How LogPoint’s next-gen SIEM solution enabled the management of PMU’s events, their characteristics and history

With the full implementation of LogPoint throughout PMU’s infrastructure, logs were collected, normalized and correlated in real time. Alerts and dashboards were automatically generated, enabling a quick, targeted human response to anomalies or security events – critically important for an organization that relies on defined risk scenarios.

Background

PMU is a French gaming organization consisting of 59 horseracing societies. Created in 1930, PMU is today worth 10 billion euros, generating a net profit of 806 million euros, which funds horseracing administration and its 180,000 employees.

Except for IT professionals, few are aware of the vital importance of information systems for managing, recording, checking and safeguarding the treatment of all bets, games and transactions carried out each day.

Facts & figures

  • 13,000 outlets, 19,000 facilities, 134 million euros of transactions per month
  • 10 million internet visitors per month, 1.7 billion euros turnover in 2015, making it the third-biggest ecommerce site in France
  • 500 servers, 1200 VMs, 3500 devices
  • 600 To of stored data, 4Gb Wan bandwidth

The choice was actually made very quickly and simply, both from a technical and a financial point of view,… From the pilot installation, which was made from a representative IT sample, the team realized the capacity of the LogPoint solution to dynamically manage, in real time, logs originating from all sources – from the VM firewall, to software programs or database servers. The team could easily and quickly verify predefined use cases in the specifications and envisage a wider application of the solution. The pilot was started with the help of LogPoint, who were available to convey the methodology and specific approach of SIEM to the team.

Farid Illikoud, IT security & complaince officer, PMU

The challenge

PMU first installed LogPoint in 2015 for security purposes, and the solution is fully deployed today. Faced with increasing threats, a colossal volume of data to defend and a strengthening of regulatory requirements, PMU – which is both open and interconnected – needed to control its risk level and provide a perfect visibility of its IT.

Farid Illikoud, IT security and compliance officer, explained the history of this collaboration with LogPoint – a partnership that responds to the demands posed during the invitation to tender, i.e., efficiency, quality and cost control. “We wanted to keep an eye on everything, and to do this we were in need of an efficient log management system that allowed us to reinforce the performance of our security operations center and to supply crucial material to these experts for their analysis and investigations,… The formula for success in this type of project rests in the implementation of the people/process/technology triangle, which requires knowledgeable parties who rely on clear processes and competent technologies.”

Operating in such a demanding and exposed environment, PMU had three main objectives: The protection of client data, the integrity of its transactions, and the traceability of its information.

In an in-depth approach to defense – from the security of the content to the security of the container – the analysis and correlation of IT events were essential to achieving these protection goals. SIEM is fundamental for the action plan PMU was seeking. In Farid’s opinion, a data project of this magnitude is unifying, especially for a business like PMU that relies so heavily on the IT department. In his view, the project must involve a wide range of services and people within the organization:

  • Financial direction for budget
  • General direction for strategic importance of security
  • Marketing and communication for brand image and customer confidence
  • The CIO’s team and its day-to-day executives and key stakeholders

The solution

In the process of selecting a SIEM, Farid’s approach naturally steered the security team towards LogPoint. “Because of LogPoint’s billing method, I had total control over my budget. As it is the extent and scope of the solution and not the volume of data that dictates the fee, I could precisely forecast the cost at each stage of the investment and its impact on the operation” Said Farid

The security operations center team also appreciated LogPoint’s simplicity, the dashboards and the total personalization of the solution – LogPoint clients are free to determine the scope of the product themselves. The risk scenarios, the type of alerts and the ability to best use the software according to user needs have created an agile and perfectly adapted solution for PMU.

Results

With the full implementation of LogPoint throughout PMU’s infrastructure, logs were collected, normalized and correlated in real time. Alerts and dashboards were automatically generated, enabling a quick, targeted human response to anomalies or security events – critically important for an organization that relies on defined risk scenarios.

The analytic capacity of our next-gen SIEM solution enabled the management of PMU’s events, their characteristics and history. These capabilities assist PMU in proving its conformity to compliance regulations if necessary.

Today, LogPoint is an invaluable tool in supporting PMU’s security approach and regulatory requirements. Farid regards it as an amalgamation of proactivity, reactivity and efficiency in a security environment that corresponds to his people/process/technology triangle.