SIEM and Log Management Solution Helps Insurance Firm Gain Out-of-the-Box PCI Compliance
February, 2011 – LogRhythm, the company that makes log data useful, today announced that Endsleigh Insurance Services has deployed its integrated log management and security information and event management (SIEM) solution to help comply with Payment Card Industry Data Security Standard (PCI DSS) regulations. Endsleigh is also using the LogRhythm solution to gain a unified view of the various security threats and operational efficiencies affecting all parts of its network.
Endsleigh, one of the UK’s leading independent insurance intermediaries, decided to deploy a dedicated log management and SIEM solution when it became clear it could no longer rely on the log data provided by individual applications and network devices in order to prove PCI compliance and spot security threats. With a rising number of logs, and with each device and application requiring manual configuration and producing separate log data reports, the overhead of collecting and processing log data was becoming difficult to manage. Furthermore, Endsleigh wanted added confidence that its IT operations were secure and compliant.
As part of the selection process, Endsleigh considered a number of solutions, including offerings from LogLogic and ArcSight. It chose LogRhythm for its scalability, performance specifications, ease-of-use and out-of-the-box functionality.
“We needed a solution that would work straight away and provide us with constant reassurance that our infrastructure was compliant and secure,” said Jason Collins, IT Project Manager at Endsleigh Insurance Services. “Endsleigh is subject to a variety of regulations – including the Data Protection Act, PCI DSS and FSA rules – so we wanted a centralised, automated solution that could help meet all these requirements quickly and efficiently. We used to collect and manage log data manually, but with LogRhythm we can now automate this process and have a single view of the entire infrastructure. This means we can now spot even the tiniest of events, including those which would have been missed in the past.”
One of Endsleigh’s biggest concerns about deploying a centralised log management and SIEM solution was around the initial setup. However, Endsleigh found that the support from LogRhythm was of a very high standard, ensuring a smooth deployment.
“We wanted a comprehensive solution but we were worried it could take considerable upfront effort to configure specific log settings and alerts,” continued Collins. “LogRhythm’s support during this part of the deployment was exceptional; its team was available at all times to help us get the configuration right first time. Once the installation was complete, we have found the solution to be very straightforward – indeed, anyone can use it.”
With the LogRhythm solution in place, Endsleigh can now generate reports to prove compliance and act on real-time alerts in case any event takes place that could affect its ability to meet regulations. It can also monitor and alert on security events occurring on any part of the network, spotting both external and internal breaches, for example, hack attacks, the abuse of access rights or the unauthorised use of flash drives. In the future, Endsleigh intends to use LogRhythm to discover and fix operational inefficiencies, including understanding when remote access connections have failed, or identifying desktops that have not received scheduled software updates.
Ross Brewer, vice president and managing director of international markets, LogRhythm, said “Like so many organisations, Endsleigh faced an uphill challenge to collect, process and store an ever growing number of logs; otherwise it risked non-compliance or a breach. LogRhythm hasn’t just solved these issues, it has also given Endsleigh the ability to pinpoint operational problems and improve the overall efficiency of its entire IT estate.”