Why installing Snare is a must on desktops and laptops

Owned by Carlos Osorio
Nov 10, 2020
3 min read


SUMMARY

Jul 15, 2015

Logging information from your servers using the Snare agents captures half of the story if managing a general security incident or a full data breach. To ensure important information isn't missed installing the Snare agents on desktops and laptops is recommended.

Here are some of the reasons why Snare Enterprise Agents are necessary on not just the servers but on desktops and laptops.

  • For PCI DSS compliance all systems in scope need to have logging and auditing in place. This means all servers, desktops, databases, web servers, applications, routers, firewalls, switches etc. Any devices that is involved with storing, processing, transmitting or accessing card holder data is in scope for PCI DSS. So users on their laptops and desktops that access systems that contain cardholder data are in scope and need agents. These users could be the office administrators or the systems administrator, application administrators, DBA or network administrators, and service desktop personal if they take cardholder data over the phone and enter it in a computer, and as such all in scope and hence need to have an agent.

  • A standalone system can have changes performed, sensitive data can be stored copied to it, accessed from it and not all changes are recorded on the domain controllers, many of the details are only logged locally. If a user uses a local login to the work station (a non active directory account) that information will not go to the domain controller as it only gets logged locally. If they have a local USB or cdrom then using those devices is only recorded locally. They only way to capture that information is with a local agent on the desktop or laptop.

  • Other security standard such as SOX, FISMA all require assurance of the integrity of the financial systems. This all requires end to end logging from the desktop to the server to the database where the information may reside to prove and hence the management team can attest in writing that their technical controls help to prove the financial systems are true and correct.

  • HIPAA also has other aspects of access to the medical data. Once the customer's data has been accessed from the servers they need to know what the person did with the data once it was on the desktop. Was it copied or moved to another system? This all means that agents are needed on desktops/laptops to know what happened to the data.

  • NISPOM and other USA government standards also covers the need for all computers to be in scope and this includes workstations.

  • From a general security controls perspective, all systems that have access to the corporate network or security zones need to have logging and auditing to know what state that system is in. In general it is no different to customers that have antivirus and apply security patches to these systems as they are important. If the system is important enough to have antivirus and get patched then it should also have an agent. Logging and auditing is no different, if you need to know the who, what, when and how of all the actions on the desktop systems.

See more information on our Snare Agent for Windows Desktop at the  Product Releases page.