Reigate and Banstead Borough Council Implements LogRhythm to Comply with CoCo and Improve Network Reporting Forensics

5 August 2009 - Reigate and Banstead Borough Council is implementing a log management, log analysis and event management solution from LogRhythm, the company that makes log data useful. The new solution is being implemented so that the Council can sign up to the government’s Code of Connection (CoCo) as well as dramatically streamline how it reports on network activity for forensic and audit purposes.

Reigate and Banstead Borough Council is responsible for 127,000 residents and covers an area of 129 square kilometres. Like all councils in England and Wales, Reigate and Banstead must sign up to a Code of Connection (CoCo) before it can connect to the UK Government Connect Secure Extranet (GCSX) - a private wide area network for secure communications between connected government organisations. As CoCo has specific requirements on how log data is stored, managed and accessed, it triggered Reigate and Banstead to review how the Council processes its log data.

Until now, if Reigate and Banstead wanted to access its log data, searches would have to be done manually across a large number of servers which was incredibly time consuming. Implementing an automated system would not only tick the CoCo box but would also significantly reduce the time taken to search log data and produce network activity reports.

Ian Machen, project manager, Reigate and Banstead Borough Council explains: “When it came to choosing a log management solution, we consulted a number of local authorities who had recently gone though the selection process. LogRhythm was the name which cropped up over and over again. Not only were we drawn towards LogRhythm on the recommendations by our peers, but it was one of the few suppliers which could interface with our Novell-based network. Additionally, LogRhythm’s ability to produce standard reports for CoCo and PCI seemed an obvious time-saving advantage. Finally, during the initial discussion with LogRhythm, we found that the solution met all of the day to day requirements laid out by our security manager.”

LogRhythm will be used in Reigate and Banstead’s ICT department by the security manager, their deputy and two IT administrators to monitor the Council’s firewalls and assist with intrusion detection.
Ultimately, LogRhythm will span the Council’s entire IT infrastructure where it will alert on suspicious behaviour, particularly around users logging in and out of the network, password control and web access. By providing Reigate and Banstead with an unprecedented view of its network – LogRhythm will enable the team to identify a single point of reference from which it can drill into and identify any problems so that they can be acted on immediately.

Machen concludes: “Even though we’re in the early stages of implementing LogRhythm, we keep seeing new ways in which the solution can assist us beyond ticking the compliance box. The company has been extremely responsive and professional in developing the solution further as we identify these new opportunities. As such, LogRhythm is set to offer a high return on investment and we’re looking forward to having the solution up and running to bring maximum benefits to the Council.”

Ross Brewer, vice president and managing director, LogRhythm EMEA adds, “As with so many LogRhythm customers who purchase the solution for compliance purposes, the moment implementation commences, the more applications users see for it beyond regulatory requirements. CoCo may be the trigger to purchase LogRhythm in the short-term but the added value that it brings can result in huge efficiency savings and improved operations across the board.”

About LogRhythm

LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled security operations center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.