Established in 1989, Sandfield has grown to become a leading provider of software applications for operational businesses looking to differentiate themselves through the use of technology.
The company’s services and product portfolio includes software and website development, application delivery, database administration, mobile app development, and integration services. Sandfield supports clients throughout New Zealand and around the world.
The Business Challenge
As it has grown during the past few years, Sandfield has increasingly been taking on larger and more complex client projects. This has required an expansion of the company’s cloud operations and an increase in processing and storage capacities.
Justin Knight, Head of IT Operations at Sandfield, said this growth had also led to the need for increased IT security measures to ensure client applications and data were fully protected from external threats. At the same time, the organisation benchmarked its protocols against an international standard to ensure their capabilities would be protected.
“About 18 months ago, we achieved our ISO ISO27001 certification,” he said. “As a part of that, and to ensure we had all the required controls in place, we realised we needed better insight into and management of our security measures.”
Initially, the company’s IT team assessed whether this could be achieved using internal staffing and resources. However, it quickly became apparent that this would not be the most effective approach.
After examining a range of alternatives in the IT security space, a decision was taken to engage the services of New Zealand managed services provider Advantage.
Advantage assessed Sandfield’s specific requirements and recommended that the LogRhythm-based Security Information and Event Management (SIEM) platform be deployed. The project began in early 2021 with a proof-of-concept (PoC) before rolling it out to cover all critical systems.
“The first step for us was to enable LogRhythm to capture all our Windows and firewall logs,” said Knight. “Since then, we have added logs from our AWS and Azure cloud environments as well as Google Workspaces.”
Knight said the fact that Advantage already had a comprehensive knowledge of LogRhythm was invaluable as it allowed the new security framework to be up and running very quickly. “By using their team of experts, it meant our internal IT team did not have to fully understand the complexities of the platform before we could put it into action,” he said.
Advantage also worked to include a stream of New Zealand-specific security data into the system, including Malware Free Networks from the New Zealand Government Security Bureau, to further improve protection. This data helps to identify localised threats that may have already been flagged by other organisations.
With the LogRhythm SIEM platform now fully functional and receiving logs from a range of core systems, Knight said the biggest benefit has been “peace of mind”.
Knight said the level and extent of protection enjoyed by the company would simply not have been possible to achieve without LogRhythm. As an example, in a recent month there were more than 191 million logs ingested by LogRhythm, of which 3.5 million were forwarded to a second stage for closer analysis by artificial intelligence tools.
“This then led to 67 alarms being triggered, of which just 37 needed to be investigated by the Advantage security operations team,” he said. “That is an example of how effective LogRhythm is as spotting potential threats amid very large volumes of alerts. There would be no way to do that manually.”
Knight said the LogRhythm infrastructure has already proven to be invaluable as it recently spotted a misconfiguration that could have led to issues if not rectified in a timely manner.
“We were then able to rectify that misconfiguration immediately whereas, prior to LogRhythm, it may have been days or even weeks before it was spotted,” he said. “We are now much more comfortable that we have the level of visibility we require to ensure our systems and resources are secure at all times.”
Steve Smith, Auckland Regional Manager, Advantage NZ, said the strong working relationship that now exists between the two companies would help to ensure the current high levels of security protection would be maintained.
LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency.
With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com.
Explore LogRhythm Case Studies
Leading Malaysian developer UDA Holdings zeroes in on threats with LogRhythm
Overseen by the Ministry of Entrepreneur Development and Cooperatives (MEDAC) of Malaysia, the Urban Development Authority (UDA) is a property developer that manages and operates real estate as well as provides services for housing, lifestyle, retail, and hospitality sectors. Renowned
Healthcare Security Team Proves Strong ROI with LogRhythm
A U.S.-based healthcare organization with a small information security team lacked a centralized way to collect and analyze logs and identify and respond to incidents in an effective manner. The business wanted to find the right solution to enhance its
Salvation Army Achieves Game-Changing Cybersecurity Posture with LogRhythm
For more than 140 years, the Salvation Army has been providing support and guidance for those in need throughout Australia. The faith-based movement offers a range of services including assistance for the homeless, aged, alcohol and drug rehabilitation, youth and