How Logpoint is helping PXP Solutions achieve
compliance and scale security requirements
with company growth
With Logpoint, PXP Solutions has a powerful tool in place to ensure alignment with governance, risk and compliance standards. Logpoint allows PXP Solutions to keep a very granular view of logs and quickly identify any out-of-the-ordinary activity to maintain its security posture at any time.
Background
With a history spanning 30 years, Hertfordshire, England-based PXP Solutions has expanded from predominantly focusing on the hospitality industry to providing payment processing solutions that meet the needs of merchants across multiple industry sectors and locations.
PXP helps clients develop a long-term outlook that embraces existing and emerging payment channels and methods and moves beyond just reliable payment processing to reduce cost and increase sales on a global basis significantly. The PXP technology platform is backed up with robust support services to deliver comprehensive, end-to-end payment solutions.
As a financial services company in a highly regulated industry, it is imperative that we maintain a strong security posture at all times.
While the investment in a SIEM solution was always driven by our need for a robust security infrastructure, we are also faced with a wide range of industry standards such as the PCIDSS, GDPR, SOC 2, and the Point-to-Point Encryption standard, where non-compliance can mean the loss of customers.
By using Logpoint, we can keep a very granular view of our logs and easily identify any out-of-the-ordinary activity.
Graeme Zwart, CISO,
PXP Solutions
The challenge
PXP handles a massive amount of customer data. The company had seen impressive growth as a business, which increased data volumes and necessitated the addition of two new datacentres. As plans for further expansion solidified, it became clear that its current security infrastructure would struggle to keep pace with the company’s growth trajectory.
PXP required something more flexible than what it currently had in place, and needed the ability to create its own use cases and reporting rather than rely on the out-of-the-box templates that come standard with many vendors. PXP decided to investigate an alternative Security Incident and Event Management Solution (SIEM) to replace its current SIEM platform and ensure it could continue to grow without compromising security and compliance with the various security standards such as the PCIDSS and SOC 2.
The solution
PXP undertook an evaluation of the SIEM marketplace and, after being introduced to Logpoint at the Payment Card Industry (PCI) London event in 2015, decided to examine the technology further. After a successful initial demonstration, PXP was impressed by Logpoint’s capabilities and its predictable licensing model, which provides enterprises with with the ability to budget accurately for IT security requirements.
PXP was particularly interested in the flexibility of Logpoint’s offering, which would enable the company to develop its own use cases depending on specific organization and industry requirements. Logpoint’s in-built reports are aligned to most governance, risk and compliance standards, which would allow PXP to quickly and easily review its network environment alignment to these standards, perform GAP Analysis and provide audit reports, ensuring compliance at all times.
Once the decision was made to adopt Logpoint in 2015, the implementation process was completed in under a month. Once installed, PXP’s Information Security team could develop its own use cases to fit the particular needs of the business. PXP was supported thoughout the process by Value Added IT Reseller, SBL, which based in York, England. SBL has a long and successful history of working with LogPoint and has achieved gold partner status.
Results
Since implementing the Logpoint solution, PXP has seen a number of benefits. Logpoint is being used by both the Information Security, IT and technical operations teams, which utilize the search capabilities, alerts and dashboards within Logpoint to track activities across the business and quickly identify areas of concern.
With Logpoint, PXP can correctly categorize events according to risk, severity and, most importantly, context, such as system, user, time of day or geographic location. With this level of granularity, it has the flexibility to alert specific teams and individuals depending on the type of security event that occurs.
“As a financial services company in a highly regulated industry, it is imperative that we maintain a strong security posture at all times. While the investment in a SIEM solution was always driven by our need for a robust security infrastructure, we are also faced with a wide range of industry standards such as the PCIDSS, GDPR, SOC 2, and the Point-to-Point Encryption standard, where non-compliance can mean the loss of customers. By using Logpoint, we can keep a very granular view of our logs and easily identify any out-of-the-ordinary activity,” says Graeme Zwart, CISO of PXP Solutions.
In addition, Logpoint’s predictable licensing model, which is based on the number of devices (nodes) sending logs, not on the volume of data (GB) or events per second (EPS), has enabled PXP to maintain and budget for their SIEM solution while expanding their business. This means there was no extra cost related to the growth of the company’s data volume or how many events per second that were received. PXP’s worries about data limits disappeared, allowing it to scale based on future needs in a predictable manner.
Moving forward, PXP will continue to use Logpoint to ensure its evolving security management and compliance requirements are met, and assure customers their data is secure with PXP.