Re: OT : Security Monitoring Tool that can replace Cisco MARS from Farrukh Haroon on 2011-08-09 (Ccielab archives 08/2011)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Tue, 9 Aug 2011 15:28:32 +0300

Hello Jameeluddin

There are a lot of parameters in picking a SIEM solution e.g. device
support, budget, resources, use-case (compliance, threat detection..), etc.

The first step would be to make an spread sheet with the considerable
components of your current environment (software,OS, custom apps etc) placed
in rows, and the various vendors in the columns, then see which vendors
support your current network. Then you would go to the P.O.C/budgetary
pricing phase.

Cisco recommends six partners, you can check them out at the following link.
However you must consider other major players not on this list like Qradar
(or Juniper STRM), OSSIM/AlientVault etc.

http://developer.cisco.com/web/siem/partners

This should give you some names to start with :)

http://www.nitrosecurity.com/why-nitrosecurity/industry-recognition/gartner-magic-quadrant-siem/

Regards

Farrukh

On Tue, Aug 9, 2011 at 3:40 AM, Jameeluddin Mohammed <
jameeluddin.m_at_gmail.com> wrote:

> Hi Experts,
>
> Was trying to go with a Security Moniroting tool in my network.
>
> As Cisco has officially announced end-of-life for the Cisco MARS product
> and
> has made it clear that they will not be providing a replacement for their
> Security Monitoring, Analysis, and Response System.
>
> I wanted an insight about the techinicalities in this two products which
> are
> available StealthWatch or Orion.Which one would be better or is there any
> other vendor much better than this two products.I had seen the comparison
> charts of both products.I was just trying to get input from the people
> who has used either of this products.
>
>
> LANCOPE -StealthWatch - uses the Netflow technology and even Cisco partners
> with this vendor.
>
> Solarwinds - Orion falls between SNMP & a little bit of Netflow based.
>
>
> Thanks,
> Jameel
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 09 2011 - 15:28:32 ART

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART