Do you have a question? Post it now! No Registration Necessary. Now with pictures!
March 17, 2006, 3:43 pm
rate this thread
Arcsight, Network Intelligence, Consul, and Intellitactics.
Am I missing the best solution?
Do any of you have real world experience with any of these solutions
and can offer me advice?
Thank in advance for any feedback.
Re: You say SIM, I say SEM
ArcSight is by far the best, however, it ain't cheap. You will spend a
lot of time learning the intricacies of the console, since there is a
ton of customizable features. Agent/sensor and manager installation is
fairly straightforward, and both the manager and consoles run on Linux,
Solaris and Windows. Their support is excellent as well (so far for me).
I don't know how much data you'll be analyzing, but if it helps - the
company I'm working with now processes millions of events daily from
IPS, proxies, vuln. scanners, firewalls, etc without choking.
Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Physical: DC / Baltimore
PGP: gpg --keyserver pgp.mit.edu --recv-keys 0xD08D1941
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
*** Free account sponsored by SecureIX.com ***
*** Encrypt your Internet usage with a free VPN account from