CUSTOMER STORY
CHALLENGE SUMMARY
For this global market leader in multiple fast-casual dining categories, the costs associated with the proper collection, management, and storing of log data was escalating into the millions of dollars each year. The organization handles hundreds of thousands of POS transactions daily across their global locations in addition to large-scale business and financial operations across multiple geographies. The shear size of the enterprise and the vast number of endpoints collecting transactional data every single day meant that cyber costs were soaring.
In order to meet compliance standards and to protect the security of their customer data and company data, the organization requires the proper management and secure storage of log data. The current SIEM was doing the job, but at an alarming price. So, company leadership wanted to find a way to scale back those costs without compromising security and without disrupting the technology already in place.
Our objective was to demonstrate how Snare complements the company’s current SIEM solution, and how the addition of Snare to the existing technology infrastructure would not only improve compliance and security, but would save the organization millions of dollars a year by:
- increasing logging capacity
- providing unlimited log data storage using Snare’s market-leading 50:1 compression
- filtering and truncating log data to reduce log noise
OUTCOME SUMMARY
Within just a few weeks, the organization recorded an 87% reduction in overall log traffic.
This substantial improvement to log management efficiency dramatically reduced the business’s spend on cyber costs and eliminated the need for additional internal expenditures on hardware and operational personnel.
The ability to centrally manage their logging needs via Snare Central also provided additional risk reduction and time savings.
The ROI from using Snare paid for itself in a matter of weeks. The addition of Snare Enterprise Agents and Snare Central to the cybersecurity tech stack has:
- significantly reduced the cost paid to the SIEM
- improved the the ability to forecast spend and usage
- dramatically improved threat detection speed
- enhanced forensic investigation capabilities
- allowed for critical scalability
- enhanced logging capabilities with the ability to use Snare’s built-in FIM/FAM/RIM/RAM and Database Activity Monitoring
- improved compliance without additional resource allocation
- improved overall visibility to logs and the quality of the log data
THE BACKGROUND
Helping a Global Leader in Multiple Fast-Casual Dining Categories Reduce Soaring SIEM Costs
The security of personal customer and company data is a high priority for any organization, let alone a global market-leader in multiple fast-casual dining categories. Due to the shear size of this customer’s global operation and the number of endpoints collecting and transmitting large volumes of transactional data daily, the costs associated with properly managing, sending, and storing log data became incredibly significant.
The bulk of the cost was sending event logs primarily from POS systems to their exiting SIEM – and the costs were soaring.
Company leadership tasked the organization’s Chief Information Security Officer (CISO) and IT stakeholders to find a solution that would help reduce SIEM ingestion and storage costs without interrupting or displacing the current technology infrastructure and without compromising compliance or security standards.
As requested from leadership, the CISO and security team needed to find a log management solution that would:
- Show a demonstrable ROI by reducing escalating SIEM ingestion costs and data storage costs
- Collect all the logs needed for compliance
- Require no additional servers or resources in order to avoid additional resources and expenses
- Have the ability to centrally manage all log collecting systems in the field to reduce complexity and operational inefficiencies
- Complement rather than displace the existing SIEM to avoid changes to the existing technology infrastructure
THE CHALLENGE
Log Noise & the High Costs Associated with SIEM Ingestion Costs
Because the company is publicly traded and often in the public eye, the proper management of customer information, transactional data, and company data is a top priority, so having the proper cybersecurity tools in place is critical – but the CISO was under pressure to also keep costs down.
The challenge was to ensure that the company continued to collect the business-critical logs to meet their digital forensics, incident response and compliance requirements, while finding substantial cost savings.
Their current logging solution was not able to provide stability-at-scale, and future business growth would also mean an exponential increase in cybersecurity costs.
This includes:
- operational costs
- hardware
- human resources, and
- SIEM ingestion costs.
Additionally, with their current logging solution, the company was not able to easily manage their endpoints in the field when policy changes were needed, requiring more time, money, and resources to manually update policies at each site.
THE SOLUTION
Reducing SIEM Costs While Improving Security
The solution for this customer was to deploy Snare Enterprise Agents across their existing platforms (Windows and Linux).
With Snare in place, the security team could utilize Snare’s market-leading truncation and prescriptive filtering across all locations to eliminate logging “noise”, making threat detection, hunting, and forensic investigation significantly faster and in-turn would directly impact the SIEMs ingestion volumes – which was one of the highest IT costs to the business.
The addition of the Snare Central Server to the technology infrastructure also provided a much-needed way to centrally manage all systems, policies, and alerts – eliminating the need to update systems on-site.
The addition of Snare Central to the ecosystem met the need to reduce SIEM costs while also unlocking significant benefits to the enterprise:
- Ensure the consistent application of security policies, alerting, and reporting across the organization
- Monitor the health status of all Snare systems via one single view
- Immediately alert the company’s SOC to specific systems showing problems or anomalous activity so they can be investigated in minutes vs days or months
- Save time and resources by centrally configuring core settings: AMC Policies, Reports, Health Check, Objective Schedules, Reflector Configuration, User Access
Requiring few resources to deploy and manage, the addition of Snare’s lightweight agents and automated alerts would also facilitate a cost-effective use of internal resources, and ultimately a direct-spend savings with the SIEM.
THE OUTCOME
Major Cost Savings and an 87% Reduction in Log Noise
After just a few short weeks after implementing Snare, the CISO was able to demonstrate a 87% reduction in overall log traffic to his company leadership.
- By leveraging Snare’s ability to filter, truncate, and compress log data, there was a direct and significant reduction in the business spend on SIEM ingestion costs.
- The ease of implementing and running Snare also meant that the CISO was able to avoid additional expenditures on hardware and operational personnel.
- Centralized log management provided additional risk reduction and time savings
By reducing ingestion costs alone, Snare paid for itself in a matter of weeks. The long-term savings continue to prove the ROI of Snare, and the the solution will continue to benefit the business by:
- allowing for scaled logging expansion without additional resources
- continuously improving overall visibility to logs, and
- by reducing SIEM ingestion costs and log storage costs
Unlimited Pristine Storage
The proper storage of logs is a critical part of maintaining compliance standards, with some industries requiring the storage of logs for up to seven years (untouched). Snare offers unlimited, pristine log storage to help meet these requirements while also saving a significant amount of money on log storage.
Connect Dozens of Sites Globally
Many global organizations desperately need a log management solution that can meet individual site-specific requirements, while also providing a centralized view of all event log activity across the entire enterprise.
Frictionless Implementation
Companies need to be prepared to face the newly emerging threats across the cyber landscape. Snare’s centralized log management solution can be quickly and easily installed to start protecting your organization from threats immediately upon deployment.
Reliable Log Management
Originally designed for military and defense, Snare is the de facto centralized log management solution for thousands of organizations worldwide.
