Intelligent CIO APAC Issue 30 | Page 63

CASE STUDY
The solution
After examining a range of alternatives in the IT security space , a decision was taken to engage the services of New Zealand managed services provider Advantage .
Advantage assessed Sandfield ’ s specific requirements and recommended that the LogRhythm-based Security Information and Event Management ( SIEM ) platform be deployed . The project began in early 2021 with a proof-of-concept ( PoC ) before rolling it out to cover all critical systems .
“ The first step for us was to enable LogRhythm to capture all our Windows and firewall logs ,” said Knight . “ Since then , we have added logs from our AWS and Azure cloud environments as well as Google Workspaces .”
Knight said the fact that Advantage already had a comprehensive knowledge of LogRhythm was invaluable as it allowed the new security framework to be up and running very quickly . “ By using their team of experts , it meant our internal IT team did not have to fully understand the complexities of the platform before we could put it into action ,” he said .
Advantage also worked to include a stream of New Zealand-specific security data into the system , including Malware Free Networks from the New Zealand Government Security Bureau , to further improve protection . This data helps to identify localized threats that may have already been flagged by other organizations .
The benefits
With the LogRhythm SIEM platform now fully functional and receiving logs from a range of core systems , Knight said the biggest benefit has been ‘ peace of mind ’.
“ We know that we now have better visibility of all our security logs and events ,” he said . “ We can be confident that any misconfigurations , breaches , or unauthorized access of our systems will be quickly picked up .”
About Sandfield
Sandfield delivers custom software solutions that give clients an edge . It partners with ambitious companies who want to get ahead .
Sandfield ’ s expertise spans several technologies and industries with dedicated offerings in supply chain , integration , financial management and custom software development .
security operations team ,” he said . “ That is an example of how effective LogRhythm is at spotting potential threats amid very large volumes of alerts . There would be no way to do that manually .”
Knight said the LogRhythm infrastructure has already proven to be invaluable as it recently spotted a misconfiguration that could have led to issues if not rectified in a timely manner .
“ We were then able to rectify that misconfiguration immediately whereas , prior to LogRhythm , it may have been days or even weeks before it was spotted ,” he said . “ We are now much more comfortable that we have the level of visibility we require to ensure our systems and resources are secure at all times .”
Steve Smith , Auckland Regional Manager , Advantage NZ , said the strong working relationship that now exists between the two companies would help to ensure the current high levels of security protection would be maintained .
“ We now have a solid understanding of Sandfield ’ s requirements and look forward to supporting them as a team with the winning combination of LogRhythm ’ s technology and expert skills as they continue to grow in the future ,” he said . p
Knight said the level and extent of protection enjoyed by the company would simply not have been possible to achieve without LogRhythm . As an example , in a recent month there were more than 191 million logs ingested by LogRhythm , of which 3.5 million were forwarded to a second stage for closer analysis by Artificial Intelligence tools .
“ This then led to 67 alarms being triggered , of which just 37 needed to be investigated by the Advantage
www . intelligentcio . com INTELLIGENTCIO APAC 63