You say SIM, I say SEM

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've been looking at SEM solutions, and have identified four as
possible solutions.

Arcsight, Network Intelligence, Consul, and Intellitactics.

Am I missing the best solution?

Do any of you have real world experience with any of these solutions
and can offer me advice?

Thank in advance for any feedback.

Re: You say SIM, I say SEM

Hash: RIPEMD160 wrote:
Quoted text here. Click to load it

ArcSight is by far the best, however, it ain't cheap. You will spend a
lot of time learning the intricacies of the console, since there is a
ton of customizable features. Agent/sensor and manager installation is
fairly straightforward, and both the manager and consoles run on Linux,
Solaris and Windows. Their support is excellent as well (so far for me).

I don't know how much data you'll be analyzing, but if it helps - the
company I'm working with now processes millions of events daily from
IPS, proxies, vuln. scanners, firewalls, etc without choking.

- --
Randal T. Rioux | Procyon Labs
IT Security R&D and Consulting
Physical: DC / Baltimore
PGP: gpg --keyserver --recv-keys 0xD08D1941

Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -

*** Free account sponsored by ***
*** Encrypt your Internet usage with a free VPN account from ***

Site Timeline