Keith Bennett and his team knew something had to change when their security information event management appliance would time out before running a requested report.
"Over the past few years, Denali Alaskan has undergone a large branch expansion and we found we had outgrown the capabilities of our existing system," said the vice president of information technology at the $440 million Denali Alaskan Federal Credit Union in Anchorage.
"We started to look at what solutions were out there because we needed one that would meet our current and projected needs and satisfy the requirements of our regulators, NCUA, GLBA and payment card industry standards," Bennett said.
Besides lack of scalability, configuration of the credit union's existing SIEM was cumbersome when it came to updates and adding new systems to monitor, and creating and running reports, especially customized ones focused on a specific investigation, was a time-consuming process that sometimes ground to a halt without producing any results.
After assessing the alternatives, the credit union deployed a new SIEM from AccelOps Inc. in Santa Clara, Calif.
"What used to take 30 minutes to an hour we can now do in minutes," said Travis Rupp, security lead at the 57,000-member Denali Alaskan. The prior appliance also would reach its operational capacity while only monitoring about 40% of the credit union's network devices.
The new system does more than just log events across all devices, it added capabilities that Bennett and Rupp were looking for as they sought to expand their current intrusion prevention system and mine network data for information that could lead to increased efficiency in general.
"Since AccelOps does more than just security, there is great potential to be able to consolidate some of our other network monitoring tools," Bennett says. "Network staff, not just security, can identify and get at the root cause of a variety of problems. For example, help desk staff could help troubleshoot network bandwidth issues when a network admin is not available."
Scott Gordon, vice president of marketing and business development at AccelOps, said his company's solution was built to accommodate just such multitasking.
"We see very homegrown or open-source log management tools, while others have implemented first-generation solutions that are outmoded and don't offer this kind of advanced integration," he said.
"The more traditional SIEM systems just log events and that's about it. Today, you need to do a lot more than that. You need to know a lot more about who really is on the system and you need to be able to demonstrate a lot more to stay in compliance," Gordon said.
"And credit unions have to essentially do the same thing as big banks in this regard but with less resources. So they need an out-of-the box tool that can provide enough automation to get the results they need easily but can still have a lot of capabilities" to support network and security roles by people doing both tasks.
That was the case at Denali Alaskan, which went live with AccelOps in June, running it on a virtual server with VMWare. Hardware appliance and managed host versions are available, too, but Bennett said they decided to go with the virtual device to take advantage of technology it already had in place.
"Generally speaking, it was operational very quickly and has a very logical Web GUI. Since it has rules, report templates and dashboards built in, we saw useful output almost immediately," Bennett said.
In addition to greater visibility across the network, the new system helps Denali Alaskan stay in compliance by not only tracking security alerts and access records, but also by documenting and verifying configuration changes, patches, system issues and other items that are increasingly on a compliance auditor's agenda.
Gordon at AccelOps declined to say how many clients, including credit unions, his company has but did say that "financial services are among our leading vertical markets. He also said he has seen a lot of different deployments as credit unions try to deal with the growing complexity and number of compliance demands.
"Many of our customers use our tools right out of the box and enhance policies by modifying what's built it, but you can also create your tools and rules, depending on your level of sophistication, to support the unique mandates you may face and allow you to build something to meet an audit request."
Denali Alaskan plans to take advantage of that flexibility.
"I can foresee expanding the use of AccelOps for overall troubleshooting, application monitoring, operational reporting and planning. There is decent value here for one tool to support both security and network operations," Bennett said.