Redcats USA Automates PCI Compliance with LogRhythm
Redcats USA is a multi-channel home shopping leader with multiple catalogs and e-commerce web sites representing established brands in its portfolio: Woman Within, Jessica London, Roaman’s, Avenue, KingSize, BrylaneHome, BrylaneHome Kitchen, The Sportsman’s Guide and The Golf Warehouse. The company is ranked No. 3 in home shopping in the US, offers a wide range of value and quality driven merchandise categories, including missy apparel, men’s and women’s plus-size apparel, home and lifestyle products, and outdoor gear.
The company, No. 28 in the Internet Retail Top 500 Guide, grew web sales by 11% to $801 million in 2007 from $720 million in 2006. “Despite a tough business environment and overall decline in retail sales, Redcats USA’s web business increased by 11.2% through acquisitions and organic growth,” says Redcats USA CEO Eric Faintreny. “We continue to see ‘channel shift’ from catalog customers migrating from phone to web, which supports our multi-channel strategy.” Redcats USA generates 30% of apparel and lifestyles sales online and over 50% of sporting good sales online.
Supporting rapid growth and on-going PCI compliance
As a payment card processing merchant, Redcats USA must be in compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). The company must meet the PCI-DSS reporting and auditing requirements while managing double digit growth in overall revenues. Strong business growth coupled with successfully driving a multi-channel strategy that includes large number of catalogs, e-commerce websites and stores was straining IT resources.
To comply with PCI-DSS compliance requirements, IT has to provide comprehensive log collection, log management and event management for logs generated by devices, systems and applications across the entire network. Redcats USA log sources include Cisco switches and routers, firewalls, Windows and AIX servers, and mainframe systems. To ensure compliance, the company needs to collect, normalize and manage vast quantities of logs from these devices every day.
Redcats USA IT resources must also manage the infrastructure that accompanies strong business growth. For example, the company more than doubled their workforce from 4,500 employees to almost 10,000 and over 400 brick and mortar stores with the acquisition of Avenue. Despite the growth in the size and complexity of the network infrastructure, the IT organization has to maintain service levels to end users through automation and productivity improvements for IT staff.
Automated PCI Compliance
To ensure compliance, Redcats USA IT needed to collect, normalize and manage the huge quantity of logs generated across the entire network. Meeting those requirements with home-grown scripts and existing IT staff was simply not feasible. “LogRhythm has allowed systems administrators to get a comprehensive view of all servers and devices in one dashboard. It was virtually impossible to look at the log data across all devices and correlate events until we implemented LogRhythm.” stated Eric Laszlo, Senior Manager, Information Technology. “LogRhythm automates all of those functions for us and generates the reports necessary for us to meet our compliance obligations.”
Custom Device support
The Redcats USA network included several mainframes and related applications that were considered custom log sources that had to be collected for PCI compliance. “LogRhythm responded quickly to our requests and delivered custom device and application support to collect our mainframe data, interpret the taxonomy of the logs and normalize all the data to fully integrate our mainframes into our log management, analysis and SIEM,” noted Eric Laszlo.
IT Optimization and reduced costs
Redcats, USA has realized increased IT optimization and improved service levels to end users by taking advantage of LogRhythm functionality and workflow features. The enhanced real-time correlation and alerting capabilities of LogRhythm coupled with the forensic drill-down features adds unprecedented efficiencies to network operations management and security investigations.
The LogRhythm Personal Dashboard allows different users to customize views of the network in a manner that maps to their job function and responsibilities. “The Dashboard presents information from vast quantities of logs in a single screen,” Eric stated. “We now have insights into our network coupled with proactive capabilities that we never had before. For example, our systems administrators have taken advantage of LogRhythm’s alerting capabilities to provide better service levels to end users. They get alerts for service failures, service stops or if a particular server is running low on disk space. An email is pushed to their Blackberry so that they can respond immediately.” Redcats USA IT has leveraged the features within LogRhythm to manage network growth and improve the productivity of their existing staff.
Ease of implementation and deployment
“Implementation was easier than anticipated. We had LogRhythm up and running quickly which provides cost efficiencies and low impact on IT resources,” stated Eric.
- Automates PCI-DSS compliance and reporting
- Collects, analyze and manages logs from more than a hundred sources, both standard and custom
- Automates internal audit reporting with ability to create custom and on-the-fly reports
- IT optimization and improved services levels to end users through real-time monitoring, alerting, investigation and forensic capabilities