Strengths: Provides user activity tracking and alerting
Weaknesses: Limited on the types of logs it can handle, cost
Verdict: Specialised log analysis tool that can get a bit expensive in large implementations
InTrust from Quest Software provides users with the ability to manage and analyse logs and events from Windows, Linux and Unix systems in one integrated application. It features the tools necessary to collect and analyse suspicious events and create reports and alerts to help mitigate risk of possible threats.
We found this product to be quite easy to install and configure. The application itself is set up via a short installation wizard that will install all of the necessary components needed. Once this is complete a configuration wizard is launched that helps get a basic configuration in place to start collecting data. All other management is done via the management console, which we found to be quite comfortable to use, with a tree navigation structure that was easy to browse through.
While InTrust is designed for native collection of Windows, Linux and Unix logs it can also be configured to handle other log types such as Cisco and Check Point with some additional configuration. We found the correlation engine provided good functionality. It also includes UserTrack technology, which watches user and administrator accounts and automatically alerts on suspicious activity.
Documentation included a quick-start guide and several other supplemental configuration guides. The installation guide provides a good amount of detail on how to get the system installed and up and running, while the user guide provides a deeper look into how to configure and use the product. All of the guides included a good amount of detail, with many screenshots and step-by-step instructions.
Quest Software offers the first year of technical support included in the purchase price. After the first year customers can purchase additional support via a contract. There is also a support area available on the website that includes a knowledgebase, documentation and other product resources.
At a price of £8.94 per Active Directory-enabled user per year, InTrust can get quite expensive for large environments, so it is average value for money. While it does have some nice features, it is quite limited in some areas.