CUSTOMER STORY
CHALLENGE SUMMARY
Operating in nearly 50 markets worldwide, one of the world’s leading financial services companies and providers of insurance, annuities, employee benefits, and asset management is trusted with highly sensitive personal and corporate data – on a massive scale.
The organization was looking for a logging solution that could be centrally managed, scale, and be deployed globally to meet different regional and industry-specific data security and cyber compliance requirements. In order to meet the needs of such a large and complex ecosystem, the company requires custom reporting requirements and the ability to parse their logs and send prescriptive subsets to multiple SIEM/XDR systems.
Our objective was to help the organization meet their compliance needs, while also providing a scalable solution that would continue to grow and adapt with the business, as well as help reduce escalating cyber costs. Ultimately, the logging solution would need to:
- Collect a wide variety of logs from business-critical Windows servers located in geographically distributed regions across the globe
- Send disparate log subsets to multiple SIEMs while reducing network overhead and providing in-flight encryption
- Solidify a solution with warm failover capability for disaster re-routing of log traffic
- Deploy globally with minimal human resources
- Provide at-the-ready telemetry of system counts under licenseise
OUTCOME SUMMARY
The organization and its security team were able to utilize features found in both the Snare Agents and Snare Central to successfully meet the organization’s vast log collection, management, reporting, and compliance needs.
In addition to being able to meet the technical needs of the business, there were significant cost savings discovered after the implementation of Snare Agents and Snare Central. The security team was able to demonstrate a significant reduction in log “noise” by filtering non business-critical events, and the ability to centrally manage all log collection and management meant a reduction in time spent updating policy controls at each site. An extra – and significant – costs savings was also realized once utilizing Snare’s unlimited data storage.
The addition of Snare to the organization’s cybersecurity solutions set has resulted in not only meeting compliance standards, but significantly reducing escalating cybersecurity costs. Since implementing Snare, this financial services leader can now:
- Forward unique log subsets to varied destinations
- Parse and obfuscate PII data found in logs as needed for compliance
- Eliminate “noise” by filtering non business-critical events
- Efficiently store events for potential forensic needs or reporting requirements
- Operate the Agent Management Console (AMC) to schedule Agent configuration validations and perform fleet-wide adjustments as needed
- Leverage the Snare Agent Manager (SAM) to easily manage licensing from a central location
- Utilize a simple interface to generate compliance reports, capacity planning metrics, and real-time alerting for suspicious activity
THE BACKGROUND
Helping a Global Leader in Financial Services Meet Critical Compliance Needs
The proper and reliable monitoring of logs is the first step in building a solid cyber infrastructure, particularly for large global organizations that manage thousands of transactions a day. System logs contain a wealth of information about the health of the network and should be monitored regularly in order to identify potential malicious activity – both internal or external.
And while system logs are critical for threat detection and investigation, the proper collection and management of log data is an essential compliance requirement for companies that manage personal data. The ability to quickly identify who got in, how they got in, and what they took is critical for the investigation and reporting of cyber incidents.
Log management is also a requirement for complying with information security regulations and will be critical for meeting updated reporting timelines required for publicly traded companies, which would require organizations to report the material incidents of a breach in a matter of days.
To meet current compliance requirements, prepare for future reporting and compliance requirements, in addition to meeting the reporting needs of the business, the Chief Information Security Officer and his team needed a robust logging solution that would:
- Collect a wide variety of logs from business-critical Windows servers located in geographically distributed regions across the globe
- Send disparate log subsets to multiple SIEMs while reducing network overhead and providing in-flight encryption
- Solidify a solution with warm failover capability for disaster re-routing of log traffic
- Deploy globally with minimal human resources
- Provide at-the-ready telemetry of system counts under license
THE CHALLENGE
Seamlessly Managing Logs Across a Global Enterprise
The shear size of the organization and the many markets it serves poses a challenge for any single logging solution.
The logging solution would need to have the ability to be centrally managed, scale and adapt to almost 50 different markets, and meet several different compliance and reporting requirements.
The reporting requirements not only needed to meet industry and market compliance requirements, but the business itself has unique reporting requirements required by leadership and by different business units across different geographies.
Additionally, the organization is utilizing multiple different SIEMS and XDR systems across the enterprise. They need a log management solution that can standardize across all the different systems, which includes parsing their logs and sending prescriptive subsets to multiple SIEM systems.
The needs for a globally-deployed log management solution were outlined by company leadership as follows:
- Be centrally managed
- Meet the company’s own custom reporting requirements
- Meet compliance standards for logging across multiple markets
- Integrate seamlessly with multiple SIEMS and XDR platforms
THE SOLUTION
Reducing Cyber Costs While Improving Compliance
In order to meet the needs of this organization, Snare’s experts suggested implementing multiple Snare Centrals together with Snare’s Enterprise Agents to effectively and efficiently manage the large amounts of devices and systems that needed to be properly monitored.
By utilizing the features found in the Snare Agents and Snare Central, the security team would be able to:
- Forward unique log subsets to varied destinations
- Parse and obfuscate PII found in logs as needed
- Eliminate “noise” through filtering non business-critical events
- Efficiently store events for potential forensic needs
- Centrally operate the Agent Management Console (AMC) to schedule Agent configuration validations and perform fleet-wide adjustments as needed
- Leverage the Snare Agent Manager (SAM) to easily manage licensing from a central location and reduce change control complexity through binary updates
- Use a simple interface to generate all the required compliance reports, capacity planning metrics, and real-time alerting for suspicious activity
THE OUTCOME
Meeting Global Compliance Standards while Reducing Cyber Costs
Since implementing Snare, the CISO at the organization has been able to produce the reports required by company leadership and has helped the organization meet high priority data security compliance standards across the globe.
Some of the most significant business outcomes since deploying Snare include:
- Reduction in risk while providing compliance and audit protection
- Decrease in operational costs through logging and storage efficiencies (utilizing Snare’s unlimited log storage)
- Mitigated time and human capital commitments with a simple-to-deploy solution on global scale
Compliance & Reporting Standards
Snare Agents and Snare Central provide log management, collection, and storage capabilities that are required for compliance across multiple geographies and industries.
Connect Dozens of Sites Globally
Many global organizations desperately need a log management solution that can meet individual site-specific requirements, while also providing a centralized view of all event log activity across the entire enterprise.
Frictionless Implementation
Companies need to be prepared to face the newly emerging threats across the cyber landscape. Snare’s centralized log management solution can be quickly and easily installed to start protecting your organization from threats immediately upon deployment.
Reliable Log Management
Originally designed for military and defense, Snare is the de facto centralized log management solution for thousands of organizations worldwide.