RE: Re: Picking a SIEM: How's envision compared with Arcsight?

According to RSA's web site, enVision runs on Windows 2003 server platform.
Do we need any other comments to such Vision?

Mikhail Utin, CISSP
From: listbounce@xxxxxxxxxxxxxxxxx [listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of bit1976 [bittu23@xxxxxxxxx]
Sent: Monday, February 13, 2012 11:41 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Picking a SIEM: How's envision compared with Arcsight?

Well my experience has been completely different working on both the
products. Arcsight is a superior correlation engine compared to RSA envision
which for me is like a High school project (sorry for being rude). Yes i
believe Arcsight has been using Oracle DB but they have changed to a much
more robust flat file database in their newly launched express appliances.
Secondly looking at the overall solution from a day to day perspective in
case of RSA for writing complex rules, reports one needs to to SQL in detail
whereas Arcsight is pretty cool with their interactive GUI...more over
rules, reports, dashboards based on categories enable the environment to be
future proof any not depend on the end device vendor.
I don't see any complexity in the product maintenance where i have seen
large environments like MSSP's running in a fully automated the
complexity part is really for me is really not true....Inspite i would put
it the other way is that it may time for any environment to mature...but
once done things don't need much day to day involvement.RSA is ok if once
needs log management at a cheap price but if real correlation is needed
which is the heart of an SIEM it has to be Arcsight.

roys81 wrote:


i'm sorry to be rude but the guy who answered you about arcsight and
envision obviously don't understand much in envision - i've been deploying
envision for 5 years now and i can tell you a thing or two about it, 1st
of all arcsight is a great product but it does have it's weaknesses.
envision supports: wmi, lea, odbc, http/https, ftp/sftp, syslog and snmp -
if you want to be more precise, if there is a log you can read it with
envision also you can develop a parser for every unknown device so
envision will recognize it and a little secret about it - it's free of
charge. if you want to compare the two systems than you need to know that
arcsight is based on oracle DB (for better and worse) while envision's
using IPDB (flat file storage method) i'm not saying that envision is a
perfect solution you'll need to do some out of the box developing to get
some special features out of it but the simplicity of connecting devices,
storing data at envision is the best i've seen in the market.
another thing that you need to know about arcsight is that it's one of the
most complexed SIEM products in the markek and you'll probably need at
least one person in a full time job to deploy and maintain it for you (and
that's not cheep at all). if you have more questions about envision i'll
be glad to help you.

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442f727d1