It's been a while since my last post. Yes, the truth is, i'm so lazy to blog since everyday got problem to troubleshoot (it's not because of me but the Cap Ayam system), we are in the middle of changing the SIEM products to a better one. In gartner report, it's the no one leading and yes the functionality i will say it was number one products in the market right now. So i'm glad if my company approved to change all our customer to this new SIEM products.
As far as i'm working in security field, i have been playing and saw quite a few SIEM products that available in the market right now and i'm glad to have such experiences. I will list the products here which is:
1. OSSIM - an open source SIEM but not much product supported, for the new beta, the interface is quite cool.
2. Tanable Security SC3 - it more for batch analysis and maybe forensics and i think it's not suitable for 24X7 monitoring since it don't have any alerting system and just eye balling.
3. CA eTrust Audit - the concept is quite good but the implementation and architecture is quite complicated. Got a lot problem that i need to face and too much layer to operate and seriously, i don't like it.
4. TriGeo - quite cool product but still got some limitation and not meet my criteria as an analyst to analyze.
5. ArcSight - The most coolest SIEM product in this world right now, but the price is totally high, but still i will vote for arc sight to be the number one. So much function and features can fulfill analyst task everyday 24X7.
6. Splunk - this is not SIEM actually but it was a log collector kind of, but it can perform as IT search engine and relate to security log analysis. I'm quite impress how splunk can perform the search. It's like a google installed in your own pc.
7. RSA envision - The number two? ranking in the gartner report. Not yet play with it but i hope soon.
8. Symantec SIM - Not yet have experience on it but also soon, hopefully.
That's all and i'm glad that i have the chance to experience the top number of SIEM product in this world for today market.
That's all.
:)