Looking through log data to find potential security risks is much like trying to find a needle in a haystack. Seeking to help find the proverbial needle faster, Dell is updating its InTrust software to version 11.0 with the promise of faster discovery and audit capabilities.
InTrust is designed to help enterprises meet compliance requirements for log data and identify potential security incidents.
While InTrust has features that are often thought of in the market as belonging to a SIEM (security information and event management) product, Dell is positioning InTrust in a different way. The SIEM marketplace is highly competitive with products including Splunk HP ArcSight and IBM qRadar all vying for market share.
"InTrust has functions like a SIEM, but it's not a 100 percent SIEM itself," Alexey Korotich, senior product manager at Dell, told eWEEK. "We see customers that own SIEM solutions and they still purchase InTrust."
InTrust can enable a third-party SIEM product by providing high-quality data and helping speed up the detection of threats, Korotich said, adding that InTrust is able to provide additional insight into user activity on a network.
A key part of the InTrust product is how log file and event data is gathered by the system. Korotich explained that there is a software agent that can be deployed on a target system, and InTrust can also accept data remotely from syslog (server system logging).
"You can set up your devices so they can provide their syslog data to the InTrust server," Korotich said.
InTrust 11.0's enhanced IT search facility enables users to search different types of IT data from a single Web interface. Among the things that the IT search can help discover are answers to user activity questions, including understanding who has access to data, how the access was obtained and how the access was used.
Understanding user access is important for compliance and security, Korotich said.
Prior versions of InTrust also had search capabilities, though they were somewhat limited, he said.
"Previously, search was limited to just one type of data, which is event logs," Korotich said."Now, we enable search across other types of IT information, including users and permissions."
Additionally, with InTrust 11.0, the IT search is available through a Web interface that can provide real-time insights. The ability to deliver the fast response is enabled through technology innovation built by Dell for data storage, the company said.
Part of the core intellectual property that Dell has with InTrust is its repository software, Korotich explained. The repository is able to compress data at a 40:1 ratio. The repository also has an index function such that data can be quickly searched and retrieved. "Repository is a flat file storage system that is essentially a NoSQL database," Korotich said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.