Thread: Do you use Eventia?
View Single Post
  #8 (permalink)  
Old 2008-02-11
fireverse fireverse is offline
Junior Member
  
Join Date: 2007-05-01
Posts: 10
Rep Power: 0
fireverse has an average reputation (10+)
Default Re: Do you use Eventia?
Quote:
Originally Posted by cciesec2006 View Post
"I'm a bit biased but I think the Eventia Suite is your best option for VPN-1."

I have to disagree. If cost is not an issue, you should definitely look
at ArcSight or NetForensics. It has a complete solution since it can
take logs from a lot more devices than Eventia Suite. From a security
perspective, this device should take logs from firewalls, IDS/IPS, Unix/Linux
servers, windows servers, Cisco routers, switches, VPN devices.
Once it accepts the logs, it can do event correlation.

I tried Eventia Suite NGx R60 about 1.5 years ago. I have to say
that that product is horrendous. The checkpoint SE guy spent
two days help me setup this product and at the end of the
day, eventia Suite couldn't get logs from Pix 7.x code and Juniper
IDP logs. After 2 days, Checkpoint SE and I gave up. I like
ArcSight and NetForensics. They are expensive but worth the money.
First of all Eventia R65 is a lot easier to setup for Smart Center and P1. There is also a lot more functionality and a greatly expanded library for 3rd party devices. You will find support for Cisco, Juniper, Linux, and other devices. There is also a new log parsing tool (Jan 08) to help create your own signatures for events. Analyzer has always done correlation, and has a modular design for high performance environments.

Regarding Arcsight or NetForensics, cost may not be an issue for you, but what about time and effort? Arcsight, Netforensics, and Intellitactics are not only notoriously expensive, but also very difficult to setup and maintain. If you go down this road I highly recommend buying their professional services.

I ran a department in a Fortune 50 that spent $1.5 million+, dedicated FTE, on-site professional services, and three years of effort to get this thing running. It was very complicated and required learning a bastardized version of PERL. The interface was written in Java and although very pretty, would take five minutes or more to display anything.

We installed a demo of Eventia Suite R65 and were finding Analyzer events within seconds of them happening. Eventia was pulling info from a CMA that had 800+ rules, 1000+ NAT rules, and over 2 Gig of log files a day. We also discovered that Intellitactics (tuned and installed by Intellitactics) was missing a lot of defined events that it was supposed to be seeing. Analyzer was keeping Intellitactics honest.

Eventia requires much less effort to install. Takes maybe 10 minutes; 12 for P1 ;). In most cases does not require a dedicated FTE to maintain. The interface is very fast and will display events in near real time. The TCO on Eventia is going to be a lot less than a third party product.

If you haven't worked with Eventia in its R65 release, I would recommend you take another look.
Reply With Quote