Platinum Bank is a leading and fast-growing retail bank in Ukraine with 1.5M clients. The bank turned to Dell when it needed help to implement Windows auditing and event log management for security and compliance.
One of the primary responsibilities of Platinum Bank’s security department is to track potentially malicious users, not only to prevent security breaches but also to protect the bank’s reputation. With this goal in mind, the bank decided to implement a security information and event management (SIEM) system. This was partly driven by the need to comply with global Data Security Standard (PCI DSS) and the ISO 27001 standard.
AD auditing and event log management
In order to protect its Windows environment and to audit its critical systems, the bank needed to understand what was happening within its Active Directory-based infrastructure better than native tools permitted. This included having detailed visibility to AD changes such as which users had made the changes, and the impact of the changes on the environment and its 4,528 users. In addition, the bank needed the log files from its various critical systems – including Microsoft Exchange, Active Directory and file servers – to be directed to one central access point, and for the information to be organised and stored logically.
Solutions that deliver the greatest functionality
Platinum Bank’s IT security team attended an event organised by its trusted IT supplier, Bakotech, a local Dell partner. The team saw demonstrations of AD auditing and heterogeneous security auditing tools from Dell Software. These solutions, along with products from Symantec and ArcSight, were also considered by the bank. Platinum Bank ran pilot projects and considered Gartner’s views, and ultimately selected three solutions from Dell Software – ChangeAuditor for Active Directory, Change Auditor for Exchange and InTrust – because they offered the greatest levels of functionality whilst also being the most cost-effective.
ChangeAuditor watches for changes and delivers real-time alerts
ChangeAuditor for Active Directory is a powerful AD auditing tool that proactively tracks, reports on and alerts on vital configuration changes – in real time and without the overhead of native auditing. This AD reporting tool enhances security by telling you instantly who made each change, as well as when, where and from which workstation, eliminating the risks associated with daily modifications. Moreover, you can compare the original and current values for fast troubleshooting and remediation. For compliance, ChangeAuditor for AD generates intelligent, in-depth forensics for auditors and management.
Change Auditor for Exchange is a watchful eye that proactively tracks, audits, reports on and alerts on Microsoft Exchange Server configuration and permission changes, including critical changes to administrative groups, mailbox policies, and public and private information stores. It will keep you advised of all organisational changes, such as ActiveSync mailbox policy changes, distribution list changes and more. Plus, it automatically generates intelligent, in-depth reports to protect against policy violations and the risks associated with routine modifications.
Platinum Bank was impressed by ChangeAuditor’s wide selection of pre- built templates, especially for PCI DSS compliance, and its web-based interface.
InTrust delivers effective, centralised event log management
InTrust provides event log management for security and compliance; it securely collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems, helping organisations comply with external regulations, internal policies and security best practices. InTrust audits user access to critical systems from the time they log on until the time they log off, detecting inappropriate or suspicious access- related events and sending alerts in seconds. With this tool, you can easily collect, analyze and report on all relevant access-related events across heterogeneous networks.
Of particular appeal to the bank’s IT security team was InTrust’s ability to audit a number of different systems, and to gather and correlate the security events into one central point. The bank’s security department now uses the solutions from Dell Software in an integrated way on a daily basis. In addition, the system administrators have access to security logs in order to track changes to the AD environment.
Extended logging dramatically improves system security
The extended logging facilities delivered by ChangeAuditor and InTrust provide a valuable view of Platinum Bank’s business-critical AD infrastructure and core systems, which has dramatically improved system security. “Our solutions from Dell Software ensure that IT security threats do not impact our 4,528 users and the bank’s productivity,” says Sergey Popov, CIO and board member at Platinum Bank. “For instance, we use ChangeAuditor for Exchange to audit mailbox access rights and to protect and restrict access to critical objects, to comply with our corporate policy.”
Faster resolution of AD problems minimises downtime
With the Dell Software solutions in place, Platinum Bank can also resolve problems significantly faster. “The forensic capabilities of ChangeAuditor and InTrust ensure that AD objects can be recovered far more quickly – in a few hours instead of up to three days,” explains Popov. “For example, an accidental change to our Group Policy resulted in a number of users’ PCs constantly re-booting. Had this continued, it would have caused inaccessibility from any of these PCs, which could have had catastrophic consequences for the bank. Instead, ChangeAuditor alerted us to the error, allowing us to fix it immediately, thereby keeping downtime to an absolute minimum.” The solutions delivered similar benefits for the bank when scripts incorrectly changed AD user attributes; the bank was able to quickly find and correct the problem.
Ensuring compliance with industry standards
Platinum Bank credits the Dell Software solutions with helping to ensure its compliance with industry regulations and standards. “Compliance was a key driver for this project, and together, ChangeAuditor and InTrust satisfy the needs of our auditors and management in full,” notes Sergey Popov.
About Dell Software
Dell Software helps customers unlock greater potential through the power of technology – delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk.This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results.
For additional information, visit the DellSoftware website at www.dellsoftware.com.