISSP
________________________________________
From: Greg Carson [gregkcarson () gmail com]
Sent: Tuesday, February 14, 2012 4:24 PM
To: Mikhail A. Utin
Cc: bit1976; security-basics () securityfocus com
Subject: Re: Re: Picking a SIEM: How's envision compared with Arcsight?

The image is hardened to NIST Gold standard.

*NIX has holes too ya know.

On Tue, Feb 14, 2012 at 11:14 AM, Mikhail A. Utin
<mutin () commonwealthcare org<mailto:mutin () commonwealthcare org>> wrote:
Hello,
According to RSA's web site, enVision runs on Windows 2003 server platform.
Do we need any other comments to such Vision?

Mikhail Utin, CISSP
________________________________________
From: listbounce () securityfocus com<mailto:listbounce () securityfocus com>
[listbounce () securityfocus com<mailto:listbounce () securityfocus com>] On
Behalf Of bit1976 [bittu23 () yahoo com<mailto:bittu23 () yahoo com>]
Sent: Monday, February 13, 2012 11:41 AM
To: security-basics () securityfocus com<mailto:security-basics () securityfocus com>
Subject: Re: Re: Picking a SIEM: How's envision compared with Arcsight?

Well my experience has been completely different working on both the
products. Arcsight is a superior correlation engine compared to RSA envision
which for me is like a High school project (sorry for being rude). Yes i
believe Arcsight has been using Oracle DB but they have changed to a much
more robust flat file database in their newly launched express appliances.
Secondly looking at the overall solution from a day to day perspective in
case of RSA for writing complex rules, reports one needs to to SQL in detail
whereas Arcsight is pretty cool with their interactive GUI...more over
rules, reports, dashboards based on categories enable the environment to be
future proof any not depend on the end device vendor.
I don't see any complexity in the product maintenance where i have seen
large environments like MSSP's running in a fully automated fashion...so the
complexity part is really for me is really not true....Inspite i would put
it the other way is that it may time for any environment to mature...but
once done things don't need much day to day involvement.RSA is ok if once
needs log management at a cheap price but if real correlation is needed
which is the heart of an SIEM it has to be Arcsight.

roys81 wrote:

Hi,

i'm sorry to be rude but the guy who answered you about arcsight and
envision obviously don't understand much in envision - i've been deploying
envision for 5 years now and i can tell you a thing or two about it, 1st
of all arcsight is a great product but it does have it's weaknesses.
envision supports: wmi, lea, odbc, http/https, ftp/sftp, syslog and snmp -
if you want to be more precise, if there is a log you can read it with
envision also you can develop a parser for every unknown device so
envision will recognize it and a little secret about it - it's free of
charge. if you want to compare the two systems than you need to know that
arcsight is based on oracle DB (for better and worse) while envision's
using IPDB (flat file storage method) i'm not saying that envision is a
perfect solution you'll need to do some out of the box developing to get
some special features out of it but the simplicity of connecting devices,
storing data at envision is the best i've seen in the market.
another thing that you need to know about arcsight is that it's one of the
most complexed SIEM products in the markek and you'll probably need at
least one person in a full time job to deploy and maintain it for you (and
that's not cheep at all). if you have more questions about envision i'll
be glad to help you.

-
CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential
and privileged information for the use of the designated recipients
named above. If you are
not the intended recipient, you are hereby notified that you have
received this communication
in error and that any review, disclosure, dissemination, distribution
or copying of it or its
contents is prohibited. If you have received this communication in
error, please reply to the
sender immediately or by telephone at (617)
426-0600<tel:%28617%29%20426-0600> and destroy all copies of this
communication
and any attachments. For further information regarding Commonwealth
Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


CONFIDENTIALITY NOTICE: This email communication and any attachments
may contain confidential
and privileged information for the use of the designated recipients
named above. If you are
not the intended recipient, you are hereby notified that you have
received this communication
in error and that any review, disclosure, dissemination, distribution
or copying of it or its
contents is prohibited. If you have received this communication in
error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all
copies of this communication
and any attachments. For further information regarding Commonwealth
Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault