TechValidate Research on Quest Microsoft Platform Management


Quest InTrust Case Study

Federal Government Agency

Introduction

This case study of a federal government is based on a February 2018 survey of Quest InTrust customers by TechValidate, a 3rd-party research service. The profiled organization asked to have their name blinded to protect their confidentiality.

“We are using Quest InTrust for management of event logs in an environment where auditing is turned up way too high. We are looking at Splunk for analytics and are in the process of setting up ingestion of the InTrust repository contents.”

Challenges

The business challenges that led the profiled organization to evaluate and ultimately select Quest InTrust:

  • Solved for the following challenges:
    • Collecting large volumes of event log data from different systems, devices, and applications
    • Strict compliance regulations for data retention

Use Case

The key features and functionalities of Quest InTrust that the surveyed organization uses:

  • Uses the following SIEM tools:
    • ArcSight
    • Splunk
  • Is collecting data from the following systems:
    • Windows (servers and workstations)
    • Linux/Unix (HP-UX, IBM AIX, Solaris)
    • Web Servers
    • DB Server (SQL Server, Oracle)
    • Custom/scripted data source
    • Firewalls (CheckPoint, Cisco PIX)
    • Exchange
    • Proxies (Microsoft ISA, Microsoft Forefront Threat Management Gateway, TrendMicro InterScan Web Appliance)
  • Uses the following systems to analyze InTrust data:
    • Quest InTrust Repository Viewer (Searches and Reports)
    • Splunk

Results

The surveyed organization achieved the following results with Quest InTrust:

  • Realized the following benefits with InTrust:
    • Forwarded log data to their existing SIEM solution for security analytics
    • Protected event log data from tampering or erasure
  • Reduced storage costs by 61-80% with InTrust’s highly-compressed repository.
  • Total size of their InTrust repositories is 10 TB.




About This Data

This data was sourced directly from verified users of Quest Microsoft Platform Management by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.


More Research on Quest Microsoft Platform Management