You noted in the article that many customers prefer not to install agents on DCs - were none of the solutions under test capable of collecting events from Windows devices (or others) without using agents, or was that a choice the review team made? In the interests of disclosure, I work for RSA and the envision (formerly Network Intelligence) solution does have an agentless collection feature for Windows that appeals to many customers.
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
RSA declined to participate
So we can not verify these claims based on testing.
Christine Burns
Executive Editor, Testing
Network World
Many of the products we
Many of the products we tested had push/pull methods of gathering data and approaches varied heavily on what the data source was. (e.g. a Cisco firewall vs. a vulnerability scanner) I'm familiar with the approach of logging in remotely and "scraping" logs from Windows hosts and/or domain controllers, yes. Of course this presents other challenges such as making sure the SIEM platform has full connectivity to all of the Windows system in question (not always easy in a segmented environment), and forcing you to keep login credentials in your SIEM platform. (Although admittedly less risky if you restrict the "scraping" account's access rights...) It's also a pull model, which has some issues, too, but I digress...
Regardless, had RSA not chickened out of the review it would have been nice to have checked out that product's approach. :)
Post new comment