Thursday, 17 May 2012
ALPS approach to log management
ALPS approach to log management
By Bob Violino, CSO | Nov 7, 2011
0 comments
Digg
PrintALPS Advisors Inc. is a mutual fund administration company with headquarters in Denver and offices in Boston, New York and Seattle. The firm manages more than $1.5 billion in assets and provides a suite of asset servicing and gathering solutions to more than 200 clients in the investment management industry.
ALPS' online portal provides backend mutual fund processing, accounting, transactions and compliance for its customers. To protect its own IT assets as well as those of its clients against targeted attacks, the firm must continuously monitor activity across its two data centers. In addition, as a financial services firm, ALPS is required to do such monitoring to remain in compliance.
The monitoring activity includes system logs, network traffic and Dynamic Host Configuration Protocol (DHCP) logs from servers throughout the company, as well as logs from firewalls and a custom application through which ALPS provides the mutual fund backend processing to customers via the Internet.
"Monitoring logs for this application is particularly critical, since it's our primary platform for providing services," says Pete Blood, IT security professional at ALPS. "Our customers rely on the application to access important data. With our previous log monitoring system, it was difficult to maintain and pull logs back into the system from the archive. Performing historical reviews was particularly challenging."
The firm researched various methods and technologies for monitoring multiple logs, and in 2010 deployed a platform from LogRhythm. The technology uncovers evidence of security problems in logs, including intrusions, fraud, insider threats, zero-day attacks and other suspicious activity that the firm might otherwise not notice.
Blood says the LogRhythm platform has made it easy for the firm to investigate log activity to find bad login attempts, multiple user IDs from the same IP address, and symptoms that indicate someone is trying to get into the system. It allows the company to collect and report on daily log activity. "We currently maintain log archives on the LogRhythm appliance but will eventually move these onto network attached storage (NAS) for historical reporting," he says.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Trusted Mobility Index
The mobile ecosystem of devices, services and networks is at a critical inflection point.While the mobile revolution is unleashing massive opportunities in both emerging and mature economies, it is also increasing in complexity and confusion. The reality is the lightning-fast adoption of powerful, smart devices is outpacing society’s ability to secure them. Today, trust in mobility hangs in the balance.
The state of the Internet, Q4, 2011
Geography appears to play a role in frequency of observed attacks on specific ports. For example, Port 23 (Telnet) is a favorite target for attacks observed to be originating from South Korea and Turkey, where it accounted for more than five times the number of attacks targeting the next most popular port (445 in both countries). Other instances of geography-based port targeting include observed attacks centered on Port 1433 (Microsoft SQL Server) in China and on Port 80 (WWW/HTTP) in Indonesia.
HID Global deploys a centralized, web-based IP access control solution at Fuxi Power Plant
Unable to meet the needs for real-time monitoring with its traditional patrol system, China's Fuxi Power Plant has deployed HID Global's VertX V2000.
StubHub: How to spot fraud before it happens
Whenever a list of log-on credentials is dumped onto the Web, retailers get hit with waves of automated attacks. Here's how ticket marketplace StubHub fights the threat.
