....to not update one’s blog much. At least for me. Have been wrapped up with a number of things at work to the point where I have trouble mentally disengaging. I have said more than once that we are going to the kid’s Christmas presentations at their school when I have meant programs. At one point my wife jokingly asked if I thought they were going to have a slide deck associated with them. While I don’t brief much I do have slide decks and metrics on the brain along with everything else going on so maybe that is where it is coming from.
Of course then things slow down and hit me so that I see the magnitude of Christmas relative to itself and intertwined with Easter which is at once the other side of the coin and at the same time a transparent overlay.
Actually I have had a few thoughts about SIEM, LM, etc but they are micro thoughts more than anything else or are too contextually close to what is going on at work such that they haven’t born themselves out into blogable items. I should keep a journal or something so I can circle back to them. One that did hit me the other day - if ArcSight was a toy what would it be?
A Lego set. At least that is how I perceive it. One of those really big box sets where the pieces are there to build a castle or something huge. I am still of the opinion that what ArcSight gives you more than anything else is a platform to build your monitoring on vs something that limits you to a list of pre-defined things. To continue the theme then other SIEM solutions are perhaps more or less like a molded plastic toy castle. At the end of the day if you just want a castle to play with it is perhaps more expedient to buy one of the molded ones vs having to put the Legos together but the Legos are more…extensible. If you wanted to add a turret, you can. If you wanted to expand, adjust the layout, shape, size, or link with other Lego sets – you can. Again I should mention I don’t get a chance to play with other SIEM solutions so take that analogy with a grain of salt. Of course while it does allow for more customization it requires someone to actually put it together. It doesn’t do anyone any good if months after Christmas you are all hyped about the capability and all the pieces are in still in the box or you have put up a wall and then sort of abandoned the project (and then blame the Legos). Lines about counting the cost and towers come to mind. That leads into a discussion of integration which starts to walk down a path I like to talk about.
Anyway, enough for now. Amazing Race is about to start and the wife says one day we might apply. I'll believe that when she downloads the application. Any thoughts on the analogy?
Mark,
ReplyDeleteYou read in my mind ;-) Really funny you're talking about this Lego set analogy. Actually each time I'm asked to explain what is AS, I'm referring to the same analogy. That's what is making the product so great. You can build ( almost ) whatever you want. And if the bridge you just built doesn't look good enough, you know there is probably another way to build it with a different set of lego bricks. The main limitation with AS is your imagination, that's the reason why, after all these years spent on the product, AS is still by far my preferred toy.
Merry Christmas
Gaetan
I'd argue it's more like an Erector set because like the Legos, you build it up and get it to be the way you want, but once it's built, it provides more functionality than you had to begin with.
ReplyDeleteThank you both for posting and like you say Gaetan ArcSight is my preferred toy as well (though my next post might read like I don't to some degree). It is like your previous comment on being frustrated where there is some bug that doesn't let you do something you had in mind.
ReplyDeleteChris - actually I did think of the Erector set while writing my next post as you can sort of put it in motion in a way that Legos can't. I should have worked it in somewhere lol. Maybe the Erector set IS more like ArcSight in that once you have built something it takes more work than Legos to be modified =).