Published on 29-May-2010
Validated on 20 Mar 2012
"With IBM Tivoli Security Information and Event Manager, we can prove what has happened inside of our systems instead of guessing." - —Information Security Administrator, Dutch Financial Services Firm
Dutch Financial Services Firm
A Dutch financial services company gain greater visibility into its security and compliance posture when it deploys IBM Tivoli Security Information and Event Manager.
Needed to replace the RSA enVision product they used for basic log management, correlation of important security events and generation of security audit reports.
the firm selected IBM® Tivoli® Security Information and Event Manager to replace RSA enVision.
Faster access to information and accelerated root cause analysis enables staff to quickly take action to protect key applications and information; Rich reporting capability and comprehensive audit trail helps staff confirm security posture; Attractive pricing model provides cost-effective alternative to competitive product
Dutch financial services firm strengthens security and compliance efforts with IBM security management software
Dutch Financial Services Firm
· Financial Services
· IBM® Tivoli® Security Information and Event Manager
For more information, visit:
“With IBM Tivoli Security Information and Event Manager, we can prove what has happened inside of our systems instead of guessing.”
—Information Security Administrator, Dutch Financial Services Firm
This Dutch financial services firm used RSA enVision for basic log management, correlation of important security events and generation of security audit reports. However, after its five-year contract came to an end, the company found support costs dramatically increased, driving it to reevaluate its options. It sought a solution that would help staff to protect access across network, operating system, database and application levels as well as 12 different types of systems. “As a financial services company, it is very important that we can prove that only people who should access client information can,” says a senior security specialist with the company. “We wanted better insight and more in-depth reporting for our management.”
Following a thorough investigation and proof of concept demonstration, the firm selected IBM® Tivoli® Security Information and Event Manager to replace RSA enVision. Key differentiators were the software’s rich reporting capabilities and its ability to integrate with other deployed security solutions, such as IBM Tivoli Identity Manager software. The company also analyzed the total cost of ownership and found IBM Tivoli software provided a more attractive pricing model. “IBM’s solution was better suited to our strategic goals,” says the senior security specialist. “The proof of concept demonstrated that Tivoli Security Information and Event Manager could deliver richer reports that could be easily adapted for non-technical users and offer coverage for more systems.”
The company uses Tivoli Security Information and Event Manager to centralize log management, dashboard and reporting capabilities across hundreds of systems. This is essential in helping staff to confirm security posture and to efficiently prepare and respond to audit requests—such as Statement on Auditing Standards (SAS70) reporting requirements. The software unobtrusively monitors and reports on privileged user activities to help compliance staff protect key applications and information as well as to demonstrate to auditors and management that effective controls are in place. Information will be stored for 15 months to meet company guidelines along with Dutch and international regulations.
The software’s W7 methodology translates events into a single language that states Who did What, When, Where, Where from, Where to and on What, and delivers the information in high-level reports that can be used by company security personnel, auditors and management alike. What’s more, company staff has been able to replace 50-page reports with a single page overview that provides drill down capabilities when additional detail is needed. As a result, managers can quickly identify potential security issues, such as changes in access rights or a high number of account lockouts and take immediate action. “With IBM Tivoli Security Information and Event Manager, we can prove what has happened inside of our systems instead of guessing,” says an information security administrator with the company. “We expect that auditors and management will be better able to take action because the reports are much more readable.”
As part of the engagement, IBM Software Group staff worked with the firm to review the audit settings on source systems. “Taking a good look at our audit settings was vital to the implementation process,” says the senior security specialist. “Together with IBM, we were able to validate that the right settings were in place.”
· Faster access to information and accelerated root cause analysis enables staff to quickly take action to protect key applications and information
· Rich reporting capability and comprehensive audit trail helps staff confirm security posture
· Attractive pricing model provides cost-effective alternative to competitive product
Products and services used
IBM products and services that were used in this case study.
© Copyright IBM Corporation 2010 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America May 2010 All Rights Reserved IBM, the IBM logo, ibm.com and Tivoli are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. The information contained in this documentation is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this documentation, it is provided “as is” without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this documentation or any other documentation. Nothing contained in this documentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM (or its suppliers or licensors), or altering the terms and conditions of the applicable license agreement governing the use of IBM software. TIC14118-NLEN-00