”
Who did what, when, where and why?
”
Centralized log management and analysis is essential to assuring the integrity of your network security, achieving compliance with the growing list of regulations, and internal security requirements.
The process of transmitting log files across public or even private networks can work against these objectives. The ability to perform these tasks in the past have been complicated, costly and time consuming, until now.
The SnareE Product Suite is a Security Information Management tool, which is comprised of three components - the Snare Agents, the Snare Server and the Agent Management console. Snare, which is developed by Intersect Alliance, is one of the most comprehensive tools, providing real time data collection, and analysis.
The Snare Product Suite Overview
The Snare System provides clear, concise, accurate reporting of the information that is pertinent to your organizations security and audit requirements. Download the Snare System Datasheet
The Snare Server provides a dashboard displaying all pertinent audit events from a heterogeneous network. All incoming events (from Snare Agents and from system log enabled devices) are received into a Snare Server enabling them to be analyzed, recorded and reported based on the corporate audit requirements. The Snare Server has a large library of security objective reports, in addition to the ability to create adhoc reports or adjust the templated security objectives, providing flexibility to an organizations reporting structure. These comprehensive reports can then be automatically emailed to the security individual responsible for those systems and audit requirements on a daily, weekly or monthly basis. The reports can also be viewed from the web interface interactively.
The Snare Agents have been developed for a number of applications and operating systems such as Windows, Solaris, AIX, Irix, Linux, ISA, IIS, etc. The Agents are installed and configured on systems that are to be monitored for specific audit activity. They forward only those events that match the configured audit criteria to the Snare Server. The Open Source Agents are licensed under GPL and can be downloaded from sourceforge.
The Snare Enterprise Agents have been developed for use with the Snare Server as well as many other SIEM products. The Enterprise agents have been developed for Windows, Solaris, Linux, AIX, Irix plus two Epilog Agents for Windows and Unix which enable collection of the application log files for such items as ISA, IIS, Exchange, Squid, and Apache. In addition there is an MS SQL Agent. As well they have just released three new agents - Snare Agent for MAC OSX, and two browser agents - Firefox and Chrome. The Enterprise Agents have a number of additional features including the ability to send to multiple destinations, sending via TCP/TLS/SSL, ability to truncate redundant information, as well as product support.
The Snare Agent Management Console allows organizations with large deployment of Snare Agents to push out configuration to the agents ensuring adherence to compliance policy or corporate security standards.
The data is accumulated in a datastore which can be archived for forensics and archival purposes, archived by date and by machine/IP Address. The data itself is stored in a text delimited format, which can be accessed on demand and be imported into third party reporting/analysis software tools if required.
The Snare Product Suite allows for a consolidated view of all your audit requirements on your network.
The Snare Server is supplied as an ISO image via a download from your client area, or a fulfillment package can be ordered.
Contact us for more information or request a quote.
