Intrusion Detection Systems mailing list archives
RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview)
From: STEVEN.LODIN () ROCHE COM (Lodin, Steven {IT S~Indianapolis})
Date: Fri, 14 Jul 2000 09:46:09 -0400
My (limited) understanding of Tivoli CrossSite is that it is composed of three products: Software Distribution using a BackWeb concept Performance Monitoring using something similar to Keynote Security, which is inititially an Intrusion Detection piece that they developed themselves and a future vulnerability scanner (Note, the information on the security piece is about a year old, and as a result of the product ownership shifting, they might have decided to toss out the Do-It-Yourself code and replace it with some industry standard.) If you are interested in multi-system log collection and processing, Tivoli offers two potential solutions. 1) Tivoli Framework, Distributed Monitoring, and Global Enterprise Monitoring. The GEM piece does the system modeling and event correlation. 2) Tivoli Risk Manager. Like the ISS SafeSuite Decisions product, the Tivoli product is limited in the number of unique system types it supports. The product that I like, at the brochure-ware level, is the eSecurity product http://www.esecurityinc.com/ <http://www.esecurityinc.com/> . It supports many more different types of security systems and logs. Steve -- Steve Lodin - CISSP Manager - IT Security Roche Diagnostics Corp <Steven.Lodin () roche com> 317-845-2070 -----Original Message----- From: Lustiger, Alan [mailto:ALustiger () Datek com] Sent: Thursday, July 13, 2000 10:17 AM To: 'Greg Shipley'; ids () uow edu au Subject: IDS: Tivoli Cross-Site for Security (was: RE: Ramping up for another r eview) I'm trying to put together a framework for an IDS system, and I'm looking at Tivoli as a back-end database to consolidate and correlate alarms from various NIDS. Now it looks like Tivoli might have its own complete solution ( http://www.tivoli.com/products/documents/datasheets/cross-site_sec.html <http://www.tivoli.com/products/documents/datasheets/cross-site_sec.html> ) . Has anyone looked at using this either as their entire solution or as an integrator for existing NIDS, HIDS and firewall log files? Thanks! -- Alan Lustiger alustiger () datek com
Current thread:
- The CVE (WAS: RE: RE: Ramping up for another review) Greg Shipley (Jul 13)
- RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- Re: RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Dave Whitlow (Jul 19)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Ron Gula (Jul 14)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Dug Song (Jul 15)
- NT Host Vulnerability Scanners Talisker (Jul 15)
- Re: NT Host Vulnerability Scanners mht () clark net (Jul 15)
- Re: NT Host Vulnerability Scanners Talisker (Jul 16)
- RES: NT Host Vulnerability Scanners Marlon Jabbur (Jul 17)
- Re: RES: NT Host Vulnerability Scanners mht () clark net (Jul 17)
- Re: NT Host Vulnerability Scanners mht () clark net (Jul 15)
- RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)
- Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)