I think Kaspersky is well suited for large and small companies. Larger companies can take advantage of the KSC (Kaspersky Security Center) servers to help manage a large network. The KSC has many good features to help monitor the health of the organization. It does a good job with updating and deploying remotely. It has inventory features, and can even deploy non-Kaspersky software packages uploaded to the center. KSC can become a source of good information about [your] network that can be seen at a glance. IT departments are normally smaller than they need to be. KSC helps with larger and smaller companies because of this. A small company would appreciate the amount of information and management that can be done through KSC without needing extra help. If the company is small enough that they don't have servers on-site, there is a cloud version. I have not used that to know how it differs from the local KSC.
Perfect for projects where Elasticsearch makes sense: if you decide to employ ES in a project, then you will almost inevitably use LogStash, and you should anyways. Such projects would include: 1. Data Science (reading, recording or measure web-based Analytics, Metrics) 2. Web Scraping (which was one of our earlier projects involving LogStash) 3. Syslog-ng Management: While I did point out that it can be a bit of an electric boo-ga-loo in finding an errant configuration item, it is still worth it to implement Syslog-ng management via LogStash: being able to fine-tune your log messages and then pipe them to other sources, depending on the data being read in, is incredibly powerful, and I would say is exemplar of what modern Computer Science looks like: Less Specialization in mathematics, and more specialization in storing and recording data (i.e. Less Engineering, and more Design).
The Security Center is laid out very well and makes it easy to install and manage the client endpoint protection on servers and workstations.
The way security policies are defined and managed is very easy to understand.
The client programs seem to be lighter and smaller on the client systems than others I have used in the past. Using fewer resources is always an advantage.
Logstash design is definitely perfect for the use case of ELK. Logstash has "drivers" using which it can inject from virtually any source. This takes the headache from source to implement those "drivers" to store data to ES.
Logstash is fast, very fast. As per my observance, you don't need more than 1 or 2 servers for even big size projects.
Data in different shape, size, and formats? No worries, Logstash can handle it. It lets you write simple rules to programmatically take decisions real-time on data.
You can change your data on the fly! This is the CORE power of Logstash. The concept is similar to Kafka streams, the difference being the source and destination are application and ES respectively.
The product is stable and accurate in detecting security threats. There are very few or no false positives in detecting security threats or unusual behavior and has very sharp heuristics. The product does the job very well including saving us money in getting 3rd party patch management tools as the business is already using Microsoft System Center Configuration Manager which is Microsoft product specific and the product patches these third party products e.g Adobe Flash Player
I will give Kaspersky a score of 9 out of 10 for scalability, as it allows businesses to easily expand their security infrastructure. This means it won't cost them a lot to add further protection and security. It won't also require them to purchase other hardware and services for their required protection.
As I said earlier, for a production-grade OpenStack Telco cloud, Logstash brings high value in flexibility, compliance, and troubleshooting efficiency. However, this brings a higher infra & ops cost on resources, but that is not a problem in big datacenters because there is no resource crunch in terms of servers or CPU/RAM
I've used the on-premise server. I've only experienced one time that we couldn't open the console, and that was a server issue. It seems to be a dependable solution. It's there, and it's stable.
Users don't notice any slowdown with the antivirus running on their systems. There have been issues when the systems have missed a scheduled scan, and it was checked to run at [a] first available time, they will start a full scan at startup. This has caused some lag. Normally there are also some issues with the workstation, but it is something to note.
I give the maximum grade because we have no complaints; we never had any failure, serious error, and serious threat to the company. All of its features work very well. The great advantage of having a product supported by an industry-leading security company is that regularly updated security protocols will protect the system against all emerging threats.
Make sure to provide awareness campaigns on changes that will be implemented and WHY the business is doing it and the benefits reaped. Benefits reaped is very important for the justification of why things have to change and emphasizing the importance of security. This will reduce user disgruntlement and total bitterness on use of their workstation or laptop
Kaspersky is a leader in endpoint protection, but its ties to potential adversaries are unsettling. Kaspersky has a great threat research team and quickly identifies malicious software and its signature. Its web-based protection is also top notch. This is a great product but as with everything has its place.
Logstash can be compared to other ETL frameworks or tools, but it is also complementary to several, for example, Kafka. I would not only suggest using Logstash when the rest of the ELK stack is available, but also for a self-hosted event collection pipeline for various searching systems such as Solr or Graylog, or even monitoring solutions built on top of Graphite or OpenTSDB.
You can create groups and create different policies for each group. You can customize many parts of the software before it is deployed. You can create different tasks and schedules based on the groups. It is customizable.
Positive: LogStash is OpenSource. While this should not be directly construed as Free, it's a great start towards Free. OpenSource means that while it's free to download, there are no regular patch schedules, no support from a company, no engineer you can get on the phone / email to solve a problem. You are your own Engineer. You are your own Phone Call. You are your own ticketing system.
Negative: Since Logstash's features are so extensive, you will often find yourself saying "I can just solve this problem better going further down / up the Stack!". This is not a BAD quality, necessarily and it really only depends on what Your Project's Aim is.
Positive: LogStash is a dream to configure and run. A few hours of work, and you are on your way to collecting and shipping logs to their required addresses!
