In the early days when the only organizations that relied on log and forensic data were Defense, Intelligence agencies, and large financial institutions, Snare was there to help lock down critical data and infrastructure.
When corporations graduated from pure perimeter controls to a more holistic detection and prevention system, Snare was there to provide an optimized, low barrier-to-entry solution for security event management.
When government and industry regulations mandated security and event monitoring as a basic component of an organizations defensive strategy, Snare was there to not only help the security team make it through an audit, but also to enhance an organizational security footprint.
When the ever-increasing complexity of the cybersecurity environment, combined with the global shortfall of security professionals, bought about the rise of the Managed Security Service Provider (MSSP), Snare was there to provide strategic collection flexibility, filtering, end-solution independence, and accessible data formats.
MSSPs continue to push the boundaries of cybersecurity defense and assurance, and Snare marches alongside; striving to deliver the best, most secure products on the market today to support an MSSPs mission. Our continued commitment to quality is why Snare is considered the defacto platform for log collection and is used by MSSPs all over the world – including almost every current and past Gartner leader.
(Reducing the MTTD & MTTR)
For MSSPs, every second counts.
Snares noise reduction technologies can significantly reduce Mean Time To Detection (MTTD), ensure faster and more accurate analysis, provide significant savings and tighter security and facilitate a faster Mean Time To Response (MTTR). While Snare supports an ‘all the noise you can handle’ capability, getting rid of noise is an option Snare provides via multiple methods.
Real Time Event Filtering – Snare finds, filters and forwards in real time, so that as events are generated, they are quickly and automatically sent to the MSSP. Filtering enables the MSSP to reduce or exclude irrelevant events, thus reducing network traffic, and back end server/analysis resources. Snare filtering is optional and may be incorporated at the agent, reflector, and collector level.
Verbose Truncation – Event truncation can preserve forensically valuable data at the start of each record, while reducing overall volume footprint of a security deployment by truncating informational data in particularly verbose records. Shown to reduce noise by up to 60%.
Reduced Cost to
Deploy & Maintain
The Snare enterprise agent has a single binary that collects logs on Windows or Unix systems, and can also process text log files from applications such as IIS, DHCP, DNS, Apache, and many other sources. Most Snare sites are up and running in hours to days, not months. Snares enterprise agents are proven to have a lower total cost of ownership than even free alternatives.
Agent Management Console – Snare agents can be configured via group policy, remotely distributed registry settings, synchronized configuration files (unix), or even via the user interface embedded in each agent. However, the Agent Management Console (AMC) provides the capability to use cloneable primary/secondary configuration policies for different clusters of systems, or geographic/functional domains. Domain controllers, application servers, database servers, web servers, file servers, desktops – all can have their own special log source configuration, audit policies and security requirements. AMC allows these policies to be manually configured, or automatically distributed on a scheduled basis.
Snare Agent Manager – Centralized binary distribution, health monitoring and licensing for all agents. Binary distribution simplifies the process of ensuring agents are at the most up to date version, and have access to new features.
Small Footprint – The Snare agents are designed to be low impact background tasks that do not impact operational capabilities. A fully deployed agent is less than 20MB in size. System memory requirements are generally less than 20MB, and CPU utilization is consistently less than 5% on most deployments.
Reduce deployment, support and tuning costs – Snare is operational out of the box. Flexible deployment and configuration options reduce or remove on-system tuning. Remote configuration opportunities via group policy, AMC, rsync, or registry distribution reduce on-prem, RDP or interactive login requirements. Automate the update of Snare agents with the Snare Agent Manager whilst monitoring deployment and health.
Complete suite of agents – Utilize Snare agent capabilities to bring in all your customers data sources to address other budgeted use cases. Provide a scale-able end to enterprise log management solution.
Attractive MSSP license models – Leverage the MSSP license model to increase your services revenue by keeping license costs down. Highly discounted structure when leveraging throughout your customer base.
Protect Brand Reputation & Revenue
Quick to Deploy – Snare agents can be deployed manually within a few minutes. When used with template configurations, hundreds or thousands of systems can be updated quickly using our MSI wrapper and other tools like GPO, or Microsoft SCCM, among others.
Faster – Deploying Snare in minutes, not hours, allows your administrators time to focus on other tasks. Meet your compliance requirements, and quickly eliminate compliance risk.
Simple To Use
Size is no barrier – Bring an enterprise log solution to customers of all sizes. Scale from SMB to full enterprise environments with the de-facto industry log collection suite that also reduces your risk of SIEM solution lock-in.
Feature set – There are a host of additional features MSSPs leverage from Snare including: Pull in user and group credentials, File Integrity Monitoring (FIM), File Activity Monitoring (FAM), Registry Integrity Monitoring (RIM), USB Auditing, Hardware/Network Failure Caching, EPS Throttling, PCI, HIPAA, SOX Compliance.
Snare is the global standard for feature-rich, reliable, lightweight agents. Rock solid log collection is both a compliance and security imperative.
When companies across the world want the best, they choose Snare.