Published on 05-Nov-2013
"We can now find and address the source of a problem in minutes instead of tens of hours." - Mr. Dainis Bairs, Chief Information Security Officer and Head of IT, ERGO Latvia
Big Data & Analytics, Big Data & Analytics: Operations/Fraud/Threats, Big Data & Analytics: Risk, Integrated Service Management & Security Framework
IBM Business Partner:
Data Security Solutions (DSS LV)
ERGO Latvia IT staff used manual processes to integrate and analyze log information for security and compliance activities. However, with more than 20,000 events per minute being captured, the team needed a new approach to prevent potential issues from becoming lost in the noise. By replacing manual processes with an advanced security solution from IBM, ERGO Latvia IT staff can quickly uncover threats, prioritize response based on risk level, and take action before the business is affected.
With more than 20,000 events per minute streaming in, ERGO Latvia IT staff couldn’t easily identify potential security events, operational anomalies and vulnerabilities or the root cause of IT issues.
Data Security Solutions (DSS LV) helped ERGO Latvia deploy an advanced IBM security solution that rapidly integrates and analyzes data from disparate sources so staff can better detect and respond to threats.
99 percent reduction in time to respond to security and IT incidents; 99 percent reduction in compliance reporting time; uncovers threats and prioritizes risk for efficient and effective remediation
ERGO is one of the major insurance groups in Germany and Europe with a presence in 30 countries and EUR18 billion in premiums.
Wrestling with thousands of events per minute
Several years ago, Dainis Bairs, chief information security officer and head of IT for ERGO Latvia, contacted IT security specialists, Data Security Solutions (DSS LV), to help his team better detect and respond to security threats. DSS LV has international experience in helping companies defend against cyber criminals and insider fraud.
Bairs’ team previously used manual processes to integrate and analyze data from disparate sources. However, as the IT environment grew, so did the number of events. With more than 20,000 events per minute streaming in, the organization needed a new approach to prevent potential issues from becoming lost in the noise.
Gaining intelligence, integration and automation
Working with DSS LV, ERGO Latvia implemented an advanced security solution from IBM that integrates and analyzes log and system data from across the company’s infrastructure. With a unified view of potential security events, operational anomalies and vulnerabilities, Bairs’ team can quickly uncover threats, prioritize response based on risk level, and take action before the business is affected.
“We can now detect changes as they happen and easily identify the cause so we can respond immediately,” says Bairs. “For example, we can see as disk space is filling up, when a user has had too many unsuccessful logins, or if an anomaly has occurred, such as an increase in the number of connections to our systems.”
And with all information in one system, compliance reporting is 99 percent faster. “Before we had to manually extract and consolidate log information from different systems, which could take days depending on the request,” says Bairs. “Now, we can produce these reports in minutes. We can also filter information in ways that was not possible before, such as searching for all log files for a specific user.”
Reducing response times by 99 percent
With 360-degree visibility into network, application and user activity, IT personnel now have insight that they did not have before.
Case in point: Several years ago, IT staff struggled to identify the source of a systems outage. A high number of external requests had “flooded” the organization’s servers. It took two days for IT staff to pinpoint the cause (a programming error in a partner application) and resolve the issue. According to Bairs, this advanced security approach helps prevent this type of problem from recurring.
“We can now find and address the source of a problem in minutes instead of tens of hours,” Bairs says.
● IBM® QRadar® Security Intelligence Platform
IBM Business Partner
● Data Security Solutions (DSS LV)
For more information
For more information about Data Security Solutions, visit: www.dss.lv
Products and services used
© Copyright IBM Corporation 2013 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America November 2013 IBM, the IBM logo, ibm.com, and QRadar are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. The client is responsible for ensuring compliance with laws and regulations applicable to it. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the client is in compliance with any law or regulation. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that systems and products are immune from the malicious or illegal conduct of any party. WGC12353-USEN-00