Tying Windows Events and Syslogs Together

In typical Microsoft fashion they had to go and create their own version of logging which in turn created a more convoluted IT ecosystem. As if IT didn’t have enough to do. When it comes to collecting logs from several disparate systems and then trying to glean insight from them; having multiple formats is not only inconvenient, it requires additional functionality in collectors. This is actually why Snare Open Source Agents became so popular. You could set up free Snare Agents and streamline collection at a central server.

With all the options out on the marketplace nowadays, merging syslog and windows event data tends to be far less of a concern. There are even those who still snag our open source agents to accomplish the task in a makeshift SIEM. Still, far too many companies are not centralizing their logs and they should remedy that immediately. Centralizing logs may seem obvious to some, but for others the benefits may be a bit obfuscated until they actually start profiting from the practice. By centralizing your log collection you not only save time but improve the reliability of your logging. You create a system of record, you streamline forensics, you keep logs secure and can quickly check on the health of your systems. While any centralizing system may seem sufficient there is one factor to keep in mind: cost.

Why? Because the data gets unwieldy as your logging needs increase in scope. When SIEM providers charge by data collected, that cost can easily increase exponentially with seemingly little you can do about it. So when you are shopping logging solutions you should not only make sure they can centralize your log collection but they should help you reduce the noise so you can efficiently manage cost.

/by

Beware, “Free” is Never Really FREE

In a day and age filled with ePhone 14s and Gamebox 7000s, there is no reason for enterprise B2B software to be so opaque, so convoluted, that it requires weeks of implementation and months of training. Which is how a vast number of open source offerings pay their way. Software isn’t “free” when you have to pay for documentation and months of training. It certainly isn’t free when you have to pay people to come in so you can implement it. The crazy part is that countless open source solutions end up costing significantly more than their commercial counterparts when all is said and done. The unavoidable costs of software whether you buy or build is well documented, and when people opt for the open source solution they end up learning the hard way.

There are other reasons people go with open source solutions even when it ends up costing them money in the long run. Vendor lock-in being another major reason as companies want to be free to switch providers if necessary and that can be difficult after making a large investment in a particular vendor’s solution. We broke Snare out into platform agnostic parts so that Snare can be a standalone solution or work in conjunction with a new or existing SIEM. We work with other software so well that customers use Snare when migrating SIEMs and love it so much they leave it in place to enhance the new SIEM platform. In other words, Snare isn’t an alternative, it’s an enhancement. Forcing vendor lock-in is antithetical to any customer driven software company’s philosophy.

There is a lot more coming from Snare and we have an especially exciting 2017 planned. In the meantime check out the following to learn more.

Download our brochure on the differences between our Enterprise and Open Source products get the paper.

Or check out the free Enterprise trial and get hands on with the differences yourself.

/by

What is Snare? [Video]

Not sure what Snare does? Looking for a logging or SIEM solution but not sure how Snare fits? Our own Gene McGowan threw this video together to quickly cover the full gamut of Snare. Want the fastest overview of Snare possible? Watch this video.

https://youtu.be/o2_hc_WF6Ig

If you have any questions or would like to know more just reach out to us!

/by

What We Mean By “Reducing the Noise”

We like to tout Snare’s ability to “reduce the noise” in your logging efforts but what exactly do we mean when we say that and why is it important?

Event logging veterans can probably guess fairly easily that we are talking about the excess data collected by logging solutions, but because collecting everything has been a go-to tactic for so long maybe all that wasteful data bogging down your network and driving up SIEM costs doesn’t seem like noise but an inconvenient but unavoidable by-product. Many more probably don’t even realize how much junk is clogging up their SIEM and network.

Snare started off as the only rock solid log collector that could bring together logs on disparate systems and aggregate them for analysis. In other words you could count on your logs getting collected, something far too many tools still can’t guarantee, and you could see your syslogs and windows event logs in one place. Snare Agents are also agnostic so no matter what SIEM solution you opted to by, if you were having trouble with the logs you can plug and play Snare Agents to solve those problems. SIEM vendors picked up on this and began recommending Snare Agents as a compliment and that is how we took off.

Fast forward a bit and we here at Intersect Alliance wanted to take it a step further. Clients around the globe had a long list of nice to haves, things that would make their SIEM efforts more efficient and more effective. This was the genesis to the premium features you see today. Things like managing audit policy, truncation of windows event descriptive text, and multi-tiered filtering.

Cool, huh? Well, we think so. Our roadmap has filled out and we are excited to continue bringing more premium features to our Snare suite.

/by