Just an observation for the folks that are debating between the tools that are commonly viewed as the top tier (Arcsight, envision, etc) and "the others". The top tier systems will be costly out of the box, but if your organization doesn't have heavy technically skilled resources in house it might be worth it. The platform vendors spend a significant amount of time and energy trying to make their systems "plug and play". They'll have modules/plug-ins that will make them work with most conceivable devices (OSs, network devices, vulnerability scanners, GRC, etc) so they are easier to roll out and maintain. The "other" systems can be just as capable and powerful, but they can be a bit more involved in getting fully deployed and functional especially in large enterprise environments. For organizations that have the proper staff this can be feasible, but for folks that try to do SIEM on the cheap with a staff of security generalists they can be playing with fire.
Last edited by pseud0
on Wed Sep 08, 2010 8:14 pm, edited 1 time in total.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER