Case Study: Federal Government Agency achieves 61–80% storage cost reduction and tamper-proof event log management with Quest InTrust

Federal Government Agency uses Quest InTrust to collect event logs

A U.S. federal agency needed to collect and retain large volumes of event log data from a heterogeneous environment (Windows, Linux/Unix, web and DB servers, firewalls, Exchange, proxies and custom sources) while meeting strict compliance and auditing requirements. The complexity and high audit volume drove the agency to evaluate a centralized log management solution.

The agency deployed Quest InTrust, integrating it with ArcSight and Splunk and using the InTrust Repository Viewer for search and reports. InTrust centralized and highly compressed the agency’s logs (10 TB total), protected them from tampering, forwarded data to its SIEM for analytics, and cut storage costs by 61–80% while enabling Splunk ingestion for further analysis.