RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

use. However, seeing as how 90%+ of all incoming mail is SPAM it's nice to not have the Exchange server have to waste any cycles on them. From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Friday, January 27, 2012 11:08 AM To: NT System Admin Issues Subject: RE: DLP, SIEM, Network Access

RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

Conversation: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ I always recommend that Sys Admins and IT Managers have a good technology partner that

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

ewall for those that do get access. As well >>>> the software or agent that verifies windows updates and virusscan patching >>>> prior to authentication. >>>> > >>>> > Looking at DLP now. Currently all I do is look at outgoing emails. >

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

uot; Date: 01/27/2012 10:20 AM Subject:Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ DLP is way more than just restricting access to removable devices. http://code.google.com/p/opendlp/ VPN access restrictions such as you mention

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

As well >>> the software or agent that verifies windows updates and virusscan patching >>> prior to authentication. >>> > >>> > Looking at DLP now. Currently all I do is look at outgoing emails. >>> So anything more will be better. >>

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

On Fri, Jan 27, 2012 at 11:25 AM, James Rankin wrote: > DLP taken to logical extremes is extremely difficult. Everything taken to logical extremes is extremely difficult. (Note that I'm not disagreeing with you in the least.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resour

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

g more will be better. >> > >> > >> > >> > -Original Message- >> > From: Kurt Buff [mailto:kurt.b...@gmail.com] >> > Posted At: Friday, January 27, 2012 10:04 AM >> > Posted To: itli...@imcu.com >> > Conversation: DLP, SI

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

re will be better. >> > >> > >> > >> > -Original Message- >> > From: Kurt Buff [mailto:kurt.b...@gmail.com] >> > Posted At: Friday, January 27, 2012 10:04 AM >> > Posted To: itli...@imcu.com >> > Conversation: DLP, SIEM,

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

emails. So > anything more will be better. > > > > > > > > -Original Message- > > From: Kurt Buff [mailto:kurt.b...@gmail.com] > > Posted At: Friday, January 27, 2012 10:04 AM > > Posted To: itli...@imcu.com > > Conversation: DLP, SIEM, Netw

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

ll be better. > > > > -Original Message- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Posted At: Friday, January 27, 2012 10:04 AM > Posted To: itli...@imcu.com > Conversation: DLP, SIEM, Network Access Control, VPN multi factor > authentication, Moving Exchange

RE: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

[mailto:kurt.b...@gmail.com] Posted At: Friday, January 27, 2012 10:04 AM Posted To: itli...@imcu.com Conversation: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ Subject: Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving

Re: DLP, SIEM, Network Access Control, VPN multi factor authentication, Moving Exchange into a DMZ

th some for of alerting if > a user is trying to use those devices without permission. > > > > Security Information and Event Management (SIEM) system > > The Credit Union should have a SIEM system in place to consolidate logs from > all devices and applications, encrypt t

RE: FW: SIEM

uary 2012 11:37 PM To: NT System Admin Issues Subject: RE: FW: SIEM I am not sure either since syslog messaging is on a UDP port 514 and is clear text in transit??? h curiouser and curiouser From: Michael B. Smith [mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]> P

Re: FW: SIEM

ts, Printer events, and IP camera logs but that wasn't good >>>> enough because it doesn't encrypt the logs as well. >>>> >>>> #1 I hadn't heard that term before. I was called it Log monitoring and >>>> management. #2 They are

Re: FW: SIEM

ry 26, 2012 11:35 AM > *Posted To:* itli...@imcu.com > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM > > ** ** > > It's not so much that as the original quesiton was one line lacking > context. If you had tossed in Auditors and why you were asking originally &g

Re: FW: SIEM

events, and IP camera logs but that wasn't good >>> enough because it doesn't encrypt the logs as well. >>> >>> #1 I hadn't heard that term before. I was called it Log monitoring and >>> management. #2 They are keying of the RSA log hacking to

RE: FW: SIEM

...@imcu.com Conversation: FW: SIEM Subject: Re: FW: SIEM It's not so much that as the original quesiton was one line lacking context. If you had tossed in Auditors and why you were asking originally then i twould have made more sense. On Thu, Jan 26, 2012 at 6:51 AM, itli...@imcu.com

Re: FW: SIEM

the logs as well. >> >> #1 I hadn't heard that term before. I was called it Log monitoring and >> management. #2 They are keying of the RSA log hacking to enforce the >> encryption of the logs while in transit and at rest. >> >> Blah Blah

Re: FW: SIEM

Sent:* Thursday, January 26, 2012 9:13 AM > *To:* NT System Admin Issues > *Subject:* RE: FW: SIEM > > ** ** > > I do that with my Kiwi Syslog software, Routers, Switches, Firewalls, > Windows NT events, Printer events, and IP camera logs but that wasn't good > enou

Re: FW: SIEM

ecause I am…. I have > always called it Log Management/ Monitoring???**** > > Not SIEM??? > > ** ** > > *From:* David Lum [mailto:david@nwea.org] > *Posted At:* Wednesday, January 25, 2012 4:45 PM > > *Posted To:* itli...@imcu.com > *Conversa

RE: FW: SIEM

nsultant and Exchange MVP http://TheEssentialExchange.com From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, January 26, 2012 9:51 AM To: NT System Admin Issues Subject: RE: FW: SIEM yeah yeah yeah. I know I look dumb...but mostly because I am I have always called it Log Management/ Monitoring??

Re: FW: SIEM

verything encrypted. >> >> ** ** >> >> ** ** >> >> *From:* Andrew S. Baker [mailto:asbz...@gmail.com] >> *Posted At:* Wednesday, January 25, 2012 2:36 PM >> *Posted To:* itli...@imcu.com >> *Conversation:* FW: SIEM >&

Re: FW: SIEM

x27;t need them but purchased them… > > I feel like I am going to have a lot of work ahead of me. > > ** ** > > ** ** > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Posted At:* Wednesday, January 25, 2012 5:12 PM > > *Posted To:* it

RE: FW: SIEM

I am not sure either since syslog messaging is on a UDP port 514 and is clear text in transit??? h curiouser and curiouser From: Michael B. Smith [mailto:mich...@smithcons.com] Posted At: Thursday, January 26, 2012 9:43 AM Posted To: itli...@imcu.com Conversation: FW: SIEM Subject: RE

RE: FW: SIEM

Not to worry! I had never heard the term SIEM until we started our process and I was invited to the SIEM meetings, so my knowledge of the term predates you by only a few weeks. :) I wasn't mocking you not knowing the term, I was enjoying the tactfulness of Steven's reply - i

RE: FW: SIEM

NWEA just went through an extensive SIEM vendor evaluation process looking at several vendors - we (mainly the SE team, they have more vested in this than I) had a list of criteria, etc etc and decided on Arcsight for our SIEM solution. Their hardware arrives next week and implementation starts

Re: FW: SIEM

d that term before. I was called it Log monitoring and > management. #2 They are keying of the RSA log hacking to enforce the > encryption of the logs while in transit and at rest. > > Blah Blah Blah. > > Thanks. Anyone have a good SIEM product or

RE: FW: SIEM

yeah yeah yeah. I know I look dumb...but mostly because I am I have always called it Log Management/ Monitoring??? Not SIEM??? From: David Lum [mailto:david@nwea.org] Posted At: Wednesday, January 25, 2012 4:45 PM Posted To: itli...@imcu.com Conversation: FW: SIEM Subject: RE: FW

RE: FW: SIEM

Don't need them but purchased them... I feel like I am going to have a lot of work ahead of me. From: Andrew S. Baker [mailto:asbz...@gmail.com] Posted At: Wednesday, January 25, 2012 5:12 PM Posted To: itli...@imcu.com Conversation: FW: SIEM Subject: Re: FW: SIEM You need to spe

RE: FW: SIEM

. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Thursday, January 26, 2012 9:13 AM To: NT System Admin Issues Subject: RE: FW: SIEM I do that with my Kiwi Syslog software, Routers, Switches, Firewalls, Windows NT events, Printer

RE: FW: SIEM

t. #2 They are keying of the RSA log hacking to enforce the encryption of the logs while in transit and at rest. Blah Blah Blah. Thanks. Anyone have a good SIEM product or appliance they use? I am looking at LogRythm or SPLUNK??? From: Erik Goldoff [mailto:egold...@gmail.com] Posted At: Wednes

Re: FW: SIEM

t; > Regards, > > ** ** > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > ** ** > > *From:* itli...@imcu.com [mailto:itli...@imcu.com] > *Sent:* Wednesday, January 25, 2012 3:21 PM > > *To:* NT System Admin Issu

Re: FW: SIEM

Start here, and see how far down the rabbit hole goes: http://en.wikipedia.org/wiki/Siem On Wed, Jan 25, 2012 at 11:14, itli...@imcu.com wrote: > > > > > This is new to me.  What is SIEM and what do I do with it? > > > > ~ Finally, powerful endpoint securit

Re: FW: SIEM

t; > ** ** > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Posted At:* Wednesday, January 25, 2012 2:36 PM > *Posted To:* itli...@imcu.com > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM > > ** ** > > You've got some fun auditors. > &g

RE: FW: SIEM

Those people are simply checking off boxes on a form. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: itli...@imcu.com [mailto:itli...@imcu.com] Sent: Wednesday, January 25, 2012 3:21 PM To: NT System Admin Issues Subject: RE: FW: SIEM So far it is

RE: FW: SIEM

That was some impressive restraint Steven, s close to LMGTFY but yet, not quite! From: Steven Peck [mailto:sep...@gmail.com] Sent: Wednesday, January 25, 2012 11:42 AM To: NT System Admin Issues Subject: Re: FW: SIEM I would imagine you put the anacronym in the search engine of your choice

Re: FW: SIEM

> *Posted At:* Wednesday, January 25, 2012 2:36 PM > *Posted To:* itli...@imcu.com > *Conversation:* FW: SIEM > *Subject:* Re: FW: SIEM > > ** ** > > You've got some fun auditors. > > ** ** > > Google will help you here. (Understanding of the c

Re: FW: SIEM

Security Information and Event Management. You could try OSSIM by Alienvault. Op 25 jan. 2012 20:35 schreef "itli...@imcu.com" het volgende: > ** ** > > ** ** > > This is new to me. What is SIEM and what do I do with it? > > ** ** > > ~ Finally, po

Re: FW: SIEM

Security Event Information Management ... security event log/alerting ? On Wed, Jan 25, 2012 at 2:14 PM, itli...@imcu.com wrote: > ** ** > > ** ** > > This is new to me. What is SIEM and what do I do with it? > > ** ** > > ~ Finally, powerful endpoint securit

RE: FW: SIEM

Conversation: FW: SIEM Subject: Re: FW: SIEM You've got some fun auditors. Google will help you here. (Understanding of the category, rather than selection of the tool) Why aren't you asking the auditors these questions? ASB http://XeeMe.com/AndrewBaker Harnessing the Adv

RE: SIEM

Subject: FW: SIEM This is new to me. What is SIEM and what do I do with it? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/rea

Re: FW: SIEM

> > This is new to me. What is SIEM and what do I do with it? > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions cl

Re: FW: SIEM

On Wed, Jan 25, 2012 at 2:14 PM, itli...@imcu.com wrote: > ** ** > > ** ** > > This is new to me. What is SIEM and what do I do with it? > > ** ** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.c

RE: SIEM solutions

Yeah, I would say Splunk would need to be on that shortlist a well. Stu From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, November 10, 2011 12:04 AM To: NT System Admin Issues Subject: Re: SIEM solutions I've played with Nitro a little bit, and I'm familiar wit

RE: SIEM solutions

ursday, 10 November 2011 9:50 PM To: NT System Admin Issues Subject: RE: SIEM solutions Three physical locations, hundreds of devices and I don't know how many different types of sources, but a lot. Web servers, app servers, DB's, routers, switches, etc. Thanks, Dave From: Ken

Re: SIEM solutions

What about http://www.manageengine.com/it-compliance-suite.html We are interested in from ITIL, ip monitor, AD perspective On Thu, Nov 10, 2011 at 7:34 AM, David Lum wrote: > We are looking at some SIEM (Security Information and Event Management) > solutions and are looking at product

Re: SIEM solutions

Might want to take a look at AlienVault's offerings. They offer a pay-for SIEM, (http://www.alienvault.com/) and a community version called OSSIM (http://www.alienvault.com/community) Haven't had the time to work with OSSIM, but working with a free version will either fill your needs

RE: SIEM solutions

For log aggregation and alerting, wouldn't a syslogger do it? From: David Lum [mailto:david@nwea.org] Sent: Thursday, November 10, 2011 7:50 AM To: NT System Admin Issues Subject: RE: SIEM solutions Three physical locations, hundreds of devices and I don't know how many differen

RE: SIEM solutions

stem Admin Issues Subject: RE: SIEM solutions How big is the environment? What is the scope of devices? SEIMs are designed to take logs from multiple sources, do log collection/analysis, event correlation/alerting. Something like SCOM isn't designed for that, and ACS does Windows only (AF

RE: SIEM solutions

] Sent: Wednesday, November 09, 2011 1:35 PM To: NT System Admin Issues Subject: SIEM solutions We are looking at some SIEM (Security Information and Event Management) solutions and are looking at products from the following vendors - does anyone here have a SIEM solution or experience and have

Re: SIEM solutions

I've played with Nitro a little bit, and I'm familiar with LogRythm, although I've never deployed it. Also consider TriGeo, Splunk Enterprise, and http://alienvault.com/products/unified-siem/siem This is not a cheap category of product... * * *ASB* *http://XeeMe.com/AndrewBak

RE: SIEM solutions

ue to previous experience Cheers Ken From: James Rankin [mailto:kz2...@googlemail.com] Sent: Thursday, 10 November 2011 3:07 AM To: NT System Admin Issues Subject: Re: SIEM solutions System Center Operations Manager with Audit Collection Services can do all this and more, if I am getting the

RE: SIEM solutions

Aye aye. I misunderstood Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 09, 2011 1:55 PM To: NT System Admin Issues Subject: RE: SIEM solutions For me, it's simply log aggregatio

Re: SIEM solutions

from a bigger selection. I > was simply looking for anyone who has deployed or evaluated SIEM products > from the listed vendors is all. > > ** ** > > Dave > > ** ** > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Wednesday, November 0

RE: SIEM solutions

han a driver on this project. The vendor list I sent out was narrowed down from a bigger selection. I was simply looking for anyone who has deployed or evaluated SIEM products from the listed vendors is all. Dave From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Wednesday, November 09

RE: SIEM solutions

://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Wednesday, November 09, 2011 1:35 PM To: NT System Admin Issues Subject: SIEM solutions We are looking at some SIEM (Security Information and Event Management) solutions and are looking at products from the following vendors - does

Re: SIEM solutions

RSA? Given their recent history, I'd be asking them some very tough questions, like 'Was your own product protecting you when you were hacked?' and 'If not, why not, and if it was, well, WTF, over?' On Wed, Nov 9, 2011 at 10:34, David Lum wrote: > We are lo

RE: SIEM

Thanks, will check out Nitro. -mb From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, March 16, 2011 9:10 AM To: NT System Admin Issues Subject: Re: SIEM I've heard really good things about Nitro as well http://www.nitrosecurity.com/ ASB (Find me online via About.Me

RE: SIEM

: RE: SIEM What a coincidence! One of our servers was just chocking on the TriGeo agent. I've only been at this company a few months and just heard about this. I haven't looked into this yet, but apparently the TG agent will consume the CPU every once in awhile. Have you witnessed th

Re: SIEM

Administrator | *Shoe Carnival, >>> Inc. **| *(: <812.867.8314> <812.867.8314>812.867.8314 | 7: >>> <812.471.9866> <812.471.9866>812.471.9866 | *: *cweatherf...@scvl.com* >>> >>> >>> >>> *From:* Matthew Bullock [mailto:mbull

Re: SIEM

plementing TriGeo. So far I really like it and support >> is great! >> >> >> >> >> >> >> >> *Chad Weatherford* | Network/Security Administrator | *Shoe Carnival, >> Inc. **| *(:812.867.8314 | 7: 812.471.9866 | *: *cweatherf...@scvl.com* >

Re: SIEM

ot9.com] > *Sent:* Monday, March 14, 2011 15:29 > > *To:* NT System Admin Issues > *Subject:* RE: SIEM > > > > Just the general splunk product. > > > > Trustwave is the PCI auditor and they were trying to sell us their > appliance during the last audit. One require

RE: SIEM

, March 16, 2011 11:43 AM To: NT System Admin Issues Subject: RE: SIEM We have MARS...but rumor is its days are numbered. Not to mention you cannot get details or customize alerts. I just finished implementing TriGeo. So far I really like it and support is great! Chad Weath

RE: SIEM

| 7: 812.471.9866 | *: cweatherf...@scvl.com From: Matthew Bullock [mailto:mbull...@root9.com] Sent: Monday, March 14, 2011 15:29 To: NT System Admin Issues Subject: RE: SIEM Just the general splunk product. Trustwave is the PCI auditor and they were trying to sell us their appliance

RE: SIEM

SC, thanks. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, March 14, 2011 10:59 AM To: NT System Admin Issues Subject: Re: SIEM Did you look at the security product, or just the general Splunk product? Also look at TrustWave. Lastly, SC Magazine is one of the best sources for usef

Re: SIEM

Cisco IOS, ASA, IPS, SBC and NSEL, Windows WMI, Exchange, VMware, MS SQL, > IIS, AD, maybe Avaya Communications Manager and UNIX/Linux/Syslog. > > > > -matt > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Monday, March 14, 2011 9:40 AM > *T

RE: SIEM

og. -matt From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Monday, March 14, 2011 9:40 AM To: NT System Admin Issues Subject: Re: SIEM Other options include: * http://www.trigeo.com/ * http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z What devices will you be tracking?

Re: SIEM

On Mon, Mar 14, 2011 at 12:33 PM, Matthew Bullock wrote: > Does anyone have any experience/opinions with implementing SIEM or logging > solutions? Right now, we’re looking mainly at Accelops, Log Logic and Log > Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I >

SIEM

Does anyone have any experience/opinions with implementing SIEM or logging solutions? Right now, we're looking mainly at Accelops, Log Logic and Log Rhythm, as well as an upgrade to our existing Cisco MARS appliance and I would love to hear anyone's thoughts on these or any other

Re: Log management/ SIEM solution

Take a look at the following: - http://www.trigeo.com/ - http://www.loglogic.com - http://www.eeye.com/Products/Retina/REM.aspx *ASB *(My XeeSM Profile) *Exploiting Technology for Business Advantage...* * * On Fri, Nov 5, 2010 at 2:39 PM, Weatherford,

Re: Log management/ SIEM solution

We are currently going through a similar exercise. We have Arcsight now. It is a bear to manage. They even told us if we went above the Express product, we would need to hire a full time administrator. Looked at enVision. I talked to a large user reference and they said while it does it's thin

Log management/ SIEM solution

Hello all! We are currently using GFI EventsManager for our event management but we are now looking to expand the monitoring to 300+ locations with everything coming back to HQ. This led us to look at other products and I was wondering if any of you may be using these could tell me what you thi