Bill, I agree with the previous post in that a SEM product may fill your needs not only for your IDS output but additional sources of network/system logs and events. However, as also mentioned these solutions can rapidly become very expensive especially for small and medium businesses. I also work for a company that offers a SEM solution (although I dislike the acronym because these systems can offer much more than security monitoring) and we have spent quite a bit of effort to devise cheaper (or free) alternatives to deploying Cisco, Symantec, NA, Dragon, etc because many folks just cant afford them. There are many open source security technologies (Snort IDS, Nessus vulnerability scanner, etc.) that are in many cases equal in performance or exceed the performance of those offered by the security product vendors. You can deploy these systems at very low monetary cost and then look to spend your money on a good SEM product which as I said can give you more than just security monitoring. I use my companies product LogRhythm to catch and diagnose operational problems as much as monitor and investigate security issues. I think that you will also find that most of the open source technologies are much more flexible "out of the box" when it comes to output formats and application. I would encourage you to look at some of the open source tools out there if you haven't already. Dr. Phillip Villella Chief Scientist Security Conscious Inc. www.security-conscious.com 303-413-8745 (direct) phil.villella@security-conscious.com _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Jul 01 2004 - 11:50:42 PDT