SIEM and log management solutions have been increasingly adapted by organizations throughout the United States due to the wide-ranging benefits they offer. By providing a 360o view of the entire IT infrastructure, a SIEM is the eyes and ears of the IT environment providing real-time alerting and reporting. EventTracker is a fully-featured SIEM and log management solution that allows organizations to maintain continuous compliance, reduce actual audit times from weeks to days, and increase operational uptime…thereby reducing the stress on the IT team, as well as management.
While the primary drivers for implementing a SIEM and log management solution are regulatory compliance, increased security and operational efficiency, different organizations implement and utilize these solutions in ways to best meet their own needs. In this white paper, we will examine how two different organizations are utilizing EventTracker in real-world environments.
Phreesia: A PCI-DSS Compliance Implementation
If you have been in a doctor’s office recently, chances are pretty good that you may have been in an office that has switched from taking patient information on paper to an electronic tablet from Phreesia. This tablet grants medical offices the opportunity to allow patients to fill-out forms electronically, improve accuracy, collect co-pays and balances, and verify insurance coverage. Phreesia, founded in 2005 and headquartered in New York, NY has developed this solution which increases efficiency in the doctors’ offices.
Phreesia has been deployed in thousands of offices with more than 10,000 tablets in use. All the data from these devices is communicated back to the centralized data center in New Jersey, where it passes through more than a dozen servers performing their various functions such as the insurance verification, credit card processing, etc.
In 2010, Phreesia turned to EventTracker to meet the needs they had for HIPAA compliance (Health Information Privacy Protection Act) because it collects patient information and Payment Card Industry Data Security Standards compliance (PCI-DSS Level 1) for credit card processing. A SIEM and log management solution was the final piece needed for their IT infrastructure.
“Before EventTracker we were largely missing centralized auditing,”
said Troy Polan, Director, Information Technology at Phreesia. “The drive to acquire this capability was primarily based on PCI requirements.”
PCI-DSS and HIPAA require organizations to monitor and report on similar information, but the exact details may vary. For example, they both require organizations to report on such information as when users logon/logoff, logon failures, audit logs, object access, system events and more. EventTracker allows Phreesia to store all this data in a centralized location,and quickly access these reports.
“We’re tracking everything,” said Polan, “we’re passing through credit card data and collecting patient information. EventTracker is providing us with the real-time monitoring of the systems that do this.”
Mobile Productivity: Evolving Needs
Mobile Productivity, an affiliate of Service Repair Solutions, is headquartered in the desert oasis of Las Vegas, Nevada. Founded in 2003, the company is a market leader in the standardization of inspections, estimating and recommendation processes for automotive repair. Other affiliate companies under the same automotive repair umbrella include Identifix, International Automotive Technicians Network, and Auto Point.
Mobile Productivity’s solution, Edge WorldClassTM, is utilized in more than 800 dealerships across the country, and helps users realize a 4 or 5 to 1 ROI.
In 2009 they were recognized by Inc as the 63rd fastest growing software company. Their excellence is evidenced by endorsements from Mercedes Benz, BMW and Chrysler, as well as working partnerships with well-recognized dealer groups such as Penske, AutoNation and Group 1. In 2009, Mobile Productivity looked to implement a SIEM and log management solution to meet a specific use case need: the organization needed a solution to correlate personnel log-ins with time clock data. At the time, they were lacking a centralized solution for analyzing the data, and the manual process was time-consuming and cumbersome. They were originally using Microsoft Back Office, but the event logs showed far too much information to parse manually. After all, their infrastructure consists of more than a thousand workstations, servers and network devices at two locations. With an IT team of 20 people, including desktop support, and server and network admins, there is still a lot to do.
After looking at several potential solutions including Arcsight and Netflow, Mobile Productivity decided to implement EventTracker. “Our company was very concerned about the value proposition,” said CIO Patrick Thurman. “EventTracker provided us with the specific feature-sets we required at the time for an economical price.”
It was, and continues to be a phased implementation for Mobile Productivity. “The initial installation was very quick and painless. We
looked at what we needed to be set -up and focused on that rather than trying to do everything at once and being overwhelmed, or worse not using half of it,” said Thurman. “And we were able to be up and running faster than we thought thanks to the excellent training we received.”
As time has passed, additional requirements have been uncovered, and Mobile Productivity has started to use the appropriate functionality EventTracker has already built-in. For example, the initial requirement was for auditing users. However, that has evolved to auditing certain event types such as user adds/deletes, file changes, file access and more. If events fall outside of their defined parameters, the administrators receive alerts.
“EventTracker ended up filling several needs, some of which we didn’t even know we had, and many of these we are beginning to care more about,”
As the years have passed, additional requirements have surfaced. Mobile Productivity is now building and implementing the plans to become PCI-DSS and Sox 404 compliant. They are working to identify the compliance plans, determine additional devices that need to be monitored and configure the reporting parameters required. But Patrick will not be alone. “I am just now getting people on board that will be able to fully utilize the capabilities of EventTracker, more than we have in the past, and be able to perform security and compliance monitoring,” said Thurman.
Mobile Productivity is planning to expand the coverage to include more workstations and servers, and incorporate the monitoring of a third facility. Additional optional modules are also being considered to increase the functionality of this powerful SIEM solution.
As you can see from these two brief stories of EventTracker customers, the initial reason for implementing a SIEM, and how it is used can vary from organization to organization. In both instances, the customers were able to satisfy their individual requirements, and even find ways that EventTracker can satisfy additional requirements. With the use case and scope clearly defined, organizations are able to simplify the monitoring of their IT infrastructure and meet their overall goals.