2 May 2012 – LogRhythm, the leader in log management and SIEM 2.0, today announced that CPM, a global integrated sales strategy specialist, has deployed its integrated log management and Security Information and Event Management (SIEM) solution, to ensure compliance with Payment Card Initiative Data Security Standard (PCI DSS) regulatory requirements. The system also enhances the organisation’s security and allows it to meet the requirements associated with ISO 27001.

Prior to this deployment CPM did not have a specialist solution in place and relied on the standard logging facility included in the operating systems it was using. This set up was unable to correlate data generated by different sources and required staff to manually review all logs. CPM realised this was not sufficient and that a more sophisticated system was needed.

The organisation evaluated solutions from a number of the key players in the log management and SIEM market before eventually selecting LogRhythm. CPM was particularly impressed with the support provided by LogRhythm and the way its reporting functionality is specifically designed to meet the requirements of numerous compliance regulations like PCI DSS.

“LogRhythm provided us with a great demo of its capabilities that instantly showed how the system could assist us with our regulatory obligations,” said Richard Downs, compliance services manager at CPM. “We needed something that could deal with PCI requirement 10, which requires us to track and monitor all access to network resources and cardholder data, including real-time daily and active events, and 11, which dictates the need for regular security control testing. LogRhythm provides CPM with centralised collection and analysis of log data from a wide array of sources, and advanced correlation of events – all vital PCI compliance. In addition, it’s pre-built reports enable us to demonstrate that regular auditing is taking place.”

This initial implementation is in CPM’s Barcelona office and paves the way for Protective Monitoring technology to be rolled out at other sites, including the UK.

Downs continued “Since going live, the LogRhythm solution has been great – over time we’ve been able to make modifications in certain areas, including reports, to ensure the system is specifically tailored to our needs. Since deployment we’ve been alerted to malicious code residing on a number of workstations, prompting action to remediate.”

“This project is yet another demonstration of how LogRhythm can help companies to simplify the compliance process,” said Ross Brewer, vice president and managing director, international markets at LogRhythm. “By adopting a Protective Monitoring approach, CPM now has a deep insight into its IT infrastructure required to build effective compliance strategies. Moving forward the deployment will also enable the organisation to evolve its approach to IT security and operational management into a proactive, rather than reactive, process. Now the Barcelona project is complete we are looking forward to rolling out LogRhythm in more CPM sites around the globe.”