Re: OT: Re: rsa envision feedback

John,

As Farrukh said - go for RSA solution! I did it for a few customers and
they're very happy!

Vendor who does it out of the box and give demo opportunity are normally
upfront, open and good sign to deal with.
There should be nothing to hide if their product really works!

HTH

On Tue, May 8, 2012 at 7:54 PM, John Haddad <loserboy3000_at_hotmail.com>wrote:

> thanks a lot Farruk for the feedback,
>
> i did communicate with RSA envision and reserved for cloud demo.
>
> thanks a lot for the feedback.....
>
>
> > Date: Tue, 8 May 2012 10:17:46 +0300
> > Subject: OT: Re: rsa envision feedback
> > From: farrukhharoon_at_gmail.com
> > To: loserboy3000_at_hotmail.com
> > CC: ccielab_at_groupstudy.com
> >
> > Hello John
> >
> > The RSA Envision is definitely one of the good SIEMs out there in the
> > market. It has a lot of built-in reports and it is ridiculously easy to
> > setup. However it is not as powerful as ArcSight, so it depends on which
> > kind of deployment are you planning? (SOC, compliance, pure SIEM like
> > threats/security posture monitoring .....). ArcSight (even the express)
> can
> > be a big pain if you don't have Oracle DB/*nix experience!
> >
> > But before you ask this question I would recommend to make a list of
> > devices and their software versions you currently want to be monitored
> and
> > then see which vendor has out-of-the-box support for the majority of your
> > devices. Based on that short-list some vendors, however that said RSA
> would
> > most probably make it to your short-list as long as you have a healthy
> > budget :). Both RSA and ArchSight are very expensive and have similar
> > pricing. Obviously most vendors would offer some sort of handling for
> > unsupported devices (like RSA UDFs) but those options are cumbersome and
> > expensive. Therefore you would want to make sure that the majority of
> your
> > devices are supported by the short-listed vendors.
> >
> > The RSA guys also have a vmware version of their appliance, and they
> might
> > be able to do a POC for you based on 'your' devices (this could be with
> > real events from your environment or dummy events generated and played by
> > some tools they have).
> >
> > Regards
> > Farrukh
> >
> > On Sun, May 6, 2012 at 10:51 AM, John Haddad
> <loserboy3000_at_hotmail.com>wrote:
> >
> > > good day everbody, did anybody test and use RSA envision, if you can
> share
> > > with us your expereince with this device that will be great.
> > > http://australia.emc.com/security/rsa-envision.htm
> > > http://seclists.org/basics/2012/Feb/107
> > >
> > >
>
> http://www.arcsight.com/collateral/whitepapers/Gartner_Magic_Quadrant_2010.pd
> f
> > > Thx,
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed May 09 2012 - 15:25:30 ART