TransUnion Hong Kong turns to LogRhythm to manage insider threats

Source: LogRhythm

LogRhythm, the leader in log management and SIEM 2.0, today announced that TransUnion Hong Kong has deployed its log management solution to help improve the security of its IT operations.

TransUnion, Hong Kong's only credit reference agency, is using LogRhythm to monitor user activity on its network, ensuring unauthorised employees cannot access confidential customer information and that IT administrators do not abuse their access privileges.

Part of TransUnion Limited, which was founded in 1982 and now operates in 23 countries, TransUnion Hong Kong serves approximately 99 member companies, helping more than 4.3 million consumers understand their credit ratings. Entrusted with such a high volume of valuable information, it is vital that the company ensures data cannot be accessed by unauthorised personnel, whether intentionally or by accident. To complement its rigorous recruitment and staff training programmes, TransUnion has therefore turned to LogRhythm to help monitor user activity on its Windows Active Directory. With its real-time, automated collection and analysis of all Windows access log data, LogRhythm is able to alert on any suspicious or unexpected user behaviour, and can generate a wide range of user-friendly reports to assist with regular compliance audits.

"TransUnion is entrusted with an enormous amount of valuable consumer information, and our reputation is staked on our ability to keep it safe. LogRhythm's power to both identify and remediate unauthorised user activity plays a critical role in securing this data," said Johnny Wong, IT Manager of TransUnion Hong Kong. "The value of the information we hold also means we are faced with a number of compliance obligations, so are frequently subjected to both external and internal audits of our control systems. With LogRhythm this process is very straightforward. We can now generate the required reports in just hours; previously it took weeks to generate all these various documents."

Critically important to TransUnion Hong Kong is LogRhythm's ability to independently and automatically capture and act upon log data associated with administrator activity. While most IT administrators are responsible and ethical, the value of the information they can potentially access, as well as their ability to modify activity records, means that it is vital that their activity is independently monitored. LogRhythm can automatically access privileged user log data without relying of the user itself for collection, and also provides an encrypted digital chain-of-custody that makes it impossible for administrators to tamper with records or hide unauthorised activity. In addition, LogRhythm's Intelligent IT Search™ can instantly run user-level investigations to identify behaviour-based patterns.

"Hong Kong has a population of over 7.5 million, and among them 4.3 million people have their credit ratings in the TransUnion system. Protecting the credit ratings of such a large number of people is no small undertaking, so it's a great endorsement that TransUnion has chosen LogRhythm to help meet both its security and compliance obligations," said David Cheng, general manager Asia Pacific at LogRhythm. "With high profile hacking collectives making the headlines on a seemingly daily basis, it's sometimes easy for businesses to overlook the threat posed from within. All organisations must take extra care to keep their own houses in order, preventing all unauthorised personnel from accessing confidential data, whether it be a rogue employee trying to steal information for financial gain, or simply a member of staff who innocently stumbled across files by mistake."

Comments: (0)