check out Algosec

-----Original Message-----
From: Mahmoud Kaddoura
Sent: Tuesday, May 08, 2012 12:27 PM
To: Mikhail A. Utin ; Anwar Khan ; Ron McKown
Cc: Marian Paun ; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Centralized firewall management and log analysis tools

We have done POC for many of these products (Arcsight , RSA, ...) and all of
them have issues and limitations
Archsight needs some effort to get implemented but they have an amazing
dashboard where you can easily identify abnormalities in your network
While others and mainly RSA , it is agentless , easy to deploy for many
products but it needs some experts/high skills to identify abnormalities

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Mikhail A. Utin
Sent: Monday, May 07, 2012 5:45 PM
To: Anwar Khan; Ron McKown
Cc: Marian Paun; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Centralized firewall management and log analysis tools

I would say that nothing is perfect in this world. The opinion below sounds
as not professional. Even careful consideration of Gartner research of 2011
will show that ArcSight, Q1Labs and NitroSecurity are very close in Gartner
used parameters/capabilities. Not to mention a few others. Each has own
approach, but features and capabilities are very close. People consider that
Q1Lab is much easier to install and use than ArcSight. There are some
examples when people switch from ArcSight to other products because of
complexity of ArcSight management and configuration. AlienVault, for
instance, is the leader in installations, by the information on their site,
but I would not expect them cheating. As far as I remember, ArcSight does
not provide such very important feature as "external database logging". This
is actually my term. It means that database logs are extracted from either
network traffic or from internal transactions, and which is 10 times better
than any original database logging. For instance, you can catch SQL
injection. NitroSecurity does that, and, BTW, has IDS/IPS completely
integrated with other appliances.
This list can continue for dozens of pages. The point is - there is no ideal
solution, and this is NOT money issue at all.

Mikhail Utin, CISSP
Information Security Analyst

-----Original Message-----
From: Anwar Khan [mailto:anwarrhce (at) gmail (dot) com [email concealed]]
Sent: Friday, May 04, 2012 11:57 PM
To: Ron McKown
Cc: Mikhail A. Utin; Marian Paun; security-basics (at) securityfocus (dot) com [email concealed]
Subject: Re: Centralized firewall management and log analysis tools

Hi All,

I would say, if you have budget and looking for long time solution, ArcSight
is best as we are using it.

All competitors have limitations and drawbacks, not ArcSight.

On Fri, May 4, 2012 at 10:45 PM, Ron McKown <RMcKown (at) apptio (dot) com [email concealed]> wrote:
> Mikhail,
>
> I would very much like to see your SIEM research paper.
>
> Thanks.
>
> - Ron McKown, CISSP
> - Sent from a tablet device
>
> On May 4, 2012, at 9:56 AM, "Mikhail A. Utin" <mutin (at) commonwealthcare (dot) org [email concealed]>
> wrote:
>
>> By my research, and a couple of published in 2011 reviews, all ArcSight
>> competitors provide very similar features and capabilities. They reached
>> the point where they can only improve, but not invent or develop
>> something really different. I would not trust Gartner in its research
>> (they rated ArcSight as top of the line product) and the Magic Quadrant
>> as well. Guys were missing point very often. Each SIEM vendor has its own
>> approach how to create a line of SIEM products. Almost all are
>> appliances. There are just a few software providing vendors. Almost all
>> have "all-in-one" low end appliance solution.
>>
>> Yes, HP got ArcSight to use in its services, which are expensive, and
>> that started affecting the company's "technical" position. BTW, two other
>> major vendors - Q1Lab and NitroSecurity are not independent anymore as
>> well.
>>
>> If the list is interested, I can polish my SIEM research draft and
>> publish it.
>>
>> Mikhail Utin, CISSP
>> Information Security Analyst
>>
>>
>>
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Marian Paun
>> Sent: Friday, May 04, 2012 4:37 AM
>> To: security-basics (at) securityfocus (dot) com [email concealed]
>> Subject: RE: Centralized firewall management and log analysis tools
>>
>> We had several years experiente with Quest Intrust and were not very
>> impressed by it (huge performance issues when the event rate or
>> number of event sources grow above a certain threshold, ridiculous
>> correlation capabilities, administration nightmare). For around one
>> year and half we are using Arcsight and are delighted with it. It
>> _is_ expensive, but great value for money. Not very sure if the
>> product will keep up after Arcsight was purchased by HP :(
>>
>> Marian
>>
>> -----Original Message-----
>> From: listbounce (at) securityfocus (dot) com [email concealed]
>> [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Andy Smith
>> Sent: Friday, May 04, 2012 12:04 AM
>> To: security-basics (at) securityfocus (dot) com [email concealed]
>> Subject: Re: Centralized firewall management and log analysis tools
>>
>> On Thu, May 3, 2012 at 7:12 PM, john dow <guest01 (at) gmail (dot) com [email concealed]> wrote:
>>> If money is not a concern, I would recommend Check Point. We have
>>> quite a big Check Point deployment as well as Juniper Firewalls,
>>> Phion/Baracuda Firewalls and some Cisco Firewalls (ASA, PIX). Check
>>> Point has by far the best tools for managing a centralized deployment.
>>> Even their IPS-blade is much better now that I has been before. For
>>> log analysis you could use Check Point Eventia Reporter and with
>>> Tufin, you can do much more, e.g. track changes, compliance, ...
>>> I am not a Check Point guy and I regularly complain about Check
>>> Point myself, but it is definitely the best package I have experienced
>>> yet.
>>
>> CONFIDENTIALITY NOTICE: This email communication and any attachments
>> may contain confidential and privileged information for the use of
>> the designated recipients named above. If you are not the intended
>> recipient, you are hereby notified that you have received this
>> communication in error and that any review, disclosure,
>> dissemination, distribution or copying of it or its contents is
>> prohibited. If you have received this communication in error, please
>> reply to the sender immediately or by telephone at (617) 426-0600 and
>> destroy all copies of this communication and any attachments. For further
>> information regarding Commonwealth Care Alliance's privacy policy, please
>> visit our Internet web site at http://www.commonwealthcare.org.
>>
>>
>> ---------------------------------------------------------------------
>> --- Securing Apache Web Server with thawte Digital Certificate In
>> this guide we examine the importance of Apache-SSL and who needs an SSL
>> certificate. We look at how SSL works, how it benefits your company and
>> how your customers can tell if a site is secure. You will find out how to
>> test, purchase, install and use a thawte Digital Certificate on your
>> Apache web server. Throughout, best practices for set-up are highlighted
>> to help you ensure efficient ongoing management of your encryption keys
>> and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
>> 442f727d1
>> ---------------------------------------------------------------------
>> ---
>>
>
> ----------------------------------------------------------------------
> -- Securing Apache Web Server with thawte Digital Certificate In this
> guide we examine the importance of Apache-SSL and who needs an SSL
> certificate. We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your
> Apache web server. Throughout, best practices for set-up are highlighted
> to help you ensure efficient ongoing management of your encryption keys
> and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
> 42f727d1
> ----------------------------------------------------------------------
> --
>

--
Regards,
Anwar
+91-915-806-9094
CONFIDENTIALITY NOTICE: This email communication and any attachments may
contain confidential and privileged information for the use of the
designated recipients named above. If you are not the intended recipient,
you are hereby notified that you have received this communication in error
and that any review, disclosure, dissemination, distribution or copying of
it or its contents is prohibited. If you have received this communication in
error, please reply to the sender immediately or by telephone at (617)
426-0600 and destroy all copies of this communication and any attachments.
For further information regarding Commonwealth Care Alliance's privacy
policy, please visit our Internet web site at
http://www.commonwealthcare.org.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate. We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

Disclaimer:
This e-mail message is intended solely for the individual or organization to
which it is addressed. This message with all of its attachments (if any) may
contain privileged and/or confidential information.
Views, opinions or conclusive remarks expressed in this message are those of
the sender and do not necessarily express the views of Injazat Data Systems
LLC and its related companies.
If you are not the intended recipient of this message, please immediately
advise the sender by reply email or by telephone call to the number above or
+971 2 699 2700; please also permanently delete this message.
Any unauthorized use, printing, copying, retention, disclosure or
distribution of this message is strictly prohibited.

This email message has been scanned for the presence of computer viruses.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]