Large Travel Organization

Agile development calls for fresh security approach

As a global retail travel platform, this organization needs to secure its own site, as well as those of its customers, as it encourages transactional traffic to them. An agile software development methodology ensured the required rapid turnaround, but it also meant that sometimes security measures were not taken properly. The security team looked for a solution to capture data logs and securely transport these to the Security Operations Center (SOC) for correlation and long-term storage. Their Data Security Engineer explains: “We already leveraged ESM in our datacenter, but many of our applications are cloud-based and we wanted to intelligently filter unnecessary traffic from the cloud to manage costs. We had attempted an open source solution and found that unfiltered log collection was extremely expensive.”

Increased visibility and MITRE ATT&CK alignment

Using ArcSight by OpenText in a cloud deployment model, the team worked with OpenText Professional Services to build a hybrid solution to collect and store logs in the cloud and only forward relevant security events. By using native Azure SmartConnectors they could intelligently collect logs and reduce the security footprint of their cloud installations. ArcSight also provided out-of-the-box secure connections between cloud and datacenter using industry standard web-based encryption protocols.

The organization sharply reduced costs and the strain on its network connections. It is now evaluating Intelligence to protect against insider threats. The team is interested in ArcSight Intelligence unsupervised machine learning as other tools have been too difficult to implement and time-consuming to train users on.

Leveraging ArcSight to collect and store logs in the cloud has reduced our costs and the strain on our network. This hybrid model fits well with our agile delivery approach.