SNARE ENTERPRISE AGENTS
– LATEST FEATURES –
Snare Enterprise AgentsWindows Advanced AuditingNew Policy SuiteRemovable Storage MonitoringFIPS Certified
SNARE ENTERPRISE AGENTS
The latest version of our Snare Enterprise Agent (v5.7) expands our coverage and capabilities for Microsoft users, Microsoft systems, and other operating systems. This update also includes more granular auditing and policy controls that enhance security while significantly reducing log noise, helping security teams identify potential threats much faster and with more ease.
Key Updates Include:
- WINDOWS ADVANCED AUDITING
- REVAMPED POLICY SUITE FOR ADVANCED AUDITING CONTROLS
- REMOVABLE STORAGE MONITORING (USB, Mobile Phone, Etc.)
- FIPS CERTIFICATION
New product updates now support:
- Windows 11
- Ubuntu22.04
- Debian 11
- RHEL 9
- macOS12
MORE GRANULAR CONTROL OVER ADVANCED AUDITING FOR MICROSOFT WINDOWS
- Advanced Audit Policy provides more granular control over Windows auditing, enabling security teams to capture the most important log data and eliminate network noise.
- Separation of duties between a security admin and a systems admin.
- Snare Agent provides a set of 16 out-of-the-box Advanced Audit Policies for collecting useful security events, providing extended coverage over administrative activity and potential malicious activity while meeting ISO27001, SANs and Microsoft forensic needs.
- Snare Agent allows users to easily switch between Basic and Advanced Windows Auditing, providing a user-friendly web interface for configuring Advanced Audit Policies, with an option to apply additional event filters by user and text.
BENEFITS OF ADVANCED AUDITING CAPABILITIES:
- More granular control = More security while simultaneously reducing log noise
- Enhanced user interface = Make the job of the SOC or security analyst significantly easier and more efficient
- Reduction in log noise = Reduce ingestion costs and faster threat detection, hunting, remediation times
- Enriched data = Improve forensic investigation capabilities while improving incident reporting speed and coverage
REVAMPED POLICY SUITE FOR ADVANCED AUDITING CONTROLS ON MICROSOFT EVENTS
Advanced Audit Policy controls enable security teams and SOCs the ability to eliminate a significant amount of log noise. This enables security teams to focus on the most important events, improving threat hunting speed and efficiency.
- New filtering capabilities to make sure the super noisy events are not overwhelming the system.
- Eliminate log noise to improve threat hunting speed and make the work simple for security analysts.
How this update will help your security team:
- More granular control = More Secure
- Reduces noise = Reduce Cost
- Reduce noise = Improve Speed
- Make threat hunting faster
REMOVABLE STORAGE MONITORING (USB, Mobile Phone, Etc.)
Customers can see what files were copied to and from removable storage devices for forensic analysis. If an employee or bad actor uses a removable device to install any malicious software on a network, Snare can now pick up on the additional source activity so it can be alerted to.
Significant security enhancements for protecting corporate data:
- Payroll Data
- Customer Data – PCI DSS, HIPAA, Classified information
- Importing Data – to track what Malware or Software is being used
BENEFITS:
- Improves forensic investigation capabilities
- Enhanced security for corporate data
Federal Information Processing Standards
To be FIPS compliant means an organization adheres to the Federal Information Processing Standards (FIPS) in order to act in accordance with the Federal Information Security Management Act of 2002 (FISMA) and the Federal Information Security Modernization Act of 2014 (FISMA2014).
The Snare Agents and SAM now exclusively use FIPS-140 certified OpenSSL3 libraries for crypto functions.
BENEFIT(S)
- Enhanced security certification to meet Federal standards
FAM & RAM Enhancements
IMPROVE THREAT DETECTION & RESPONSE TIME BY REDUCING UNWANTED LOG DATA
Snare’s Enterprise Agent provides IT stakeholders and security teams with some of the most granular auditing and filtering capabilities for FAM and RAM logs available in the market.
The new FAM and RAM auditing and filtering capabilities will provide security, risk, and compliance teams with options for File/Folder and Registry auditing. File/Folder and Registry access auditing can be controlled via the Snare Agent as well, with an option to apply additional event filters by user and text.
This means:
- More refined log data to meet auditing and compliance requirements
- Increased control over which files and registry locations are monitored
- The ability to concentrate on important events that are critical and filter out the noise
- Immediate access to the data required to report material cyber incidents
- The ability to reduce unwanted event log data
- Increased speed-to-detection in the event of a breach or attack
Sophisticated Security Capabilities
Strongest Security to Protect Data In Transit
Snare Agents provide an option to use only TLS 1.3 to better protect the privacy and integrity of agent connections. The secure transmission of logs away from the system that created them – protecting data in transit.
This enhancement will enable security teams to:
- Enhance network security to use strongest ciphers and the latest TLS version
- Better secure network communications
- Reduce the risk for data tampering, and
- Quickly catch and prevent eavesdropping on communications
Extended SQL Event Coverage
Enhanced Database Auditing & Monitoring
The Snare Agent for Microsoft SQL Server can now be configured to collect Extended Events, enabling security teams to capture more events compared to SQL Trace.
The new View Extended Events page allows security teams to explore a tree of categories and events available on the current server, paired with a Filter to find events of interest by name. This makes threat detection and response faster and more comprehensive so security teams and IT stakeholders can confidently answer questions related to cyber incidents and breaches (who got in, how they got in, and what they stole).
Enhancements to the Snare Agent for SQL will enable security teams to:
- Access a more granular audit of database content and enhanced database performance metrics and statistics
- Collect as much or as little data required to identify anomalous actives in SQL Server
- Dramatically decreasing time spent on finding bad actors
- Use new event auditing options with extended coverage and very specific audit settings
- Collect enhanced audit events with additional detail and control
Additional OS Coverage
Ensure Audit Compliance Coverage Across More Operating Systems
Snare Agents provide additional OS coverage for Linux Agents using the SUSE Linux Enterprise Server 15 now supported.
With both Basic and Advanced auditing capabilities available, Snare Enterprise Agents will ensure coverage and audit compliance over corporate network assets and extend support for Snare Agents on later operating systems.
Extended Linux Agent Coverage
Ensure All Relevant Audit Events Can Be Collected From Monitored Platforms
Updates and enhancement to the Snare Linux Agent extend the audit event coverage. The Snare Linux Agent can now be configured to collect any Linux audit event in the range of 1000 – 2599, previously it only covered from 1000-1199.
The enhancements to the Snare Linux Agent will help:
- Track more activity on the system and operating system behavior
- Extend the audit coverage for the Linux agent to collect other system and kernel events
- Ensure that all relevant audit events can be collected from the monitored platforms
Snare Enterprise Agent Capabilities
– Experience the Full Power of Snare –
ADVANCED AUDITING FOR MORE GRANULAR CONTROL
Advanced Auditing provides more granular control over auditing, enabling security teams to capture the most important log data and eliminate network noise. This includes Microsoft Windows systems.
REMOVEABLE STORAGE DEVICE MONITORING (USB, MOBILE, ETC…)
Customers can see what files were copied to and from removable storage devices for forensic analysis. If an employee or bad actor uses a removable device to install any malicious software on a network, Snare can now pick up on the additional source activity so it can be alerted to.
AUDITING & FILTERING FOR FILE ACCESS & REGISTRY ACCESS MONITORING
Snare’s Enterprise Agent provides IT stakeholders and security teams with the the most granular auditing and filtering capabilities for FAM and RAM logs ever released.
STRONGEST SECURITY TO PROTECT DATA IN TRANSIT
With Snare Agents, there is an option to use only TLS 1.3 to better protect the privacy and integrity of agent connections. The secure transmission of logs away from the system that created them – protecting data in transit.
EXTENDED SQL COVERAGE
The Snare Agent for Microsoft SQL Server can now be configured to collect Extended Events, enabling security teams to capture more events compared to SQL Trace.
AUDIT COMPLIANCE COVERAGE
With the Snare Enterprise Agent, additional OS coverage for Linux Agents using the SUSE Linux Enterprise Server 15 now supported.
This ensures coverage and audit compliance over corporate network assets and extends support for Snare agents on later operating systems.
EXTENDED LINUX COVERAGE
The Snare Linux Agent will extend audit event coverage.
The Snare Linux Agent can now be configured to collect any Linux audit event in the range of 1000 – 2599 (previously it only covered from 1000-1199).
16 OUT-OF-THE-BOX AUDIT POLICIES
Useful for collecting useful security events, providing extended coverage over administrative activity and potential malicious activity while meeting ISO27001, SANs and Microsoft forensic needs.
FIPS COMPLIANCE
The Snare Agents and SAM now exclusively use FIPS-140 certified OpenSSL3 libraries for crypto functions.
Ready for Snare Enterprise Agents?
Get in touch with your regional Snare office about upgrading or deploying Snare today.
