[logs] Re: on credible open-source SIMs

From: James Turnbull (james@private)
Date: Mon Dec 26 2005 - 05:21:34 PST


Anton Chuvakin wrote:
> It started from Thomas Ptacek predicting that "There's about $100MM
> spent annually on products that manage and correlate logs. Guess what?
> None of it is hard to do. The underlying tools are there. Customers
> know how to do this better than the vendors do. Expect a mainstream
> open-source combination of Argus and Sguil to own the security
> management conversation next year" (see
> http://www.sockpuppet.org/tqbf/log/2005/12/pro-forma-05-06-punditry-results.html),
> then others disagreeing and them me fiercely supporting the latter
> side :-)
>
>   
Agreed.  I play in the SIM/SOM space a fair bit and whilst there are 
some good open source tools out there (sguil being an example) they 
mostly can't compete with the Symantec's the world and their ability to 
provide correlation for numerous types/versions of devices.  Indeed it's 
not a quality question - it's a bandwidth one.  If you wanted to make 
the argument about which tools are better, open source or commercial and 
excluding their scope limitations, then we might have a very different 
discussion...

Regards

James Turnbull

-- 
James Turnbull <james@private>
---
Author of Hardening Linux from Apress
(http://www.amazon.com/exec/obidos/tg/detail/-/1590594444/)
---
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 18:34:14 PST