Interestingly enough (if I read Google Analytics correctly) the post I created back at the beginning of November related to the question of is ArcSight hard to use was the most visited page over the last month. In fact I think it has been on or towards the top of the list since I posted it. Since I have some time on my hands I figured I would write a sort of follow up to that post. Once again I will state that my only SIEM experience is with ArcSight so maybe someone will speak up for the other SIEM engines out there and/or tell me if I’m way off base.
I still maintain asking if something is “hard”, generally speaking, often only gets you only so far. Having some context implied in your question might get you an answer closer to what you really are looking for. Is calculus hard? Depends on who you are talking to. Is calculus harder than basic algebra? Yup. Is “ArcSight” hard to use? Depends on who you are talking to. Is ArcSight harder to use than some other SIEM? Ahh now we are getting somewhere. I did have sort of an interesting thought while reading the SIEM implementation book I wrote a review of back in January (at least it was interesting to me).
Thursday, March 31, 2011
Monday, March 28, 2011
How to boil the ocean
I did a very (non)scientific experiment this morning with the idea of trying to see the best way to boil the ocean….well ocean by proxy anyway. I took a liter of water and slowly added it a bit at a time to a pan and timed how long it would take to come to a decent boil; was a little over 6 minutes. Cooled the pan down, filled it with another litter of water, set the heat at the same place, and timed it. This time it took just over 8 minutes to get to about the same state.
What’s the point other than having too much time on my hands? Am guessing you might have heard the cliché “don’t try to boil the ocean.” Relative to SIEM stuffs I take a few things away from my little experiment that are all interrelated:
What’s the point other than having too much time on my hands? Am guessing you might have heard the cliché “don’t try to boil the ocean.” Relative to SIEM stuffs I take a few things away from my little experiment that are all interrelated:
Friday, March 11, 2011
SIEM Maintenance Support Costs and Returns
Anton Chuvakin recently wrote up a great blog article discussing SIEM associated costs. While it is my attention to write a longer post here to go a little more in depth on a comment I made in his article I wanted to post something quickly about a line item that probably doesn’t get a whole lot of attention after the bean counters and upper management have done their thing and papers are signed…until something breaks or there is a technical issue of one flavor or another.
Subscribe to:
Posts (Atom)