ArcSight Logging & Monitoring System Implementation (SIEM) for Aviva Investors
Objective
To comply with the Aviva Group’s Information Security policy, improvements in the logging and monitoring of critical systems and services were required to be undertaken across Aviva
Investors.
The challenge was to collect log and event data from all key devices and services such that the Information Security team could secure the information centrally, identify potential breaches, enable fast “drill down” through underlying data and provide control reports to meet audit and regulatory needs.
Solution
Appointed to manage the complete project. This covered preparing and agreeing the project plan and budget, selecting the products to be used, implementing them and ensuring that accurate data were being routinely collected and protected from loss across the IT estate.
The ArcSight Logger and Collector products were chosen as market leading solutions for Security Information and Event Management (SIEM).
These products allow the secure central consolidation of logs to be collected from all target devices into a standard data model that protects data from loss or change, provides a full audit trail, and allows for large volumes of data to be reported upon.
The solution was deployed across all critical devices including Firewalls, Switches, Routers, Windows & Unix Servers, and SQL & Oracle databases.
Additionally, management reports were developed that sifted through the volume of base data collected to identify abnormal events, security trends, or potential incidents, and alert the Security Management team such that they could follow up and take corrective action.
Outcome
A resilient service was implemented across multiple data centres within the budget and within the schedule originally signed off.
The central logging and management service covered in excess of 500 systems, databases and infrastructure that housed critical information assets.
