OT: Re: rsa envision feedback from Farrukh Haroon on 2012-05-08 (Ccielab archives 05/2012)

From: Farrukh Haroon <farrukhharoon_at_gmail.com>
Date: Tue, 8 May 2012 10:17:46 +0300

Hello John

The RSA Envision is definitely one of the good SIEMs out there in the
market. It has a lot of built-in reports and it is ridiculously easy to
setup. However it is not as powerful as ArcSight, so it depends on which
kind of deployment are you planning? (SOC, compliance, pure SIEM like
threats/security posture monitoring .....). ArcSight (even the express) can
be a big pain if you don't have Oracle DB/*nix experience!

But before you ask this question I would recommend to make a list of
devices and their software versions you currently want to be monitored and
then see which vendor has out-of-the-box support for the majority of your
devices. Based on that short-list some vendors, however that said RSA would
most probably make it to your short-list as long as you have a healthy
budget :). Both RSA and ArchSight are very expensive and have similar
pricing. Obviously most vendors would offer some sort of handling for
unsupported devices (like RSA UDFs) but those options are cumbersome and
expensive. Therefore you would want to make sure that the majority of your
devices are supported by the short-listed vendors.

The RSA guys also have a vmware version of their appliance, and they might
be able to do a POC for you based on 'your' devices (this could be with
real events from your environment or dummy events generated and played by
some tools they have).

Regards
Farrukh

On Sun, May 6, 2012 at 10:51 AM, John Haddad <loserboy3000_at_hotmail.com>wrote:

> good day everbody, did anybody test and use RSA envision, if you can share
> with us your expereince with this device that will be great.
> http://australia.emc.com/security/rsa-envision.htm
> http://seclists.org/basics/2012/Feb/107
>
> http://www.arcsight.com/collateral/whitepapers/Gartner_Magic_Quadrant_2010.pdf
> Thx,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 08 2012 - 10:17:46 ART

This archive was generated by hypermail 2.2.0 : Sun Jun 17 2012 - 09:04:19 ART