http://infosecplace.com/blog/2007/05/08/another-educational-institution-another-siem-eval/ Commentary on the State of Information Security Thu, 02 Feb 2012 20:22:19 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://infosecplace.com/blog/2007/05/08/another-educational-institution-another-siem-eval/comment-page-1/#comment-19082 An Information Security Place » Blog Archive » A response to Andrew Hay’s response to my SIEM post Wed, 09 May 2007 18:09:25 +0000 http://infosecplace.com/blog/2007/05/08/another-educational-institution-another-siem-eval/#comment-19082 [...] Hay took me to task a bit on my recent post about anothe SIEM eval install at an educational institution (it is a “suggested blog [...] [...] Hay took me to task a bit on my recent post about anothe SIEM eval install at an educational institution (it is a “suggested blog [...]

]]> http://infosecplace.com/blog/2007/05/08/another-educational-institution-another-siem-eval/comment-page-1/#comment-19080 www.andrewhay.ca » Suggested Blog Reading - Wednesday May 9th, 2007 Wed, 09 May 2007 15:46:45 +0000 http://infosecplace.com/blog/2007/05/08/another-educational-institution-another-siem-eval/#comment-19080 [...] Another educational institution, another SIEM eval - Most people, just like Michael Farnum, complain about the cost of a SEM/SIM/SEIM solution without taking the time to think about the people power required to do the same task. Think of the sick days, vacation, salary, and compensation package money saved on a product of this nature. Michael also complains that the correlation doesn’t work. Sure, out of the box it may not be able to handle all security events properly but that is where tuning comes into play. Just like any piece of hardware on your network you can’t expect it work for every environment out of the box…it has to be customized to your environment and policies. I went to another client of ours from an educational institution (this time in Dallas), and they were similar to the client I spoke of in my last post. However, this site seemed to be a bit more proactive when it came to security, and he didn’t seem near as stressed as the other client. [...] [...] Another educational institution, another SIEM eval – Most people, just like Michael Farnum, complain about the cost of a SEM/SIM/SEIM solution without taking the time to think about the people power required to do the same task. Think of the sick days, vacation, salary, and compensation package money saved on a product of this nature. Michael also complains that the correlation doesn’t work. Sure, out of the box it may not be able to handle all security events properly but that is where tuning comes into play. Just like any piece of hardware on your network you can’t expect it work for every environment out of the box…it has to be customized to your environment and policies. I went to another client of ours from an educational institution (this time in Dallas), and they were similar to the client I spoke of in my last post. However, this site seemed to be a bit more proactive when it came to security, and he didn’t seem near as stressed as the other client. [...]

]]>