I apologize for replying to a late thread. I debated as to whether I
should, but given the recent tests and research that I have been
conducting for the US Gov I felt compelled to share my findings. My
research has uncovered a product, previously developed by the US
Government (as a database), but now licensed and enhanced for commercial
use through a company called Nitro Security. My benchmarks, which I was
highly skeptical of initially when presented as vendor claims, do show
their back end technology to truly be between 500-1000% faster then my
standard Oracle and MySQL deployments (~80k inserts per second) that I
oversee.
I've had Oracle professional services in house to attempt to tweak their
database to better fit my needs as a backend for ArcSight with no avail
as well. What I've seen is that the feature set that Nitro provides
compared to ArcSight in the high level heuristic and reporting world
(which is rarely all that accurate in enterprise products anyway) to
provide data analysis of literally billions of events and flows in a
matter of seconds and minutes. The anomaly detection and correlated
baselines are something that I haven't seen demonstrated in any other
product. For operational purposes, I fully expect to replace ArcSight
soon. Many people are tired of the endless professional services and
incredibly expensive annual licensing fees.I don't want to sound like a
shill for this company in any way, but simply want to report the unique
performance and results that I have seen per my own testing. The
database foundation (which they also utilize custom solid state drives
in some applications) enables functionality like I've never seen before.
I really can't pass along to many details about my testing is it has
occurred under contract, but I felt compelled to pass along the fact
that it has resulted in some highly unique results. Thanks for the time.
Best Regards,
Jamie Tyler, CISSP, MCSE
sec (at) nd-f (dot) com [email concealed] wrote:
> Hi,
>
> can someone of you recommend a good enterprise log analyser solution? i have to collect, corrolate and analyse about 1200 windows machines and 200 linux boxes. i want to do this in real-time, trigger actions (like email notification), make sense out of e.g. ten failed login attempts following the one successful etc.
>
> any hint would be helpful
> thanks
> andy
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
>
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
I apologize for replying to a late thread. I debated as to whether I
should, but given the recent tests and research that I have been
conducting for the US Gov I felt compelled to share my findings. My
research has uncovered a product, previously developed by the US
Government (as a database), but now licensed and enhanced for commercial
use through a company called Nitro Security. My benchmarks, which I was
highly skeptical of initially when presented as vendor claims, do show
their back end technology to truly be between 500-1000% faster then my
standard Oracle and MySQL deployments (~80k inserts per second) that I
oversee.
I've had Oracle professional services in house to attempt to tweak their
database to better fit my needs as a backend for ArcSight with no avail
as well. What I've seen is that the feature set that Nitro provides
compared to ArcSight in the high level heuristic and reporting world
(which is rarely all that accurate in enterprise products anyway) to
provide data analysis of literally billions of events and flows in a
matter of seconds and minutes. The anomaly detection and correlated
baselines are something that I haven't seen demonstrated in any other
product. For operational purposes, I fully expect to replace ArcSight
soon. Many people are tired of the endless professional services and
incredibly expensive annual licensing fees.I don't want to sound like a
shill for this company in any way, but simply want to report the unique
performance and results that I have seen per my own testing. The
database foundation (which they also utilize custom solid state drives
in some applications) enables functionality like I've never seen before.
I really can't pass along to many details about my testing is it has
occurred under contract, but I felt compelled to pass along the fact
that it has resulted in some highly unique results. Thanks for the time.
Best Regards,
Jamie Tyler, CISSP, MCSE
sec (at) nd-f (dot) com [email concealed] wrote:
> Hi,
>
> can someone of you recommend a good enterprise log analyser solution? i have to collect, corrolate and analyse about 1200 windows machines and 200 linux boxes. i want to do this in real-time, trigger actions (like email notification), make sense out of e.g. ten failed login attempts following the one successful etc.
>
> any hint would be helpful
> thanks
> andy
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
>
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
[ reply ]