Story image

CASE STUDY: Achieving full network visibility with SIEM

16 Nov 17

As a business rapidly expands or IT imperatives become increasingly more pronounced, it can be easy for cybersecurity teams to feel overwhelmed when it comes to network monitoring.

With contemporary IT networks becoming increasingly more complex, sourcing the right information and proactively using data becomes key, however, it can often be hard to find the resources to be able to accomplish this in an effective way.

This was the issue that global premium appliance manufacturer Sub-Zero was having, and it was proving to be a real issue for its IT security staff.

Sub-Zero is a rapidly growing business, with over 30 locations, including multiple manufacturing facilities and numerous showrooms featuring high-end appliances and unique customer experiences.

However as the company grew, their IT security teams struggled to keep up with the network monitoring that was required to keep the company secure.

Tyler Novogoratz, Sub-Zero IT supervisor for security and disaster recovery says, “Our leadership and human resources teams were inquiring about user activity on our network. I didn’t have a good way to pull that information for them.

“We needed a solution that would provide a single point of consolidation for our many sources of logs so that we could easily search and correlate the data. We also wanted to combine all of our monitoring tools into one platform that could alert us when we have security issues.”

Implementation of a solution

Novogoratz and his colleague T.J. Hathaway, Sub-Zero systems engineer level III, knew they needed a SIEM solution, but wanted an approach that best suited them in terms of ease of use and deployment.

They started by looking at the top 10 organisations in the Gartner Magic Quadrant for SIEM, and eventually narrowed it down to one, choosing LogRhythm as their preferred SIEM solution.

On their decision, Hathaway states “LogRhythm was the obvious choice for us. It’s easy to set up, the web dashboard is very intuitive and easy to navigate, and the out-of-the-box reporting is very important for us.

“For me in particular, the drill-down capability is a big selling point. I can investigate incidents quickly, whereas before it could take hours or days to get the information I needed.”

Benefits

After only a week of implementation, including configuring the logs, and activating the initial layout, they immediately started to see major benefits and improvements that the solution provided.

Hathaway adds, “On the second day of implementation we learned that one of our switches had a bad power supply and we found a bad fibre link in one of our wiring closets. LogRhythm also alerted us to some network routing issues and we were able to take a closer look.”

After approximately eight months, the solution has met all the original objectives of the project.

Novogoratz explains that the LogRhythm solution enables his team to view all logs from a single place, and allows them to proactively monitor the network as issues arise, instead of having to check several disparate systems.

”When we see an issue on a network appliance and another issue on a server, LogRhythm helps us correlate the events so we can better understand the problem and how to investigate it,” he says.

Hathaway also says the reports have simplified his job in a number of ways.

One example is that he frequently uses a report to know when an administrator has changed their password, and he can verify this action with the administrator to be sure the change was legitimate.

This also saves hours of investigation time when an account is locked out and Hathaway needs to know where the administrator was logged in during the password change.

Looking forward

Both Novogoratz and Hathaway are pleased with the results that the LogRhythm SIEM solution has yielded.

Prior to installing LogRhythm, the workflow for investigating security threats was manual and not well defined.

Novogoratz says, “Now we rely on alerts and reports from LogRhythm to start the process and narrow our search.”

Looking toward the future, Sub-Zero plans to bring more device logs into the system and to configure and finetune alerts.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.