Camelot has implemented log management, log analysis and event management solutions to secure its web based services and ensure Payment Card Industry Data Security Standard (PCI DSS) and ISO27001 compliance.
Beforehand, much of its log data was manually processed, and with sales topping £5 billion and handling over 30 million lottery wagers every single week, it has worked with LogRhythm to provide an integrated security information and event management (SIEM) solution.
The first phase of the implementation will focus primarily on PCI DSS compliance with particular emphasis placed on storing and analysing log data from Camelot's various payment processing and banking applications in line with the log data stipulations laid out in the regulations.
Once PCI DSS is addressed, LogRhythm will be rolled out to cover as many Camelot production systems as possible. It will also play a key role in its network security strategy, working alongside Camelot's intrusion detection system and intrusion prevention system, as well as supporting vulnerability management.
Paul Jay, head of information security at Camelot, said: “My team is responsible for ensuring a secure environment for transacting our online lottery sales which in turn generate revenue for good causes in the UK. Integrity of our services and player protection are our highest priority.
“I selected LogRhythm as it offered Camelot a highly-effective solution for addressing both our security and compliance requirements while substantially reducing the operational overhead traditionally associated with log and event management.”
“LogRhythm will enable us to take a more proactive approach to investigating incidents as they happen, not after the event. By removing these labour intensive processes, we will not only improve our security but reduce the amount of man hours involved and subsequently the cost of managing Camelot's technology estate.”
Ross Brewer, vice president and managing director, APAC & EMEA at LogRhythm, said: “Compliance is no longer the sole driver for organisations to implement integrated SIEM solutions such as LogRhythm's.
“By fully integrating log data with event management, information security managers can have unprecedented insight into, and control over, their networks – without the need to invest vast amounts of man-hours in the process.”