Sandfield, a software solutions provider based in New Zealand, has deployed the LogRhythm-based SIEM platform, following a recommendation by managed services provider Advantage. Sandfield is now benefitting from a new security framework that provides better visibility and protection.
Established in 1989, Sandfield has grown to become a leading provider of software applications for operational businesses looking to differentiate themselves through the use of technology.
The company’s services and product portfolio includes software and website development, application delivery, database administration, mobile app development and integration services. Sandfield supports clients throughout New Zealand and around the world.
As it has grown during the past few years, Sandfield has increasingly been taking on larger and more complex client projects. This has required an expansion of the company’s cloud operations and an increase in processing and storage capacities.
Justin Knight, Head of IT Operations at Sandfield, said this growth had also led to the need for increased IT security measures to ensure client applications and data were fully protected from external threats. At the same time, the organization benchmarked its protocols against an international standard to ensure their capabilities would be protected.
“About 18 months ago, we achieved our ISO27001 certification,” he said. “As a part of that, and to ensure we had all the required controls in place, we realized we needed better insight into and management of our security measures.”
Initially, the company’s IT team assessed whether this could be achieved using internal staffing and resources. However, it quickly became apparent that this would not be the most effective approach.
After examining a range of alternatives in the IT security space, a decision was taken to engage the services of New Zealand managed services provider Advantage.
Advantage assessed Sandfield’s specific requirements and recommended that the LogRhythm-based Security Information and Event Management (SIEM) platform be deployed. The project began in early 2021 with a proof-of-concept (PoC) before rolling it out to cover all critical systems.
“The first step for us was to enable LogRhythm to capture all our Windows and firewall logs,” said Knight. “Since then, we have added logs from our AWS and Azure cloud environments as well as Google Workspaces.”
Knight said the fact that Advantage already had a comprehensive knowledge of LogRhythm was invaluable as it allowed the new security framework to be up and running very quickly. “By using their team of experts, it meant our internal IT team did not have to fully understand the complexities of the platform before we could put it into action,” he said
Advantage also worked to include a stream of New Zealand-specific security data into the system, including Malware Free Networks from the New Zealand Government Security Bureau, to further improve protection. This data helps to identify localized threats that may have already been flagged by other organizations.
With the LogRhythm SIEM platform now fully functional and receiving logs from a range of core systems, Knight said the biggest benefit has been ‘peace of mind’.
“We know that we now have better visibility of all our security logs and events,” he said. “We can be confident that any misconfigurations, breaches, or unauthorized access of our systems will be quickly picked up.”
Knight said the level and extent of protection enjoyed by the company would simply not have been possible to achieve without LogRhythm. As an example, in a recent month there were more than 191 million logs ingested by LogRhythm, of which 3.5 million were forwarded to a second stage for closer analysis by Artificial Intelligence tools.
“This then led to 67 alarms being triggered, of which just 37 needed to be investigated by the Advantage security operations team,” he said. “That is an example of how effective LogRhythm is at spotting potential threats amid very large volumes of alerts. There would be no way to do that manually.”
Knight said the LogRhythm infrastructure has already proven to be invaluable as it recently spotted a misconfiguration that could have led to issues if not rectified in a timely manner.
“We were then able to rectify that misconfiguration immediately whereas, prior to LogRhythm, it may have been days or even weeks before it was spotted,” he said. “We are now much more comfortable that we have the level of visibility we require to ensure our systems and resources are secure at all times.”
Steve Smith, Auckland Regional Manager, Advantage NZ, said the strong working relationship that now exists between the two companies would help to ensure the current high levels of security protection would be maintained.
“We now have a solid understanding of Sandfield’s requirements and look forward to supporting them as a team with the winning combination of LogRhythm’s technology and expert skills as they continue to grow in the future,” he said.Click below to share this article