PDA

View Full Version : Computers Security and event management tool?


Hays
10-12-2011, 07:58 AM
Do any of you IT managers use such a tool to monitor whats going on, on your network?

There are a lot of different ones out there and some are very pricey.

I need to start monitoring network activity through vpn's and everything to make sure there aren't any security holes.

thecoffeeguy
10-13-2011, 12:26 PM
Do any of you IT managers use such a tool to monitor whats going on, on your network?

There are a lot of different ones out there and some are very pricey.

I need to start monitoring network activity through vpn's and everything to make sure there aren't any security holes.

What size of a network are you looking at? how many devices will you want to tie into the SIEM (assuming you want a SIEM)?

Your volume of information will give you a pretty good guideline of what you will need (netflow, windows events etc.)

Splunk (http://www.splunk.com/)
Its free, to a point, but may worth a look to give you some insight into your network.

Also, how big is your team?

Q1 Labs was just bought my IBM. Their product QRadar is good.

Nitrosecurity was just bought by McAfee. They had a very interesting, up and coming SIEM.

ArcSight, owned by HP, is a monster and you need a dedicated team to run and manage it.

HTH.

TCG

QuikSsurfer
10-13-2011, 12:29 PM
You could use Splunk to analyze all your log files for ya.. it's free.

Hays
10-14-2011, 07:57 AM
Cool, i will look into these.

The network size is around 120 machines at various locations through vpn.

thecoffeeguy
10-14-2011, 09:02 AM
Cool, i will look into these.

The network size is around 120 machines at various locations through vpn.

Splunk might do the trick.
Only thing I would ask is what all type of information do you want to collect. That will drive the product you choose.

Hays
10-14-2011, 09:27 AM
event logs and somehow network activity, like what files are being accessed.