Tying Windows Events and Syslogs Together

In typical Microsoft fashion they had to go and create their own version of logging which in turn created a more convoluted IT ecosystem. As if IT didn’t have enough to do. When it comes to collecting logs from several disparate systems and then trying to glean insight from them; having multiple formats is not only inconvenient, it requires additional functionality in collectors. This is actually why Snare Open Source Agents became so popular. You could set up free Snare Agents and streamline collection at a central server.

With all the options out on the marketplace nowadays, merging syslog and windows event data tends to be far less of a concern. There are even those who still snag our open source agents to accomplish the task in a makeshift SIEM. Still, far too many companies are not centralizing their logs and they should remedy that immediately. Centralizing logs may seem obvious to some, but for others the benefits may be a bit obfuscated until they actually start profiting from the practice. By centralizing your log collection you not only save time but improve the reliability of your logging. You create a system of record, you streamline forensics, you keep logs secure and can quickly check on the health of your systems. While any centralizing system may seem sufficient there is one factor to keep in mind: cost.

Why? Because the data gets unwieldy as your logging needs increase in scope. When SIEM providers charge by data collected, that cost can easily increase exponentially with seemingly little you can do about it. So when you are shopping logging solutions you should not only make sure they can centralize your log collection but they should help you reduce the noise so you can efficiently manage cost.

/by

Beware, “Free” is Never Really FREE

In a day and age filled with ePhone 14s and Gamebox 7000s, there is no reason for enterprise B2B software to be so opaque, so convoluted, that it requires weeks of implementation and months of training. Which is how a vast number of open source offerings pay their way. Software isn’t “free” when you have to pay for documentation and months of training. It certainly isn’t free when you have to pay people to come in so you can implement it. The crazy part is that countless open source solutions end up costing significantly more than their commercial counterparts when all is said and done. The unavoidable costs of software whether you buy or build is well documented, and when people opt for the open source solution they end up learning the hard way.

There are other reasons people go with open source solutions even when it ends up costing them money in the long run. Vendor lock-in being another major reason as companies want to be free to switch providers if necessary and that can be difficult after making a large investment in a particular vendor’s solution. We broke Snare out into platform agnostic parts so that Snare can be a standalone solution or work in conjunction with a new or existing SIEM. We work with other software so well that customers use Snare when migrating SIEMs and love it so much they leave it in place to enhance the new SIEM platform. In other words, Snare isn’t an alternative, it’s an enhancement. Forcing vendor lock-in is antithetical to any customer driven software company’s philosophy.

There is a lot more coming from Snare and we have an especially exciting 2017 planned. In the meantime check out the following to learn more.

Download our brochure on the differences between our Enterprise and Open Source products get the paper.

Or check out the free Enterprise trial and get hands on with the differences yourself.

/by

What is Snare? [Video]

Not sure what Snare does? Looking for a logging or SIEM solution but not sure how Snare fits? Our own Gene McGowan threw this video together to quickly cover the full gamut of Snare. Want the fastest overview of Snare possible? Watch this video.

https://youtu.be/o2_hc_WF6Ig

If you have any questions or would like to know more just reach out to us!

/by