Freely subscribe to our NEWSLETTER

Powys County Council is responsible for providing local authority services to more than 130,000 people in the county, which spans an area a quarter of the size of Wales. Approximately 2,500 of the Council’s 8,000 employees have access to its IT network, which links 200 offices and schools across the county. In addition to keeping this large network secure, the Council, which connects to the UK Government Connect Secure Extranet (GCSX) in order to process benefits payments, must comply with Good Practice Guide no. 13 (GPG 13). This prescribes the Protective Monitoring of the Council’s network, in order to proactively spot suspicious events and provide an audit trail of past incidents. As it processes credit card payments for council tax and other charges, the Council must also monitor access to network resources in order to achieve PCI compliance. The deployment of centralised real-time analysis of log data generated across the Council’s IT infrastructure plays a large part in ensuring these compliance requirements are satisfied.

The Council has traditionally stored the log data generated by individual network devices in silos. However, with an increasingly complex IT infrastructure and a growing compliance burden, the process of monitoring has become time consuming and expensive to resource. It has therefore been decided to deploy a centralised log management tool that can automatically analyse log data generated across its entire infrastructure, as well as alert on anomalies and ensure ongoing compliance with GPG 13 and PCI regulations. After a review of a number of solutions on the market, Powys opted for LogRhythm’s solution. Key reasons for this decision included LogRhythm’s ability to cost effectively analyse and correlate log data generated by the widest range of sources – including all of the Council’s current IT systems – plus its ease of use.

LogRhythm’s solution will analyse log data generated by all of Powys County Council’s critical IT systems, including its active directory, firewalls, financial systems as well as its HR and social services databases. From a single, customisable dashboard, the Council’s IT team will be able to gain a complete overview of all these assets, while the solutions’ out-of-the box reporting capabilities means that, from day one, it will able to produce reports that prove compliance with the requirements of both PCI DSS and GPG 13. The dashboard also provides Powys with the added benefit of being able to spot and fix inefficiencies in its IT operations.