We like to tout Snare’s ability to “reduce the noise” in your logging efforts but what exactly do we mean when we say that and why is it important?
Event logging veterans can probably guess fairly easily that we are talking about the excess data collected by logging solutions, but because collecting everything has been a go-to tactic for so long maybe all that wasteful data bogging down your network and driving up SIEM costs doesn’t seem like noise but an inconvenient but unavoidable by-product. Many more probably don’t even realize how much junk is clogging up their SIEM and network.
Snare started off as the only rock solid log collector that could bring together logs on disparate systems and aggregate them for analysis. In other words you could count on your logs getting collected, something far too many tools still can’t guarantee, and you could see your syslogs and windows event logs in one place. Snare Agents are also agnostic so no matter what SIEM solution you opted to by, if you were having trouble with the logs you can plug and play Snare Agents to solve those problems. SIEM vendors picked up on this and began recommending Snare Agents as a compliment and that is how we took off.
Fast forward a bit and we here at Intersect Alliance wanted to take it a step further. Clients around the globe had a long list of nice to haves, things that would make their SIEM efforts more efficient and more effective. This was the genesis to the premium features you see today. Things like managing audit policy, truncation of windows event descriptive text, and multi-tiered filtering.
Cool, huh? Well, we think so. Our roadmap has filled out and we are excited to continue bringing more premium features to our Snare suite.