Q1 Labs' QRadar Security Intelligence Platform has helped operations team to track log data from multiple systems |
Q1 Labs the global provider of total security intelligence solutions, announced details of a successful project at BGL Group that has helped to drastically reduce volume of false security alerts, strengthen its security management procedures and reduce operational cost and complexity.
The deployment of Q1 Labs' flagship QRadar Security Intelligence Platform is also helping operations teams track down complex issues through detailed reporting of historical log data from multiple systems.
Since it was founded in 1992, BGL Group has grown to become one of the largest personal lines insurance brokers in the UK. Through its subsidiaries including comparethemarket.com, Budget and Bennetts, the group arranges and administers insurance for 3.5 million customers and employs more than 2,150 people.
As such, it takes information security extremely seriously with a dedicated team assigned to protect its infrastructure against cyber criminals. The Group has created a multi-layered secure perimeter with traditional Firewalls supplemented by IPS and IDS systems managed by a 24/7 network operation centre. The continual expansion of the Group's role, including the provisioning of managed services such as "white label" services to several well-known high street banks, has increased the volume of network and application traffic that needs to be inspected for potential threats. QRadar's native ability to capture content provides the security intelligence needed to eliminate false positives and identify potential threats.
The Cisco-based network architecture at the Group was generating around 500 alerts a day, which needed to be inspected by the four-man Information Security team. The sheer volume of alerts from Cisco logs combined with security information from Microsoft-based servers and IBM iSeries mainframes running critical applications were threatening to overwhelm the resources of the team.
Q1 Labs' QRadar has also proved itself useful in a network troubleshooting role |
In response, the Information Security team at BGL contacted a number of Security Information Event Management vendors with a requirement for a solution to help improve the situation while leveraging existing resources. Key criteria included compatibility with its IBM mainframe and powerful reporting tools to help separate false positives from more urgent matters.
After whittling down the potential candidates to just three, the Information Security team ran a series of two week on-site evaluation projects to determine which product best served its needs. "QRadar was head and shoulders above the rest in terms of its usability and interface," explains David Ingall, an Information Security analyst at BGL. "The way it allows us to drill down quickly into an alert and correlate relevant data was extremely impressive."
Following a rapid implementation, which Ingall describes as "simple as putting QRadar in the rack and pointing our logs at it," the system was able to deliver significant improvements from day one. "We went from around 500 alerts a day on the Cisco logs down to less than 12 using QRadar," comments Ingall, "and we could quickly get to the bottom of any issue in less than 30 minutes."
QRadar also proved itself useful in a network troubleshooting role. When the Operations Team at BGL discovered a transient issue with a VPN connection between its main site and a major external customer, the ability to drill down through historical logs allowed them to quickly find and fix the fault.
"The move to QRadar had been a real eye opener for us and has helped us to concentrate our efforts on the most important issues," explains Ingall. "Even without significant tuning, it has improved how we deal with security intelligence and it will form a core part of our infrastructure as we move forward."