Enterprise Security Management System
Are any of you using Event correlation software to tie your perimeter security devices together?
We are looking for an enterprise security management system to tie all of our crap together (ISS-IDS, Cisco Firewall, HP-UX box, WinTel servers, Linux, and I-Series)
I've been checking out NetForensics, nuSecure, e-secures's Security Management Sysyem, NetIQ Corp Security Manager, ArcSight 2.2, and e-security, E-Sentinel.
The goal is to respond faster to incidents, tie things like OS logs with firewall walls with IDS events to get the reported events more accurate (reduce false positives, but not to drop any really important things)
We were originally going to rely on ISS Internet Scanner and Network Fusion, but frankly, our ISS RealSecure IDS is unstable as hell, so I would prefer not to use them if I don't have to (besides...Internet scanner is like $15k, nessus is free ;) )
There's the background....
Is anyone out there using a enterprise security management product?
If so, which one?
What do you like about it and what donít you like about it?
Was it worth the $$$?
What was the aprox. cost to implement?
I welcome all of your insight!