As a financial services institution, Adriatic Slovenica holds sensitive customer data, including medical records, and has to comply with very stringent data privacy regulations. With GDPR on the horizon, Adriatic Slovenica realized it needed a far more structured approach to its security and operations processes, as Sandi Bižal, Security Officer for Adriatic Slovenica, explains: “In compliance with GDPR, we need to provide full audit trails for all our applications. In general, we lacked visibility into our systems. We were worried we could not easily track data access, and we would not be able to identify a security breach fast enough. The process of managing our security operations was manual and time-intensive.”
Bižal had worked with regional Micro Focus Gold Partner SRC before and engaged them on this project. SRC is an IT company specializing in digital transformation. Simon Simčič, Systems Engineer with SRC: “In a diverse threat landscape and with increasing regulatory compliance requirements, we recognized that this was not just about improving security, but about introducing structure and processes to gain full visibility of the environment.”
Just two IT security staff support an organization of 1,500 users, so a user-friendly interface was an important consideration. Bižal wanted to ensure the complete, diverse Adriatic Slovenica application landscape was covered by a security solution, and connector integration was key. Finally, price was an important factor. After evaluating several solutions, Bižal, together with the responsible colleagues for IT security and infrastructure, decided the ArcSight suite of solutions would best fit their requirements. He comments: “ArcSight delivered what we needed, and I was pleasantly surprized at the price.”
Once SRC and Adriatic Slovenica defined the security and operations model, the ArcSight implementation only took three months. ArcSight Enterprise Security Manager (ESM) was introduced first to monitor security events across the environment. ESM’s multi-tenant support proved very useful with Adriatic Slovenica’s sister companies in Croatia and Slovenia. All companies share systems and data and, using ArcSight ESM, they have been able to logically separate the data so that access is only allowed for authorized individuals. This was especially important as some customer data includes sensitive medical information.
ArcSight Connectors ensured security policies are applied to all applications, covering a broad portfolio. Bižal comments: “We found the ArcSight Connectors very easy to configure. We use many disparate data sources, all producing events that need to be logged. With ArcSight Connectors we collect information from the entire environment, for a comprehensive picture at any time.”
ArcSight Management Center provides the central control Adriatic Slovenica looked for. ArcSight Logger, as part of ArcSight Data Platform, holds a centralized audit trail for all business applications. Previously, the organization would have to manually run audit trails on all relevant applications. Now, this is done much faster through one log search.
ArcSight Activate Framework, a content development process, is used to define processes that go beyond security, as Bižal explains: “We look to optimize our entire environment to minimize security incidents. ArcSight gives us an operations as well as security perspective for this. It has helped us become much more process-driven and structured.”
Thanks to the user-friendly interface, Adriatic Slovenica business and legal users are able to leverage ArcSight directly for their own reporting purposes and Bižal has full visibility of everything. He says: “Cyber security threats are a fact of life and a security product alone won’t solve this problem. However, ArcSight has given us the visibility and the processes to identify and solve any security incidents much faster than we could before. A full risk assessment helps us understand the implications of any actions.”
“With GDPR we are required to track data access even more,” he adds, “ArcSight correlates issues from lots of disparate data sources, helping us see trends and links in seemingly unrelated minor security incidents so that we can address them straight away before they negatively affect our users or clients.”
Bižal concludes: “This was one of the best projects I’ve worked on in my career. We received excellent support from SRC and ArcSight has given us a competitive advantage we are proud of. We feel confident that our security operations is ready to deal with any challenges that come our way.”
We found the ArcSight Connectors very easy to configure. We use many disparate data sources, all producing events that need to be logged. With ArcSight Connectors we collect information from the entire environment, giving us a full picture at any point
ArcSight has given us the visibility and the processes to identify and solve any security incidents much faster than we could before. A full risk assessment helps us understand the implications of any actions.