REVIEWER: Eric Laszlo, senior manager of IT for Redcats USA.
BACKGROUND: Redcats USA is a multichannel home shopping leader with multiple catalogs and e-commerce Web sites representing established brands, including Woman Within, Jessica London, Roamans, Avenue, KingSize, BrylaneHome, BrylaneHome Kitchen, The Sportsmans Guide and The Golf Warehouse. Redcats USA offers a wide range of value and quality-driven merchandise categories, including mens and womens plus-size apparel, home and lifestyle products and outdoor gear.
PLATFORMS: Windows (PCs and servers) and IBM AIX and mainframes.
PROBLEM SOLVED: Redcats must comply with the payment card industry (PCI) data security standard (DSS). Meeting the PCI DSS reporting and auditing requirements while successfully driving a multichannel strategy that includes a large number of catalogs, e-commerce Web sites and stores was straining our IT resources. To comply with PCI DSS compliance requirements, IT must provide comprehensive log collection, log management and event management for logs generated by devices, systems and applications across our entire network. Our log sources include Cisco switches and routers, firewalls, Windows and AIX servers and mainframe systems. We need to collect, normalize and manage a vast quantity of logs from these devices every day. Meeting those requirements with home-grown scripts and manual triage was simply unfeasible. We deployed the LogRhythm log management and analysis system to automate all of these functions. LogRhythm now handles the collection, analysis and event management for all our log sources and generates the reports necessary for us to meet our compliance obligations. In addition, the product combines real-time correlation and alerting capabilities with the forensic drill-down features that allow us to proactively address and manage network operations issues and easily investigate security incidents. LogRhythm allows system administrators to get a comprehensive view of all servers and devices in one dashboard. It was virtually impossible to look at the log data across all devices and easily correlate events until we implemented LogRhythm.
PRODUCT FUNCTIONALITY: We use both the prepackaged PCI reports that ship with the LogRhythm system as well as the ability to create custom reports. LogRhythm responded quickly to our requests to add log collection for custom devices and applications deployed in our network. They have delivered the capability to collect, interpret the taxonomy and normalize mainframe log data, so it can be fully integrated with the rest of our log data for centralized management and analysis. The LogRhythm system provides a comprehensive view of servers and devices across our entire network in a manner that maps to the job function and responsibilities of different users. The dashboard also presents information from vast quantities of logs in a single screen. LogRhythm provides real-time monitoring of log activity and generates alerts in the event of policy violations, system faults and when performance thresholds are out of range. This enables our system administrators to proactively address problems and allows us to provide better service levels.
STRENGTHS: LogRhythm is log management and security information and event management (SIEM) integrated in one product. The personal dashboard provides a comprehensive view into our entire network and powerful analytics for log analysis and reporting. This global view of security events and log data as well as drill-down capability allows us to solve problems and document compliance with the PCI standard in a fraction of the time it took before. The LogRhythm systems ability to issue alerts based on real-time monitoring enables our IT staff to improve service levels to end users.
WEAKNESSES: LogRhythm is Windows-based and as such requires patching.
SELECTION CRITERIA: LogRhythm provides integrated log and security event management and analysis. In addition, it was easy to deploy and use, and it allows us to collect, normalize and analyze logs from custom devices and mainframe applications. Overall, it also provides the best value (capabilities and cost) compared to competing products.
DELIVERABLES: Log collection, normalization, aggregation and archiving, PCI compliance reports, audit reports, security reports, real-time monitoring and alerts, investigation/forensics reports and chain of custody (if needed for log evidence).
VENDOR SUPPORT: Implementation was easier than anticipated. The LogRhythm support team is extremely responsive to any support issues.
DOCUMENTATION: Documentation is complete and easy to understand.
3195 Sterling Circle
Boulder, CO 80301
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access