All public bodies that connect to the UK Government’s Connect Secure Extranet are required to comply with a Code of Conduct (CoCo), known as the Good Practice Guideline (GPG)13. This directive stipulates the need to maintain comprehensive log records of all failed network authentications for at least a month. To meet this requirement Carmarthenshire County Council was logging 33 million events per day that it needed to store and analyse to produce regular reports.
Idris Evans, the council’s IT Security Manager responsible for the 3,200-user network, realised that its existing LogRhythm SIEM solution was running out of capacity at the end of 2012 and began evaluating various alternatives before choosing the Trustwave SIEM which was proposed by security reseller Softcat and IT security distributor Infinigate UK (formerly Vigil Software).
According to Evans, “The solution proposed by Trustwave saves us - and of course the taxpayer – both time and money. We save money on hardware storage because the new system allows us to analyse the entire log data stored online, whereas the old solution could only handle 18 days worth of logs online and had to be stored offline; and we save time because previously it took the IT staff 4 hours to retrieve and analyse the data each time they wanted to run a report. The new system gives us 2-3 years’ worth of online log storage capacity and takes just minutes to analyse.”
The new Trustwave solution also offers Carmarthenshire County Council other advantages. “It can handle logs from more devices including Juniper routers, Microsoft Exchange and Blue Coat appliances, which means that every penny saved on hardware and resource in the context of public sector budget squeezes means jobs are saved. What’s more it comes complete with 54 preconfigured GPG reports meaning that it’s simple and quick to compile reports,” says Evans.
Looking to the future, the council is also planning to enable the local police force to use the Trustwave SIEM solution for its own log monitoring purposes, but with completely segregated logs. Evans adds: “We think the Trustwave solution will not only aid compliancy but, by allowing us to set up rules to prompt alerts for remedial action whenever certain limits are reached, we’re confident that the new system will also make our network more secure.”
Brooks Wallace, VP UK Sales at Trustwave said, “The success of this deployment was the product of a cooperative effort between Infinigate and Trustwave which took advantage of the distributor’s extensive experience with GPG13. The resulting solution creates a more scalable, seamless and integrated security experience beyond compliancy for UK government bodies required to meet the government’s Code of Connection directive while saving significant time and money.”