Using Sentinel to monitor its network in real time, bwin improved security, reduced administrative effort and more easily demonstrated compliance with the PCI-DSS.
With more than 1,200 employees in Stockholm and Vienna, the bwin Group is one of the worlds leading providers of online gaming entertainment. The company offers sports betting, poker, casino games, soft games and skill games via the Internet and other digital distribution channels in more than 27 different languages.
All companies that process, store or transmit payment card data must comply with the Payment Card Industry Data Security Standard (PCI-DSS). This standard aims to prevent fraud, protecting both consumers and businesses from financial loss. Compliance with the standard also helps companies lower transaction costs significantly.
Among other requirements, the most recent PCI-DSS specification calls on payment card processors to maintain a secure network, protect stored cardholder data, implement strong access control measures, regularly monitor and test networks, and maintain a comprehensive information security policy.
With millions of customers, thousands of internal users and hundreds of applications and databases, bwin was spending significant time and effort compiling reports to prove its compliance with the PCI-DSS. Compliance was managed on a departmental basis, which was inefficient and made it difficult to ensure that the same approaches and policies were being applied uniformly across the company. To reduce the cost and effort of compliance and improve security reporting, bwin needed an automated, centralised solution for monitoring and managing multiple security log files.
Following a review of available solutions, bwin ran a pilot project using Sentinel®, then worked with Verizon Business to deploy the solution across its entire payment infrastructure. In addition to rolling out the solution across the data centres of its global subsidiaries, bwin plans to extend the scope of monitoring to all corporate systems, pending the completion of a full risk assessment.
"The responsiveness of their team was an important factor in our choice of solution," said Oliver Eckel, Head of Corporate Security, bwin International Ltd. "Equally, Sentinel offers significantly better performance than the other solutions we considered."
The current Sentinel environment at bwin covers Microsoft Windows servers in the payment infrastructure, while the full rollout of the solution will add Sun Solaris systems and Oracle databases. The solution aggregates security logs from the specified network elements servers, workstations, storage devices, routers and switchesin real time, normalising the data they contain to create consistent, centralised reports. Rather than monitoring hundreds of disparate logs in different locations, the bwin security team now has a single viewpoint for all security events.
"Deploying Sentinel enabled us to centralise our monitoring into a single corporate function, removing all compliance effort from the departments and making it easier to apply corporate policies," said Eckel. " Sentinel gives us all the tools we need to identify anomalies, detect intrusions, and meet the log monitoring and auditing requirements of the PCI-DSS."
As a high-profile company processing large volumes of card payments, bwin is an attractive target for increasingly sophisticated online fraudsters. To protect against emerging vulnerabilities, bwin implemented the optional Sentinel Advisor module, which provides centralised security intelligence to proactively identify and counteract new varieties of attack, as well as to eliminate false positives. -
More Micro Focus Links:
PRODUCTS & SOLUTIONS: https://www.microfocus.com/products
SUPPORT & SERVICES: https://www.microfocus.com/support-and-services
Micro Focus is a global software company with 40 years of experience in delivering and supporting
enterprise software solutions that help customers innovate faster with lower risk.