Sandfield Strengthens IT Security and Automates Monitoring with LogRhythm
Sandfield, a New Zealand-based software solutions provider, deployed the LogRhythm-based SIEM platform, following a recommendation from managed service provider Advantage. Sandfield now benefits from a new safety framework that provides better visibility and protection.
Founded in 1989, Sandfield has become a leading provider of software applications for operational businesses seeking to differentiate themselves through the use of technology.
The company’s service and product portfolio includes software and website development, application delivery, database administration, mobile application development and integration services. Sandfield supports clients throughout New Zealand and around the world.
As it has grown over the past few years, Sandfield has increasingly taken on larger and more complex client projects. This necessitated an expansion of the company’s cloud operations and an increase in processing and storage capacities.
Justin Knight, head of IT operations at Sandfield, said this growth has also led to the need for enhanced IT security measures to ensure customer applications and data are fully protected from external threats. At the same time, the organization benchmarked its protocols against an international standard to ensure that their capabilities would be protected.
“About 18 months ago we got our ISO27001 certification,” he said. “As part of this, and to ensure that all the required controls were in place, we realized that we needed a better understanding and management of our security measures.”
Initially, the company’s IT team assessed whether this could be achieved using internal staff and resources. However, it quickly became apparent that this would not be the most effective approach.
After considering a range of IT security alternatives, the decision was made to engage the services of New Zealand managed service provider Advantage.
Advantage assessed Sandfield’s specific requirements and recommended deploying the Security Information and Event Management (SIEM) platform based on LogRhythm. The project started in early 2021 with a proof of concept (PoC) before rolling it out to cover all critical systems.
“The first step for us was to enable LogRhythm to capture all of our Windows and firewall logs,” Knight said. “Since then, we’ve added logs from our AWS and Azure cloud environments as well as Google Workspaces.”
Knight said the fact that Advantage already had in-depth knowledge of LogRhythm was invaluable as it allowed the new security framework to be up and running very quickly. “Using their team of experts meant that our internal IT team didn’t have to fully understand the complexities of the platform before they could put it into action,” he said.
Advantage has also worked to include a stream of New Zealand-specific security data into the system, including the New Zealand Government Security Office’s malware-free networks, to further enhance protection. This data helps identify localized threats that may have already been reported by other organizations.
With the LogRhythm SIEM platform now fully functional and receiving logs from a range of central systems, Knight said the biggest benefit is “peace of mind.”
“We know we now have better visibility into all of our security logs and events,” he said. “We can be sure that any misconfiguration, breach or unauthorized access to our systems will be quickly detected.”
Knight said the level and scope of protection the company enjoys would simply not have been possible without LogRhythm. For example, in a recent month, over 191 million logs were ingested by LogRhythm, of which 3.5 million were passed to a second stage for further analysis by artificial intelligence tools. .
“This then led to 67 alarms being triggered, of which only 37 needed to be investigated by Advantage’s security operations team,” he said. “This is an example of LogRhythm’s effectiveness in detecting potential threats among very large volumes of alerts. There would be no way to do this manually.
Knight said the LogRhythm framework has already proven invaluable as it recently spotted a misconfiguration that could have led to issues if not fixed in a timely manner.
“We were then able to immediately rectify this misconfiguration whereas before LogRhythm it could take days or even weeks before it was spotted,” he said. “We are now much more comfortable having the level of visibility we need to ensure our systems and resources are secure at all times.”
Steve Smith, Auckland Regional Manager, Advantage NZ, said the strong working relationship that now exists between the two companies will help ensure that the current high levels of security protection are maintained.
“We now have a solid understanding of Sandfield’s requirements and look forward to supporting them as a team with LogRhythm’s winning combination of technology and expert skills as they continue to grow in the future.” he declared.
Click below to share this article