Security and event management tool?

[Hays]

Do any of you IT managers use such a tool to monitor whats going on, on your network?

There are a lot of different ones out there and some are very pricey.

I need to start monitoring network activity through vpn's and everything to make sure there aren't any security holes.

[thecoffeeguy]

Quote:

Originally Posted by Hays

Do any of you IT managers use such a tool to monitor whats going on, on your network?

There are a lot of different ones out there and some are very pricey.

I need to start monitoring network activity through vpn's and everything to make sure there aren't any security holes.

What size of a network are you looking at? how many devices will you want to tie into the SIEM (assuming you want a SIEM)?

Your volume of information will give you a pretty good guideline of what you will need (netflow, windows events etc.)

Splunk
Its free, to a point, but may worth a look to give you some insight into your network.

Also, how big is your team?

Q1 Labs was just bought my IBM. Their product QRadar is good.

Nitrosecurity was just bought by McAfee. They had a very interesting, up and coming SIEM.

ArcSight, owned by HP, is a monster and you need a dedicated team to run and manage it.

HTH.

TCG

[QuikSsurfer]

You could use Splunk to analyze all your log files for ya.. it's free.

[Hays]

Cool, i will look into these.

The network size is around 120 machines at various locations through vpn.

[thecoffeeguy]

Quote:

Originally Posted by Hays

Cool, i will look into these.

The network size is around 120 machines at various locations through vpn.

Splunk might do the trick.
Only thing I would ask is what all type of information do you want to collect. That will drive the product you choose.

[Hays]

event logs and somehow network activity, like what files are being accessed.