Canada's largest credit union is using two little boxes to provide a single viewpoint of the varied security challenges across its widespread, diverse network.
Vancity Savings Credit Union is one of the first of about a dozen credit unions to adopt the ArcSight Express solution from ArcSight Inc. of Cupertino, Calif.
The $14.5 billion British Columbia cooperative uses the device to make sense of thousands of log entries and notifications that come in each day and move across the 400,000-member credit union's network spanning 69 locations around Vancouver, the Fraser Valley, Victoria and Squamish.
The Express solution is a smaller version of the company's enterprise security management offering used at more than 1,200 locations, including about 20 federal agencies in the United States, said Aarij Khan, ArcSight's director of product marketing.
Like its larger sibling, the Express solution's specialty is providing meaning to network security events by putting them in the context of where, when and why they occurred and what impact they could have on the organization.
Working along with other network security solutions and anti-malware, the Express solution analyzes events, automatically generates alerts and presents compliance and other reports for review and distribution.
Vancity decided to go with the solution to provide a central monitoring and assessment point for the various technology infrastructure teams across the enterprise, each of which has its own security responsibilities, the credit union said.
"The main reason we got it was because we wanted to have a good idea of what was going on across our environment. We have all these individuals monitoring specific events under their control with no holistic view or correlation of the events that were going on," said Geordie Cree, Vancity's manager of information security.
To address that, two of the company's Express devices, a logger and an enterprise security management box, are in place now, the credit union said.
The Express system was specifically designed to accommodate a wide range of needs, covering everything from e-mail to document printing to "who's logging in and out of your system," Khan said.
"It can fit the needs of customers who have very sophisticated analysts as well as those who don't have those kinds of specialists. The automatic rules, alerts and reports make it very easy for a new customer and those who don't necessarily have a whole lot of time to spend on security."
Cree said that during his first year using the system, he found it "fairly easy to turn on and get running. The biggest challenge has been internal resources. We compete with every other department for that, of course, and we've had to work with each groups' technology department to get them to point all their devices and logins to the new system."
Going forward, Cree and his colleagues are looking to expand their use of the system.
"Right now we're concentrating on using it for unauthorized access, more along IT-based system event lines, but in the future we'll be expanding that to include looking for identity theft and fraud events like that," Cree said.
The multiphase plan, in fact, "includes everything from IT basic security pieces to corporate security and compliance, internal fraud detect perhaps, case management, dash boarding-all those things will be within its scope," he said.
Still, he added, at the moment, "the biggest thing for us is the ability to detect events across multiple platforms and meet regulatory requirements. We want to do that not just because we're required, but because it's the right thing to do."