LogRhythm log management, analysis and event management system selected for faster and easier log data handling capabilities
28 April 2009 - Blaenau Gwent County Council is implementing a log management, log analysis and event management solution from LogRhythm (www.logrhythm.com), the company that makes log data useful. The new solution will make it easier for Blaenau Gwent to comply with the UK Government Connect Secure Extranet (GCSX) initiative while also improving the overall running of the network.
Blaenau Gwent covers an area of approximately 10,900 hectares and has a population of 68,400. Like all councils in England and Wales, Blaenau Gwent is participating in the UK GCSX initiative which aims to create a private wide area network for secure communications between connected government organisations. In order to connect to GCSX, local authorities must sign up to a Code of Connection (CoCo) which includes specific requirements on log data.
Until now, Blaenau Gwent had been managing its log data manually, running daily downloads so that the information was available should any network incident need investigating. While this is adequate to comply with CoCo, the council recognised that it wasn’t particularly efficient so decided to implement a centralised log management system. Steve Hopes, information security officer, Blaenau Gwent County Council explains:
“Manually recording log data meant that while there would be a historical record of network activity, searching for it would take considerable time. We realised that a centralised logging solution would not only speed up the search process but could also proactively identify unprecedented events when they happen. We considered developing our own solution using Open Source but when we discovered LogRhythm , we realised that because it is pre-configured, it could become operational much more quickly and bring immediate benefits. When we researched LogRhythm further, we found it to be a company which is consistently at the top end of the market with a good reputation within the public sector so we felt comfortable using it as an external supplier.”
Implementation time at Blaenau Gwent was kept to a minimum as LogRhythm is provided pre-prepared for GCSX, with common event structures and reporting packages which map to the compliance regulations. Additionally, LogRhythm’s ability to support a wide number of devices means that the software can interface more easily with technology already in place at the Council, ensuring that the log data generated is fully optimised. Blaenau Gwent is halfway through full installation of LogRhythm and is already virtually GCSX compliant as a result. As such, the Council is now turning its attention to how the system can assist in other areas of its IT operation.
As Blaenau Gwent has a relatively small IT team which is responsible for managing technology across 90 sites, it always relied on users to flag any problems experienced on the network. However this wasn’t ideal as prioritising incident investigations could be difficult, and any forensic activity complex and time intensive. LogRhythm is replacing this reliance on users for network monitoring and instead automatically notifies the IT team of any irregularities as and when they happen. For example, the IT department had been experiencing regular account log-out notifications but investigating these manually would have required significant time and resources. When LogRhythm was installed, it pin-pointed the source of the problem within seconds so that it could be addressed quickly and easily.
Hopes concludes: “LogRhythm is extremely intuitive to use which meant that we were able to start benefiting from it even before we had our formal training from the company. Now that we’re getting more familiar with the system, we’ve started to install a number of switches which will extend the use of LogRhythm further across the Council – giving us greater visibility of exactly what’s happening on the servers so that that any weaknesses or errors can be flagged and addressed straight away, ensuring the network is fully optimised at all times.”
Ross Brewer, vice president and managing director, LogRhythm EMEA adds, “Blaenau Gwent is another example of the momentum that LogRhythm is seeing within the public sector as a growing number of local authorities recognise the value that the technology can add both from a GCSX perspective and from a general IT best practice point of view.”
LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) framework serves as the foundation for the AI-enabled security operations center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.