December 6, 2011 – LogRhythm, a leader in log management and SIEM, today announced that Callcredit Information Group has chosen to deploy its integrated log management and Security Information and Event Management (SIEM) technology to boost cyber security and improve data management procedures. This advanced Protective Monitoring covers the entire IT estate and generates actionable intelligence that can be integrated into the strategic processes that influence future investment and business decisions.
As a provider of marketing and credit solutions, Callcredit is charged with safeguarding significant volumes of sensitive information and currently holds detailed credit and marketing data on 42 million individuals and 2.8 million active businesses. In addition, due to the fact it hosts services online, any outage would be both costly and damaging to its reputation. Before implementing LogRhythm, Callcredit used a system that covered the enterprise services element of the business however it recognised the importance of a SIEM that could be deployed throughout its entire network.
It was soon established that the investment required to expand the legacy system was disproportionate to the value it could deliver. It was vital for any new system to be flexible enough to integrate with multiple vendor platforms as well as to support bespoke applications written by Callcredit. The existing supplier could not support this level of functionality in a cost effective manner. As a result Callcredit decided to look for a new vendor, reviewing solutions from all of the top tier SIEM providers.
Michael Brown, group head of security and fraud management at Callcredit commented, “A key requirement was for a vendor that was willing to engage as an equal partner. In the end, LogRhythm was an easy choice and won out by a mile. It was obvious from the start that this wasn’t going to be a traditional supplier/customer relationship – LogRhythm put the right resources on site and demonstrated that it had the ability to deliver the ideal solution. This was in stark contrast to the competition that seemed chained to the standard distribution model. Working in tandem with LogRhythm we were able to identify exactly what we wanted to get out of the solution and the best way to deploy internal resources so that Protective Monitoring became a fully integrated part of our business processes.”
While Callcredit is subject to regulations like PCI DSS and security standards like ISO 27001, its ethos dictates that compliance should be a consequence of good practice rather than a driver of strategic decisions. LogRhythm comes with out-of-the-box controls and reports pertaining to specific regulatory obligations, however far more important to Callcredit was the actionable intelligence that the system would provide.
“The sensitivity of the data we handle means we must be able to verify and validate data protection best practice. However, with our systems generating more than 50 million events daily, our previous technology made the task of identifying aberrant activity a difficult and time consuming process. With LogRhythm’s AI Engine in place we are able to correlate and draw intelligence from this information far more efficiently. Alerts can now be triggered by certain sequences of events, for example, if a user was to log into a PC without first having swiped in at the door. The intelligence provided by this advanced correlation not only allows us to identify current threats, but also predict what might happen in the future. By alerting Callcredit to any malicious probing that might be taking place throughout the IT estate, such as excessive attempts on our firewall, we can dynamically strengthen controls to more effectively manage emerging threats. In addition to assisting with security monitoring, the LogRhythm solution has also proved useful in both identifying and resolving any networking errors that arise.”
Ross Brewer, vice president and managing director International Markets, LogRhythm, said “Organisations that embrace best practice data security and management for the business value it delivers, not just because they have been obligated to, will derive a rapid return on their investment. The reason more and more compliance standards are now including Protective Monitoring is because of the unparalleled visibility of IT that it provides. It’s simply not possible to remove all vulnerabilities from networks so it is vitally important organisations employ a centralised platform that can link the vital data generated by firewalls, routers, applications and other components. By deploying LogRhythm Callcredit now has constant insight into the threats affecting its entire IT environment and can make informed decisions based on business intelligence.”
About Callcredit Information Group
Callcredit Information Group’s leading approach to deploying consumer information brings together experts across the fields of credit referencing, marketing services, interactive solutions and consultative analytics to provide clients with a range of innovative and effective products to discover new customers and to engage with current customers to optimise and increase profitability.
Products include award-winning fraud verification tools and database solutions to positively verify consumers, global operations to help expand businesses into new markets, digital solutions to improve the overall journey consumers make during interaction with a brand, customer handling to ensure consumer satisfaction at all levels and consumer marketing data and segmentation to improve understanding and targeting of customers and prospects.
Callcredit also offers products for their clients to assess a customer’s credit risk and affordability and their experts in collections and recoveries provide tailored debt recovery and tracing tools. Their market analysis and network planning function helps organisations develop profitable retail networks, and their tools in multi bureau, analytics and metrics work to provide fully assessed bureau data. www.callcredit.co.uk