Skipton deploys log management kit to ease PCI compliance
Skipton assistant system security manager Andrew Whitton said that although the building society was already doing some basic log management, the PCI DSS directive pushed it to examine the process in more detail.
“It was a good time to find a solution to meet compliance requirements, as well as to achieve the security our complex IT environment needs,” said Whitton.
As part of that re-evaluation of its IT systems, Skipton decided to implement a new log management system, LogLogic, to improve its oversight of activity across its IT infrastructure – thereby meeting some of the PCI requirements.
After an onsite demo and proof-of-concept initiative, Skipton bought a LogLogic LX1010 appliance to collect events and a LogLogic ST3010 appliance for archiving and storing the log data.
The ST3010 appliance tracks windows events, developer team events and network devices. Skipton's security service provider, Integralis, helped to design and implement about 30 daily PCI DSS compliance reports, and had the system up and running to complete the first audit within one month.
“The ST3010 had about 35TB of storage, more than enough for our needs over 12 months,” said Whitton.
The LX3010 was used to take logs from Skipton’s servers, and since LogLogic is an agent-less system, a major benefit was that Skipton’s IT department did not need to install agents on each server throughout the organisation.
“There are some servers in branch offices, but most are in a single central datacentre,” said Whitton.
The LX3010 was also able to cover Skipton’s network infrastructure without additional development work. “We could interface with Terminal Access Controller Access Control System authentication, and also get LogLogic to talk to our firewalls and pull log data off them,” explained Whitton.
The benefits are easy, fast access to the PCI reports. “It’s difficult to quantify the time we’ve saved, other than to say we simply couldn't do what we’re doing now without LogLogic - there just aren't enough man hours available,” said Whitton.
Additionally, LogLogic’s PCI Compliance Suite has provided Skipton with a variety of automated reports and alerts for monitoring PCI compliance, enabling it to easily implement and enforce PCI best practices and processes society-wide.
The increased visibility into system events gives Skipton the ability to see unusual windows event activity easily – such as unauthorised user logons. This has improved insight into its own systems, and increased its ability to act on these insights.
For the future, Skipton can now focus on setting up and running the system to look at its internal systems security. Although it is currently only running PCI reports, it is looking at expanding reporting to other areas of the business in the future.