Bourne Leisure Implements LogRhythm for PCI DSS Compliance, Improved Network Visibility and IT Helpdesk Support

17 September 2009 - Bourne Leisure, Britain’s leading leisure company is implementing an integrated log & event management solution from LogRhythm the company that makes log data useful. Primarily being used to meet requirements in Bourne Leisure’s PCI DSS compliance project, LogRhythm will also identify network problems, and ultimately become one of the primary support tools used by the Bourne Leisure IT team. Bourne Leisure Limited has over 35 years of experience in the UK holiday market. Within the group are well known and established brands such as Haven, Warner and Butlins.

Bourne Leisure’s primary focus is on selling – whether it’s caravans, holiday breaks or the entertainment and hospitality available across its 51 locations around the UK. Bourne, along with every other company handling credit cards is subject to the Payment Card Industry Data Security Standards (PCI DSS) which aim to help protect card holders’ data and have specific requirements around log data centralisation, archiving, monitoring and reporting for security and audit purposes.

While Bourne Leisure has been making some use of its log data, it hasn’t had any means of centrally pulling the information together from its numerous operating systems and servers. As such, log data analysis was time consuming, difficult to consolidate and often didn’t reveal the bigger picture.

To address this, Bourne Leisure is implementing a log management, analysis and event management solution from LogRhythm which, as well as ticking the PCI DSS compliance box, will bring greater control over and visibility of the entire IT infrastructure. Jeremy Stancombe, IT manager at Bourne Leisure explains the choice.

“Before deciding on LogRhythm, we drew up a comprehensive matrix of requirements from both our technology and business teams and assessed a number of log management solutions against it. Not only did LogRhythm score highly against these criteria, but we were very impressed with the level of interaction we had with the company, constant updates and regular site visits. As well as meeting the necessary requirements for our PCI DSS project, we found the LogRhythm consultants extremely empathic and hard working, putting themselves in our shoes and suggesting additional benefits that the solution could bring to the business. These included a series of ad-hoc queries allowing us to analyse website traffic in real time and allowing the IT team to assess the overall performance of the various Web sites the company runs. LogRhythm is also relatively straightforward to deploy and came in at a cost effective price.”

Phase one of the LogRhythm implementation will focus on Bourne Leisure’s cardholder data environment and once this has been achieved, the solution will be rolled out across the organisation.

One area that LogRhythm will be playing a significant role in is that of IT support - identifying and troubleshooting any problems across the IT infrastructure. For example, by integrating all of the log data, LogRhythm will allow Bourne Leisure to see the impact that one problem in one part of the operation may be having on other systems – ultimately enabling the company to address multiple issues at once. This will have a huge impact on reducing the time taken to investigate problems, ensuring optimum performance.

Initially LogRhythm will be accessed by six members of Bourne Leisure’s IT team, but the company has ambitious plans to extend its use further across the organisation.

Stancombe continues: “As LogRhythm’s reports are so informative and easy to interpret, it makes perfect sense to share this knowledge with each of the IT support teams so that they always have the latest information on the status of our infrastructure. This will better equip our support teams to respond to any queries that our large PC user base, spread around the UK, may have. It should ensure that problems can be rectified as quickly as possible and that there is minimal disruption to our end users.”

Ross Brewer, vice president and managing director, LogRhythm APAC & EMEA adds: “Bourne Leisure has really grasped the potential that LogRhythm can bring to the broader business beyond PCI DSS compliance. Sharing network status information with the helpdesk support teams will ultimately improve the running of Bourne Leisure’s entire support operation, bringing further advantages, and most importantly Return on Investment to the company.”

About LogRhythm

LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled security operations center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.