Dutch financial services firm strengthens security and compliance efforts with IBM security management software

Dutch financial services firm strengthens security and compliance efforts with IBM security management software

OVERVIEW TABLE

Dutch Financial Services Firm

Industry
· Financial Services

Products
· IBM® Tivoli® Security Information and Event Manager

For more information, visit:
ibm.com/tivoli/security

“With IBM Tivoli Security Information and Event Manager, we can prove what has happened inside of our systems instead of guessing.”
—Information Security Administrator, Dutch Financial Services Firm

Challenge
This Dutch financial services firm used RSA enVision for basic log management, correlation of important security events and generation of security audit reports. However, after its five-year contract came to an end, the company found support costs dramatically increased, driving it to reevaluate its options. It sought a solution that would help staff to protect access across network, operating system, database and application levels as well as 12 different types of systems. “As a financial services company, it is very important that we can prove that only people who should access client information can,” says a senior security specialist with the company. “We wanted better insight and more in-depth reporting for our management.”

Solution
Following a thorough investigation and proof of concept demonstration, the firm selected IBM® Tivoli® Security Information and Event Manager to replace RSA enVision. Key differentiators were the software’s rich reporting capabilities and its ability to integrate with other deployed security solutions, such as IBM Tivoli Identity Manager software. The company also analyzed the total cost of ownership and found IBM Tivoli software provided a more attractive pricing model. “IBM’s solution was better suited to our strategic goals,” says the senior security specialist. “The proof of concept demonstrated that Tivoli Security Information and Event Manager could deliver richer reports that could be easily adapted for non-technical users and offer coverage for more systems.”

The company uses Tivoli Security Information and Event Manager to centralize log management, dashboard and reporting capabilities across hundreds of systems. This is essential in helping staff to confirm security posture and to efficiently prepare and respond to audit requests—such as Statement on Auditing Standards (SAS70) reporting requirements. The software unobtrusively monitors and reports on privileged user activities to help compliance staff protect key applications and information as well as to demonstrate to auditors and management that effective controls are in place. Information will be stored for 15 months to meet company guidelines along with Dutch and international regulations.

The software’s W7 methodology translates events into a single language that states Who did What, When, Where, Where from, Where to and on What, and delivers the information in high-level reports that can be used by company security personnel, auditors and management alike. What’s more, company staff has been able to replace 50-page reports with a single page overview that provides drill down capabilities when additional detail is needed. As a result, managers can quickly identify potential security issues, such as changes in access rights or a high number of account lockouts and take immediate action. “With IBM Tivoli Security Information and Event Manager, we can prove what has happened inside of our systems instead of guessing,” says an information security administrator with the company. “We expect that auditors and management will be better able to take action because the reports are much more readable.”

As part of the engagement, IBM Software Group staff worked with the firm to review the audit settings on source systems. “Taking a good look at our audit settings was vital to the implementation process,” says the senior security specialist. “Together with IBM, we were able to validate that the right settings were in place.”

Benefits
· Faster access to information and accelerated root cause analysis enables staff to quickly take action to protect key applications and information
· Rich reporting capability and comprehensive audit trail helps staff confirm security posture
· Attractive pricing model provides cost-effective alternative to competitive product