Story image

CASE STUDY: Achieving full network visibility with SIEM

16 Nov 2017

As a business rapidly expands or IT imperatives become increasingly more pronounced, it can be easy for cybersecurity teams to feel overwhelmed when it comes to network monitoring.

With contemporary IT networks becoming increasingly more complex, sourcing the right information and proactively using data becomes key, however, it can often be hard to find the resources to be able to accomplish this in an effective way.

This was the issue that global premium appliance manufacturer Sub-Zero was having, and it was proving to be a real issue for its IT security staff.

Sub-Zero is a rapidly growing business, with over 30 locations, including multiple manufacturing facilities and numerous showrooms featuring high-end appliances and unique customer experiences.

However as the company grew, their IT security teams struggled to keep up with the network monitoring that was required to keep the company secure.

Tyler Novogoratz, Sub-Zero IT supervisor for security and disaster recovery says, “Our leadership and human resources teams were inquiring about user activity on our network. I didn’t have a good way to pull that information for them.

“We needed a solution that would provide a single point of consolidation for our many sources of logs so that we could easily search and correlate the data. We also wanted to combine all of our monitoring tools into one platform that could alert us when we have security issues.”

Implementation of a solution

Novogoratz and his colleague T.J. Hathaway, Sub-Zero systems engineer level III, knew they needed a SIEM solution, but wanted an approach that best suited them in terms of ease of use and deployment.

They started by looking at the top 10 organisations in the Gartner Magic Quadrant for SIEM, and eventually narrowed it down to one, choosing LogRhythm as their preferred SIEM solution.

On their decision, Hathaway states “LogRhythm was the obvious choice for us. It’s easy to set up, the web dashboard is very intuitive and easy to navigate, and the out-of-the-box reporting is very important for us.

“For me in particular, the drill-down capability is a big selling point. I can investigate incidents quickly, whereas before it could take hours or days to get the information I needed.”

Benefits

After only a week of implementation, including configuring the logs, and activating the initial layout, they immediately started to see major benefits and improvements that the solution provided.

Hathaway adds, “On the second day of implementation we learned that one of our switches had a bad power supply and we found a bad fibre link in one of our wiring closets. LogRhythm also alerted us to some network routing issues and we were able to take a closer look.”

After approximately eight months, the solution has met all the original objectives of the project.

Novogoratz explains that the LogRhythm solution enables his team to view all logs from a single place, and allows them to proactively monitor the network as issues arise, instead of having to check several disparate systems.

”When we see an issue on a network appliance and another issue on a server, LogRhythm helps us correlate the events so we can better understand the problem and how to investigate it,” he says.

Hathaway also says the reports have simplified his job in a number of ways.

One example is that he frequently uses a report to know when an administrator has changed their password, and he can verify this action with the administrator to be sure the change was legitimate.

This also saves hours of investigation time when an account is locked out and Hathaway needs to know where the administrator was logged in during the password change.

Looking forward

Both Novogoratz and Hathaway are pleased with the results that the LogRhythm SIEM solution has yielded.

Prior to installing LogRhythm, the workflow for investigating security threats was manual and not well defined.

Novogoratz says, “Now we rely on alerts and reports from LogRhythm to start the process and narrow our search.”

Looking toward the future, Sub-Zero plans to bring more device logs into the system and to configure and finetune alerts.

Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.