Maidenhead, 23 March 2010– Camelot, the licensed operator of the UK’s National Lottery, is implementing a log management, log analysis and event management solution from LogRhythm, the company that makes log data useful. The implementation will further secure the company’s web-based services, ensure Payment Card Industry Data Security Standard (PCI DSS) and ISO27001 compliance, and further improve network management cost efficiency.
In the most recent full year to 31 March 2009, Camelot achieved its best sales performance in a decade, increasing total National Lottery sales to over £5 billion. This further improvement in sales once again drove annual returns to the Good Causes, bringing the total amount which National Lottery players have now helped to raise since the lottery’s launch in 1994 to over £24 billion.
As well as running the most cost-efficient lottery in Europe, with around 4% of total revenue spent on operating costs, Camelot also runs one of the most successful interactive lotteries in the world – with over four million registered players.
All of Camelot’s log data is currently manually processed but, recognising the benefits that automating this process can bring in terms of compliance and improved operational practices, Camelot has selected LogRhythm to provide an integrated security information and event management (SIEM) solution. Paul Jay, Head of Information Security at Camelot, explains the choice:
“Camelot is internationally recognised for its ongoing commitment to player protection and the integrity of its services. My team is responsible for maintaining a secure environment for transacting our online lottery sales which, in turn, generate over £2.5 million for the Good Causes throughout the UK every week. LogRhythm offered Camelot a unique and highly-effective solution for meeting our rigorous security and compliance requirements, while substantially reducing the operational overhead traditionally associated with log and event management. Given the completeness of the LogRhythm solution, combined with its ease-of-use and implementation, we anticipate a positive return on investment.”
Phase one of the LogRhythm implementation is focusing primarily on PCI DSS compliance, in particular, storing and analysing log data from Camelot’s various payment processing and banking applications in line with the log data stipulations laid out in the regulations. LogRhythm will then be rolled out to cover as many Camelot production systems as possible. It will also play a key role in the company’s network security strategy, working alongside Camelot’s Intrusion Detection System and Intrusion Prevention System, as well as supporting vulnerability management.
LogRhythm will be tailored to provide information dashboards specific to each of Camelot’s business divisions. These dashboards will make it easier for the company’s information security team to have a comprehensive insight into network activity from a departmental perspective.
Paul Jay continues: “Ongoing compliance is only one benefit offered by LogRhythm. The implementation will bring a new level of automation and efficiency to how log data is handled and how any troubleshooting investigations are carried out. LogRhythm will enable us to take an even more proactive approach to investigating any incidents as they happen. By removing these labour-intensive processes, we will not only further enhance our network security but also reduce the amount of man-hours involved and subsequently manage our technology estate even more efficiently.”
Ross Brewer, vice president and managing director, APAC & EMEA, LogRhythm, adds: “Compliance is no longer the sole driver for organisations to implement integrated SIEM solutions such as LogRhythm’s. Cost management is increasingly playing a role in how they manage their network security. By fully integrating log data with event management, information security managers can have unprecedented insight into, and control over, their networks – without the need to invest vast amounts of man-hours in the process.”