Badges
40 Points
5 Years
User Activity
Almost 4 years ago
Answered a question: What is the best SIEM tool for a large financial services firm?
I would take a long hard look at IBM QRadar. The user behavior analytics will give you insight into insider activity. You will want to run CIS internals on your endpoints and get detailed logs using their Wincollect server functionality. Using that alongside of something…
About 4 years ago
Answered a question: What is the difference between log management and SIEM?
Log Management is just that, it looks at logs from devices and attempts to make inferences about security issues from those logs. SIEM technology typically casts a wider net, looking at all types of security events. The best of breed will look at Network flows and events and…
Over 4 years ago
Answered a question: What is the difference between IT event correlation and aggregation?
Other answers are pretty much sum this up but there is one important point to make. In some technology it's important to take into account the number of events that got are aggregated and for your sim device to be able to treat them as individual events for the purpose of…
Over 4 years ago
Answered a question: Which is the best SIEM solution for a government organization?
If your environment is complex and you're trading information with people on a fairly open basis, but it needs to be secure oh, then you should consider QRadar. It has functionality none of the other SIEM solutions come close to offering. The state-of-the-art behavior…
About 5 years ago
Contributed a review of IBM Security QRadar: Good visibility of network and endpoints, correlate events to specific point-in-time
Reviews
About 5 years ago
IBM Security QRadar
Answers
Almost 4 years ago
Security Information and Event Management (SIEM)
Over 4 years ago
Event Monitoring
Over 4 years ago
Security Information and Event Management (SIEM)