Government agencies around the world have developed policies and guidance for protecting information technology and communication systems. This, in turn, protects citizens, information, and assets, both at home and overseas.
The SNARE Server provides a centralised collection, analysis, reporting, and archival function for a variety of audit log sources. It’s ideal for use by government agencies across the world.
For example, on installation the SNARE Server runs a configuration wizard that lets administrators install and configure objectives that are specifically targeted to address the requirements of the US Government’s National Industrial Security Program Operating Manual (NISPOM) Chapter 8 requirements.
This includes monitoring:
- network devices for all management and security events, and failed connections, including events such as general reconfiguration, reboots, and password changes
- general workstations and servers for all management security events, logins and logouts (both failed and successful), accounts created, and accounts deleted
- servers and workstations used for storing and processing sensitive information for all management security events, logins and logouts (both failed and successful), accounts created, and accounts deleted. (On *nix systems, file auditing of the “/etc” directory should be considered. On Windows systems, full process event monitoring should be considered.)
The SNARE Server generates detailed reports that can be fine-tuned to deliver the information needed to keep systems safe. The reports should be monitored regularly so anomalous activity can be investigated.