Re: log analyserJun 12 2009 03:32PM Richard Thomas (austindad gmail com) (1 replies)
I will second the recommendation. I have had meetings with the Nitro
Security CTO and reviewed their product. Very impressive capabilities
regarding speed of log collection, and the dynamic log analysis was
pretty amazing.
Richard Thomas
On Wed, Jun 10, 2009 at 10:38 PM, TT-SEC<secfoc (at) tigerteam (dot) net [email concealed]> wrote:
>
> I apologize for replying to a late thread. I debated as to whether I should,
> but given the recent tests and research that I have been conducting for the
> US Gov I felt compelled to share my findings. My research has uncovered a
> product, previously developed by the US Government (as a database), but now
> licensed and enhanced for commercial use through a company called Nitro
> Security. My benchmarks, which I was highly skeptical of initially when
> presented as vendor claims, do show their back end technology to truly be
> between 500-1000% faster then my standard Oracle and MySQL deployments (~80k
> inserts per second) that I oversee.
>
> I've had Oracle professional services in house to attempt to tweak their
> database to better fit my needs as a backend for ArcSight with no avail as
> well. What I've seen is that the feature set that Nitro provides compared to
> ArcSight in the high level heuristic and reporting world (which is rarely
> all that accurate in enterprise products anyway) to provide data analysis of
> literally billions of events and flows in a matter of seconds and minutes.
> The anomaly detection and correlated baselines are something that I haven't
> seen demonstrated in any other product. For operational purposes, I fully
> expect to replace ArcSight soon. Many people are tired of the endless
> professional services and incredibly expensive annual licensing fees.I don't
> want to sound like a shill for this company in any way, but simply want to
> report the unique performance and results that I have seen per my own
> testing. The database foundation (which they also utilize custom solid state
> drives in some applications) enables functionality like I've never seen
> before. I really can't pass along to many details about my testing is it has
> occurred under contract, but I felt compelled to pass along the fact that it
> has resulted in some highly unique results. Thanks for the time.
>
> Best Regards,
> Jamie Tyler, CISSP, MCSE
>
>
>
>
> sec (at) nd-f (dot) com [email concealed] wrote:
>>
>> Hi,
>>
>> can someone of you recommend a good enterprise log analyser solution? i
>> have to collect, corrolate and analyse about 1200 windows machines and 200
>> linux boxes. i want to do this in real-time, trigger actions (like email
>> notification), make sense out of e.g. ten failed login attempts following
>> the one successful etc.
>>
>> any hint would be helpful
>> thanks
>> andy
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: InfoSec Institute
>>
>> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
>> Instructor-Led and Online formats is the most concentrated exam prep
>> available. Comprehensive course materials and an expert instructor means you
>> pass the exam. Gain a laser like insight into what is covered on the exam,
>> with zero fluff!
>> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
>> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
> Instructor-Led and Online formats is the most concentrated exam prep
> available. Comprehensive course materials and an expert instructor means you
> pass the exam. Gain a laser like insight into what is covered on the exam,
> with zero fluff!
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
Security CTO and reviewed their product. Very impressive capabilities
regarding speed of log collection, and the dynamic log analysis was
pretty amazing.
Richard Thomas
On Wed, Jun 10, 2009 at 10:38 PM, TT-SEC<secfoc (at) tigerteam (dot) net [email concealed]> wrote:
>
> I apologize for replying to a late thread. I debated as to whether I should,
> but given the recent tests and research that I have been conducting for the
> US Gov I felt compelled to share my findings. My research has uncovered a
> product, previously developed by the US Government (as a database), but now
> licensed and enhanced for commercial use through a company called Nitro
> Security. My benchmarks, which I was highly skeptical of initially when
> presented as vendor claims, do show their back end technology to truly be
> between 500-1000% faster then my standard Oracle and MySQL deployments (~80k
> inserts per second) that I oversee.
>
> I've had Oracle professional services in house to attempt to tweak their
> database to better fit my needs as a backend for ArcSight with no avail as
> well. What I've seen is that the feature set that Nitro provides compared to
> ArcSight in the high level heuristic and reporting world (which is rarely
> all that accurate in enterprise products anyway) to provide data analysis of
> literally billions of events and flows in a matter of seconds and minutes.
> The anomaly detection and correlated baselines are something that I haven't
> seen demonstrated in any other product. For operational purposes, I fully
> expect to replace ArcSight soon. Many people are tired of the endless
> professional services and incredibly expensive annual licensing fees.I don't
> want to sound like a shill for this company in any way, but simply want to
> report the unique performance and results that I have seen per my own
> testing. The database foundation (which they also utilize custom solid state
> drives in some applications) enables functionality like I've never seen
> before. I really can't pass along to many details about my testing is it has
> occurred under contract, but I felt compelled to pass along the fact that it
> has resulted in some highly unique results. Thanks for the time.
>
> Best Regards,
> Jamie Tyler, CISSP, MCSE
>
>
>
>
> sec (at) nd-f (dot) com [email concealed] wrote:
>>
>> Hi,
>>
>> can someone of you recommend a good enterprise log analyser solution? i
>> have to collect, corrolate and analyse about 1200 windows machines and 200
>> linux boxes. i want to do this in real-time, trigger actions (like email
>> notification), make sense out of e.g. ten failed login attempts following
>> the one successful etc.
>>
>> any hint would be helpful
>> thanks
>> andy
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: InfoSec Institute
>>
>> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
>> Instructor-Led and Online formats is the most concentrated exam prep
>> available. Comprehensive course materials and an expert instructor means you
>> pass the exam. Gain a laser like insight into what is covered on the exam,
>> with zero fluff!
>> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
>> ------------------------------------------------------------------------
>>
>>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
> Instructor-Led and Online formats is the most concentrated exam prep
> available. Comprehensive course materials and an expert instructor means you
> pass the exam. Gain a laser like insight into what is covered on the exam,
> with zero fluff!
> http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
[ reply ]