CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 5 of 5

Thread: Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envision

  1. #1
    Join Date
    2012-03-31
    Posts
    7
    Rep Power
    0

    Default Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envision

    Is there any difference between the 2 tools ?. I think they both do security incident and event management

  2. #2
    Join Date
    2006-11-21
    Location
    Michigan
    Posts
    70
    Rep Power
    11

    Default Re: Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envis

    Quote Originally Posted by DarkSec View Post
    Is there any difference between the 2 tools ?. I think they both do security incident and event management
    Cisco MARS is a dead tool: http://www.cisco.com/en/US/prod/coll...d807189ef.html

  3. #3
    Join Date
    2009-07-21
    Location
    kcmo
    Posts
    47
    Rep Power
    0

    Default Re: Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envis

    as far as i know, Eventia is best suited for Check Point IPS logs. i don't even know if it takes in other vendors' data.

    juniper STRM is Q1 QRadar with juniper branding and an NSM-like (i.e. awful) interface. it would probably be useful if you're an all-juniper shop. otherwise you may just look into Q1

    the last i heard envision is a dying product

    arcsight, logrhythm, and turbo are good event correlators for logs from all vendors. they can get pretty expensive, though

    splunk is a great product for getting the data easily readable and in front of your face, but i don't know if it's correllation features compare well to the other vendors.

    i'd recommend starting with your budget and narrowing down products from there

  4. #4
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,284
    Rep Power
    14

    Default Re: Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envis

    The way I describe SmartEvent (the product formerly known as Eventia) is as a SIEM and Reporting Tool focused on Check Point products.
    SmartEvent is able to process logs from all the Software Blades--not just IPS--as well as information received via Syslog from some third party products: http://www.checkpoint.com/products/h...ntia_2005.html
    http://phoneboy.com
    Unless otherwise noted, views expressed are my own

  5. #5
    Join Date
    2012-03-31
    Posts
    7
    Rep Power
    0

    Default Re: Difference between Checkpoint Eventia/Cisco MARS/Juniper STRM and Arcsight/Envis

    What i wanted to know is whether Arcsight does something which Eventia or STRM cant do ?

    I can see lot of employers asking for experience with arcsight and Arcsight training is very expensive and very few centres in my country have it.

Similar Threads

  1. Difference between CISCO and Checkpoint Firewall
    By vijay_vya in forum R75.40 (GAiA)
    Replies: 20
    Last Post: 2012-12-19, 08:04
  2. questions regarding Checkpoint logging to Cisco MARS
    By gaawezokke in forum Miscellaneous
    Replies: 2
    Last Post: 2011-03-30, 15:17
  3. checkpoint to Juniper VPN
    By macbean in forum Interoperability
    Replies: 9
    Last Post: 2011-02-21, 16:18
  4. Checkpoint to Juniper VPN
    By tdvit in forum Interoperability
    Replies: 4
    Last Post: 2008-06-11, 02:47
  5. Checkpoint to Juniper VPN
    By tdvit in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 0
    Last Post: 2007-05-31, 06:03

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •