- QRadar - Security Information and Event Management
Zenith Systems is the certified Intersect Alliance / Snare Partner servicing Africa.
Maximizing the security of your computer network can be as challenging as it is essential.
You likely need to:
- Provide potent protection to address attacks on your systems and data, whether these be of a malicious, fraudulent or vandalistic nature. Or where the perpetratorís aim is crime, breaching security, operational disruption, cyber terrorism or sheer mindedness.
- Meet your organizationís own audit requirements for data protection.
- Comply with the external demands of others such as stakeholders, shareholders, supervising government entities, customers or even suppliers.
- Conform to one or several security standards such as those specified in: PCI DSS, HIPAA, SOX, NISPOM, California SB, US Patriot Act, ISM, GLBA, DCID, DIAM, DDS, Danish Standard DS-484, ISO27001/2, Massachusetts 201 CMR to name but the most common.
All of which are major issues that are fully addressed by the Snare Enterprise product suite.
In short, Snare is the world standard for effectively gathering and filtering IT-event data for critical security monitoring, analysis, auditing and archiving. It does what you need and delivers what you want.
Snare Agents capture and immediately send the collected event logs to the Snare Server, a third party SIEM or a Syslog server for central storage and reporting.
Snare Agents will run on your server or desktop system to capture all relevant system or application audit logs. You can filter and refine the logging collection to capture all IT network security or application events that you have defined to be relevant to your business operation and to help with compliance to your security policy. The agents capture and immediately send the collected event logs to the Snare Server, ArcSight, LogLogic, LogRhythm, Splunk, RSA or other third party SIEM or a Syslog server for central storage and reporting. There are many Snare Enterprise Agents solutions which are each designed for a specific technology platform and provide you with an extensive range of crucial options.
Agent Management Console:
The Agent Management Console provides the ability to make site-wide configuration changes from a centralized location:
The Agent Management Console (AMC) is a tool that enables remote management of Snare Agents through a workbench interface. The AMC enables administrators to set up automatic audits of the configuration of Agents within their site. The administrators specify a Master Configuration for the fleet Agents. This Master Configuration is then compared to the configuration of each of the Agents. Any discrepancies found are listed, and alerts sent out as required. Any Agents that were uncontactable are also identified. The results of these audits helps administrators identify if the configurations of any Agents have been unexpectedly modified.
The AMC allows you to create as many management objectives are required for your environment, including:
- Manage any compatible Snare Agent even if it's not directly reporting to the Snare Server.
- Snare Agents reporting to the Snare Server will be automatically identified and treated as a reporting Agent.
- Snare Agents not reporting to the Snare Server can be added within the management objective configuration as a non-reporting agent. After specifying these Agents, the management functionality available is the same as a reporting Agent.
- Specify the type of Agent to be managed, ensuring integrity of the agent configuration.
- Pull the current configuration from any of the compatible Snare Agents within your environment, either by filtering Agent by hostname and/or version, or by specifying non-reporting Agents manually by IP or IP range.
- Pull current configuration from a Master Agent to compare against the managed list of Agent configurations.
- Optionally push a master configuration out to each of the managed agents that support push, to sync configurations to a single configuration. Unauthorized configuration changes on the Agents are reverted automatically.
The Snare Server is a log aggregation and management tool, developed in the security labs of the defense industry, that provides robust audit event collection, analysis, reporting and archival capabilities of IT security log data. It can collect from a variety of operating systems, services and applications and can receive event log data directly from Snare Enterprise Agents, Snare Epilog files (ascii text log file), syslog network devices such as routers, switches, firewalls and authentication servers.
The Snare Server secures your event logs with encrypted log transport and time stamped message files, which is of major relevance if your organisation has to meet demanding audit specifications, log management requirements or needs to conform to IT security standards.
William Nicol Rd, cnr Leslie Avenue
Tel:(011) 513 3473.
Fax:(086) 271 8152