St John Ambulance is tackling the Payment Card Industry Data Security Standard (PCI DSS) by implementing a new system designed to monitor the security performance of its network.

It chose a security information event management (SIEM) system from LogRhythm, a company which specialises in the collection, organisation, analysis, archival and recovery of log data.

The system will help the charity meet its obligations as a Level 3 PCI DSS merchant by collecting logs from various relevant components on the charity’s network, such as the firewall and workstations, and alerting on any unusual activity.

Previously the IT team collected log data manually which made analysis or investigation both time-consuming and more reactive than proactive.

“We evaluated a number of offerings but LogRhythm stood out as being more flexible and configurable than the others,” said Karl Heydenrych, IT director at St John Ambulance.

“Additionally, LogRhythm was the only solution we found which offered integrated file integrity monitoring.
    
“Not only would this negate the need for us to purchase an additional solution to meet the specific file integrity monitoring requirements of PCI DSS, but it would simplify and strengthen our security, audit and compliance processes.”

The LogRhythm system was provided by reseller Softcat and implemented by LogRhythm partner Vigil Software.

Having addressed the PCI DSS compliance issues, the charity now anticipates extending the use of the product across its entire IT estate.