TechValidate Research on Quest Microsoft Platform Management


Quest InTrust Case Study

Fortune 500 Automotive & Transport Company

Introduction

This case study of a Fortune 500 automotive & transport company is based on a February 2018 survey of Quest InTrust customers by TechValidate, a 3rd-party research service. The profiled company asked to have their name blinded to protect their confidentiality.

“We use InTrust for the protection of the event log from malicious deletion and real-time alerting on local security group management.”

Challenges

The business challenges that led the profiled company to evaluate and ultimately select Quest InTrust:

  • Limited visibility into workstation and privileged account activity
  • Collecting large volumes of event log data from different systems, devices and applications
  • Need to protect logs from tampering or erasure
  • Strict compliance regulations for data retention
  • Need to respond quickly to security incidents

Use Case

The key features and functionalities of Quest InTrust that the surveyed company uses:

  • Uses the following SIEM tools in their environment:
    • Splunk
  • Is collecting data from the following systems:
    • Windows (servers and workstations)
    • DB Server (SQL Server, Oracle)
    • Exchange
  • Uses the following systems to analyze InTrust data:
    • Quest InTrust Repository Viewer (Searches and Reports)

Results

The surveyed company achieved the following results with Quest InTrust:

  • Realized the following benefits with InTrust:
    • Increased the speed of security investigations and audits with full-text search on all native logs
    • Improved real-time alerting of suspicious activity
    • Protected event log data from tampering or erasure
  • Collects 50,000 events per day using InTrust
  • Sends 1,000 events per day to their SIEM solutions
  • Total size of their InTrust repositories is 4 TB




About This Data

This data was sourced directly from verified users of Quest Microsoft Platform Management by TechValidate.

TechValidate verifies the identity and organizational affiliation of all participants that contribute to published research data. When research participants so desire, we also guarantee their anonymity so that they may share information honestly and freely.


More Research on Quest Microsoft Platform Management