Sandfield strengthens IT security and automates monitoring with LogRhythm

Established in 1989, Sandfield has grown to become a leading provider of software applications for operational businesses looking to differentiate themselves through the use of technology.

The company’s services and product portfolio includes software and website development, application delivery, database administration, mobile app development, and integration services. Sandfield supports clients throughout New Zealand and around the world.

The Business Challenge

As it has grown during the past few years, Sandfield has increasingly been taking on larger and more complex client projects. This has required an expansion of the company’s cloud operations and an increase in processing and storage capacities.

Justin Knight, Head of IT Operations at Sandfield, said this growth had also led to the need for increased IT security measures to ensure client applications and data were fully protected from external threats. At the same time, the organisation benchmarked its protocols against an international standard to ensure their capabilities would be protected.

“About 18 months ago, we achieved our ISO ISO27001 certification,” he said. “As a part of that, and to ensure we had all the required controls in place, we realised we needed better insight into and management of our security measures.”

Initially, the company’s IT team assessed whether this could be achieved using internal staffing and resources. However, it quickly became apparent that this would not be the most effective approach.

Organisation

Sandfield

Members

110+ staff

Key Impacts
  • Achieved higher visibility of all security logs and events
  • Improved proposition for application delivery solutions
  • In a recent month, distilled 191 million logs ingested into 37 alarms for manual investigation or remediation

The Solution

After examining a range of alternatives in the IT security space, a decision was taken to engage the services of New Zealand managed services provider Advantage. 

Advantage assessed Sandfield’s specific requirements and recommended that the LogRhythm-based Security Information and Event Management (SIEM) platform be deployed. The project began in early 2021 with a proof-of-concept (PoC) before rolling it out to cover all critical systems. 

“The first step for us was to enable LogRhythm to capture all our Windows and firewall logs,” said Knight. “Since then, we have added logs from our AWS and Azure cloud environments as well as Google Workspaces.”

Knight said the fact that Advantage already had a comprehensive knowledge of LogRhythm was invaluable as it allowed the new security framework to be up and running very quickly. “By using their team of experts, it meant our internal IT team did not have to fully understand the complexities of the platform before we could put it into action,” he said.

Advantage also worked to include a stream of New Zealand-specific security data into the system, including Malware Free Networks from the New Zealand Government Security Bureau, to further improve protection. This data helps to identify localised threats that may have already been flagged by other organisations.

The benefits

LogRhythm SIEM Dashboard

With the LogRhythm SIEM platform now fully functional and receiving logs from a range of core systems, Knight said the biggest benefit has been “peace of mind”.

Knight said the level and extent of protection enjoyed by the company would simply not have been possible to achieve without LogRhythm. As an example, in a recent month there were more than 191 million logs ingested by LogRhythm, of which 3.5 million were forwarded to a second stage for closer analysis by artificial intelligence tools. 

“This then led to 67 alarms being triggered, of which just 37 needed to be investigated by the Advantage security operations team,” he said. “That is an example of how effective LogRhythm is as spotting potential threats amid very large volumes of alerts. There would be no way to do that manually.”

Knight said the LogRhythm infrastructure has already proven to be invaluable as it recently spotted a misconfiguration that could have led to issues if not rectified in a timely manner.

“We were then able to rectify that misconfiguration immediately whereas, prior to LogRhythm, it may have been days or even weeks before it was spotted,” he said. “We are now much more comfortable that we have the level of visibility we require to ensure our systems and resources are secure at all times.”

Steve Smith, Auckland Regional Manager, Advantage NZ, said the strong working relationship that now exists between the two companies would help to ensure the current high levels of security protection would be maintained.

“[With LogRhythm,] we are now much more comfortable that we have the level of visibility we require to ensure our systems and resources are secure at all times. We can be confident that any misconfigurations, breaches, or unauthorised access of our systems will be quickly picked up.”
Justin Knight_Sandfield
Justin Knight
Head of IT Operations, Sandfield
“We now have a solid understanding of Sandfield’s requirements and look forward to supporting them as a team with the winning combination of LogRhythm’s technology and expert skills as they continue to grow in the future.”
Steve Smith_Advantage
Steve Smith
Auckland Regional Manager, Advantage
About LogRhythm

LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency.

With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at logrhythm.com.

Explore LogRhythm Case Studies

Comments are closed.