Camelot leaves little to chance when it comes to securing the online services that transacts over £600 million in sales annually

Maidenhead, 23 March 2010...Camelot, the licensed operator of the UK’s National Lottery, is implementing a log management, log analysis and event management solution from LogRhythm, the company that makes log data useful.  The implementation will help secure Camelot’s web based services, ensure Payment Card Industry Data Security Standard (PCI DSS) and ISO27001 compliance and reduce network management costs.

Camelot is one of the most heavily regulated organisations in the UK.  In 2008-2009, Camelot’s National Lottery sales topped £5 billion and the company regularly handles over 30 million lottery wagers every single week.  Currently, much of Camelot’s log data is manually processed.  Recognising the benefits that automating this process can bring in terms of compliance and improved operational practices, Camelot has selected LogRhythm to provide an integrated security information and event management (SIEM) solution.

Paul Jay, Head of Information Security, Camelot, explains the choice:
“My team is responsible for ensuring a secure environment for transacting our online lottery sales which in turn generate revenue for good causes in the UK.  Integrity of our services and player protection are our highest priority.  I selected LogRhythm  as it offered Camelot a highly-effective solution for addressing both our security and compliance requirements while substantially reducing the operational overhead traditionally associated with log and event management.  Given the completeness of the LogRhythm solution combined with its ease-of-use and implementation, I anticipate a rapid and substantial return on investment.”

Phase one of the LogRhythm implementation will focus primarily on PCI DSS compliance, in particular, storing and analysing log data from Camelot’s various payment processing and banking applications in line with the log data stipulations laid out in the regulations. Once PCI DSS is addressed, LogRhythm will be rolled out to cover as many Camelot production systems as possible.  It will also play a key role in its network security strategy, working alongside Camelot’s Intrusion Detection System and Intrusion Prevention System, as well as supporting vulnerability management.

LogRhythm will be tailored to provide information dashboards specific to each of Camelot’s business divisions.  These dashboards will make it easier for the company’s information security team to have a comprehensive insight into network activity from a departmental and service perspective. 

Paul Jay continues,
“Compliance is only one benefit offered by LogRhythm.  The implementation will bring a new level of automation and efficiency to how log data is handled and how troubleshooting investigations are carried out.  LogRhythm will enable us to take a more proactive approach to investigating incidents as they happen, not after the event.  By removing these labour intensive processes, we will not only improve our security but reduce the amount of man hours involved and subsequently the cost of managing Camelot’s technology estate.”

Ross Brewer, vice president and managing director, APAC & EMEA, LogRhythm, adds:
“Compliance is no longer the sole driver for organisations to implement integrated SIEM solutions such as LogRhythm’s.  Cost management is increasingly playing a role in how they manage their network security.  By fully integrating log data with event management, information security managers can have unprecedented insight into, and control over, their networks – without the need to invest vast amounts of man-hours in the process.”