Follow LogRhythm:

 Follow LogRhythm on Twitter Visit the LogRhythm BLOG, The DiaLog

French Landing Page
Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartResponse
       File Integrity Monitoring
       Host Activity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR 5.71
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
          Kwik Trip PCI Case Study
       Compliance Solution Briefs
       Compliance White Papers
       Independent Product Reviews
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal
Schedule an Online LogRhythm Demo Download White Papers Request More Information View 3-Minute Product Demo
Resources

After we evaluated the LogRhythm product, it was obvious that it not only did what we needed it to do to satisfy the log retention and archiving needs for SOX, but it also could do much more than we originally thought.

Michael Chapman,
Director of Digital Security/Technical Operations

Ascent Media Group Uses LogRhythm’s “Single Pane of Glass”to Gain Insight into Global Operations

Worldwide digital media conglomerate discovers LogRhythm addresses three enterprise needs: SOX compliance, IT operational efficiency and network security

If you watch television or feature films, it’s likely you have seen the creative or post production work of at Ascent Media Case Study logoleast one company within the worldwide conglomerate Ascent Media Group. When the credits roll, you might see names like Beast, Company 3, RIOT, Method and Filmcore Distribution. These and other companies in the Ascent family make, manage, move and monetize every aspect of content from the camera lens to the viewing screen.

These extremely creative companies are somewhat autonomous in their business operations. They need to be, in order to provide innovative and industry leading-services. At the same time, the parent company Ascent Media is responsible for financial reporting about the entire enterprise. As a public company, Ascent Media is subject to the regulations of the Sarbanes-Oxley Act of 2002 (SOX). Ascent struggled with SOX compliancy – and in fact was deficient for two years – because of the complexity of collecting and retaining log information from all the subsidiary companies.

The Challenges of Log Management

Michael Chapman, Director of Digital Security and Technical Operations for the West Coast division of Ascent Media, explains the challenges. “When Ascent was spun off from Liberty Media, another American media conglomerate, we needed to acquire our own log management and retention solution. It was something that was not budgeted or planned for until we started doing SOX compliance on our own.” The year was 2007.

Finding the right tool would not be easy. The companies within Ascent Media Group are spread across more than 60 locations around the world. Full compliance with the SOX mandate would require the deployment of a solution to all of these entities.

Chapman looked at a few products for log management. “There was not a lot on the market at that time, but LogRhythm was there,” he says. “After we evaluated the LogRhythm product, it was obvious that it not only did what we needed it to do to satisfy the log retention and archiving needs for SOX, but it also could do much more than we originally thought.” It is these extra capabilities that really help Chapman do his job.

The Solution for SOX Compliance and So Much More

Network security is a top concern for Chapman as he has two roles within the holding company. His digital security role holds him responsible for network security and the protection of the company’s digital assets.

His technical operations role requires oversight of the corporate IT infrastructure the servers, the email systems, and so on. The more he learned about the LogRhythm solution, the more he realized it serves the needs of both roles.

“In my role of ‘digital security,’ I am also the digital forensic investigator and I do litigation support,” says Chapman. “Most times an investigation will involve email, but it sometimes includes other things like, ‘What did they access, when did they access it, and from where?’ I need to know if they did anything nefarious. Logs are a tremendous wealth of information and a tremendous well to draw from. You can draw a lot of conclusions about how people utilize corporate resources based on log data.”

But you can’t make sense of so much log information without a log management tool. There are certain devices whose logs are highly relevant and important; for example, firewalls, content filters, and securitybased gateways. Chapman calls these logs “the obvious low hanging fruit.” But the information that is much more valuable is what people actually do on the network. To get this bigger picture, it’s critical to look at the global scope of all the resources on the network. “The only way you can do that is to send the logs to a device that can slice and dice the data and make some sense of it,” according to Chapman. “Certainly LogRhythm more than fits the bill there.”

The visibility that LogRhythm provides has been invaluable in several forensic investigations. Moreover, Chapman uses this intelligence almost daily to understand operational issues. In a large infrastructure such as that operated by Ascent Media, there frequently are indications that something isn’t quite right. The issue might not be obvious by looking at the problematic machine. According to Chapman, “A lot of times you have to trace the problem further back into the infrastructure and the only real way to do that is through logs.”

LogRhythm provides actionable insight that was not available before; for example, file copying activities and repeated failed login attempts from people trying to hack accounts. “We need to look at all the logs to see this activity from different vantage points within the infrastructure. It’s the correlation of events that’s so important,” explains Chapman. “Consider the case of a virus that infected numerous computers internally. We could trace the entry point of the virus to a particular machine with a particular person logged into that machine who retrieved a particular webpage that delivered a payload of malware. The only reason I am  able to do that is because LogRhythm shows me the correlated logs from our firewall, our content filter, and our entire Active Directory. It acts like a funnel to pinpoint the origination of the problem.”

This level of detail allows Ascent Media to put additional controls in place to help minimize the risk of another occurrence. “Before LogRhythm, these types of instances were all about damage control—clean, clean, clean everything!—but we never had the ability to answer the inevitable question ‘How did this happen?’ Now we can answer the question as well as do things to prevent it from happening by ramping up our content filter or blocking certain attachments if we find that to be the root cause. It is extremely difficult to come up with a root cause without an aggregation device like LogRhythm.”

A Global Deployment Through a “Single Pane of Glass”

Ascent Media’s global deployment of LogRhythm covers all its subsidiaries and locations spanning from the United States to Europe to Asia/Pacific. Log data is collected in each office and funneled to a regional log manager. “We have a log manager on the East and West coasts and log managers in the UK and Singapore,” explains Chapman. “All the local machines report to their regional log manager. When the log manager classifies something as being an event or an alert, the data is sent to the console appliance in our corporate office. This gives us a single pane of glass that looks at the entire infrastructure.”

LogRhythm Provides Global Insights into Ascent Media’s Entire Network

Chapman recently looked at other log management products, but they still can’t match the scalability of LogRhythm. “In 2007, there weren’t many players in the market but that’s different today. I’ve looked critically at some of those players and I think, in some respects, they would be fine in certain sizes of environments but they would fall flat on their faces in a large environment,” says Chapman. “The most arduous task for us was figuring out how to scale as we grow. No one else in the field in 2007 could have met our requirements.”

Benefits From the Obvious to the Unexpected

The primary and most obvious benefit of deploying LogRhythm was fixing the SOX compliance deficiency. Another value it brought to the company was to prevent the loss of information. “Before LogRhythm, we had zero capacity to handle logs,” laments Chapman. “Traipsing through the history of various servers—not just in a forensic investigation but also in resolving performance problems or delivery failures—was an exercise in futility because we had no information to look at. Now we have the information stored in a location that does not affect the application servers and where we can see it in near real time.”

A surprising benefit was the ability to build a security event management system from a product that Ascent Media expected to be only a log aggregation system. Chapman explains, “We bought LogRhythm for its log management capabilities. Then after going through the training and recognizing how LogRhythm is built, it became obvious that this is also a security event management system. We never scoped it out as being that, so instead of buying an additional product to meet the needs of a SIEM, I was able to take that off of my budget and save quite a bit of money.”

Looking Ahead Toward Expansion and Even More Value

Chapman plans to expand LogRhythm’s capabilities deeper into each subsidiary company to help them meet specific industry certification requirements. For example, the Motion Picture Association requires companies that work on motion pictures to segregate production networks from the normal corporate networks to prevent content from passing from one to the other on purpose or by accident. “The production
folks are basically where I was back in 2007,” says Chapman. “They have the need to pull all of the log information into a centralized place, not only to manage their operational weaknesses, but also so that they can provide the same information and reporting that our corporate office receives from LogRhythm today. They need to be able to say, ‘Mr. Client, here are all the logs of the activity from within our environment and as you can see, we had nothing to do with your film getting posted on YouTube.’”

To sum it up, Chapman says the implementation of LogRhythm throughout Ascent Media’s global organization has paid off in real and measureable ways. “It has saved us from the flaw-ridden approach of manually wading through millions of log entries daily, and reduced our operational costs in terms of man-hours spent investigating problems. LogRhythm has set the standard for SIEM 2.0. It is an invaluable innovation for us.”

Download Ascent Media Group Case Study 'PDF' Ascent Media Group Case Study
 
© 2011 LogRhythm, Inc.    All Rights Reserved.