As directed by Secureworks, we have been fielding a lot of calls recently from our joint Snare/Secureworks customers regarding your options following the end of life announcement for Secureworks CTP. As a licensed Snare customer, you may continue using the Dell Secureworks limited version of Snare for Windows – and when you are ready – we will help you migrate to our most current Snare log management solutions.
Snare Integration with Secureworks – Gartner Leading MSSP
Snare enables Secureworks customers to receive all relevant security log data with preconfigured enterprise agents.
Snare has partnered with Secureworks since its inception as a leading MSSP, with Snare providing the front-end and Secureworks the acute analysis and backend platforms. Snare is purpose-built for Secureworks and the Snare agent can be supplied directly as part of your Secureworks licenses from Snare or our partners – wherever you are needing coverage. With over 1,000 joint customers, the integration and partnership provides Secureworks customers a rock solid, reliable cybersecurity platform they can rely on.
Snare is able to support additional Secureworks use cases including the Taegis XDR platform, local log storage, and log management to complement threat detection as a service
Many organizations use Snare to send critical event data to Secureworks, while keeping a complete compliance-friendly forensics and reporting platform locally or in the cloud with the Snare Central suite of products.
Snare is Trusted by 4,000+ Enterprise Customers Worldwide
Snare & Taegis XDR
Enable, extend, and enrich Taegis XDR with Snare.
Snare’s full suite of endpoints complements Taegis XDR by ensuring the right data is sent to the right location at the right time for rapid response.
By implementing Snare alongside Taegis, you can use enriched log data to enhance your XDR platform’s potential and dramatically reduce MTTR:
- Enable your analysts to see what was stolen after a targeted intrusion.
- Extend your visibility to see the actions of cyber attackers during dwell time of Human Operator Ransomware.
- Enrich your view of Privileged User Activity and log event data to quickly identify ransomware or a network breach.
Snare Agents
Snare is the global standard for feature-rich, reliable, lightweight agents. Rock solid log collection is both a compliance and security imperative.
When companies across the world want the best, they choose Snare.
How Snare Supports Secureworks Capabilities
File Integrity Monitoring (FIM)
Many regulations require the addition of a checksum to detecting file changes, and file permission changes, such as PCI DSS that require the change detection tools be run at least weekly.
Registry Integrity Monitoring (RIM)
Similar to FIM, performing a checksum and tracking the permission changes on the registry is important for identifying changes to key parts of the windows configuration and applications.
Database Activity Monitoring
Effectively monitor MS SQL activity within a single database or an entire instance that covers multiple databases.
File Activity Monitoring (FAM)
Find out who is doing what to your files and when. Who opens, reads, deletes them, and are they supposed to? A critical component to most compliance policies such as PCI DSS, HIPAA, FISMA, ISO27001, NIST, etc.
Registry Activity Monitoring (RAM)
Most applications maintain their configuration in the registry on Windows platforms. Being able to detect unauthorized changes to an application from changing key registry values is an important forensic tool in determining if the change resulted in unauthorized application activity.
Enterprise Grade
Heartbeats, self-audit, audit policy, data enrichment, data masking, and EPS controls. Windows Agents Veracode Verified. No Java or .NET required.
USB Drives
Tracking removable media and its usage on systems is important for identifying potential data exfiltration and potential sources of malware and other malicious activity. It is important to track the device activity and if the media was something like a thumb drive or Rubber Ducky device that can be used to steal data or write malware/exploit at 3,000 characters a second and then execute it on the system as the user that is logged-in on the system.
Multi Destination
Unlimited destinations for logs being sent with different ports, protocols, and formats for each destination. Get the right data, to the right people, at the right time.
24/7/365 Support
Around-the-clock, regionalized support.
AMER +1 (800) 834 1060
EMEA +44 (800) 368 7423
APAC +61 (1800) 790 139
Database Activity Monitoring (DAM)
Snare’s Database Activity Monitoring (DAM) helps identify and report on anomalous database activity behavior, with minimal impact on user operations and productivity. Snare’s specialized Microsoft SQL (MS SQL) agent allows customers to effectively monitor SQL activity within a single database or an entire instance that covers multiple databases. Specific settings can be used to collect information on a specific database, tables with sensitive data, or specific commands run in the database. This reduces the noise of general monitoring of all user activity on the SQL environment.
The Snare MS SQL agent works on all current versions of SQL server on Windows platforms, including complex enterprise environments.
- Let security monitor the DBA to identify and alert on insider threats and/or external threat actors
- Bring SQL into scope by focusing on intelligence vs all-or-nothing SQL logging options
- Mask sensitive data like PCI and other PII
Reduce Noise & Spend Time on Intelligence
Noise can diminish the investment in your cybersecurity platform by obscuring the threat and masking the intruder. Snare ensures that the right data gets to the right place at the right time, so customers spend more time on intelligence and less time on sifting through a noisy infrastructure, reducing Mean Time to Detection (MTTD).
- Snare can truncate the Windows verbose help text, getting rid of useless noise
- Snare can set your audit policy to only generate the events you need
- Snare reduces the hardware and network infrastructure needed to scale for enterprises
- Snare, for example, can direct the needed date to your SIEM, while concurrently storing all events locally for forensics
Deploying Snare with Secureworks
Snare and Secureworks have a strong history together. Snare provides a Secureworks branded agent built to send all security logs to the Secureworks platform. This ensures the teams receive only the relevant security information at the right time.
The Secureworks agent provides multiple pre-built features in several ways:
- Secure Log Transportation
- Flat file and Text-Based logging
- Filtering and Truncation
- Integration with Agent Management Console
Enterprise Scalability with Snare
Snare is a reliable, highly scalable, long-term log storage solution for high volume enterprise environments. With Snare, you send the right data to the right people at the right time – in real time.
- Scale and handle high traffic, high volume sites that have 100,000+ agents collecting terabytes of data or more per day
- Long-term storage to ensure compliance and forensics options
- All logs are collected and parsed using Snare Central to feed your SIEM in a standardized format – while using tiered filtering as needed
- Easily manage policies and agents en masse
Enterprise Compliance In Supporting Secureworks
Snare is installed around the world, on every continent, in most every country, on the ground, under the sea and in the air.
The Leading Log Manager for Secureworks Customers
Snare and Secureworks have a strong history together. The Secureworks agent provides flexible and scalable architecture giving organizations unparalleled freedom with their Secureworks deployments.
Featured Content
Using Snare to Detect Solarigate Backdoor Delivered by SolarWinds Orion Software
This blog contains some immediate guidance on using Snare agents and Snare Central to detect activity on your network from the Sunburst Backdoor malware delivered by SolarWinds Orion Software.
Ready to talk about Snare + Secureworks?
Get in touch with our team
