Magyar Posta Ltd.
Magyar Posta Ltd. provides national level postal services and operates essential information infrastructure for national security. The client operates a highly heterogenic infrastructure, from mainframes to high-end security and network solutions distributed to nearly every county in the country.
The goal was to establish a dynamically expandable log collection and analysis system that can follow the exponentially increasing number of integrated log hosts and processed log messages. Our further goal was to integrate every host and domain to a central system in order to correlate messages company-wide. We were required to provide online and offline reports, alerting and management reports about the relevant it security incidents.
The project and results
In order to integrate every host and domain to a central system, we first installed log collector servers (LOGNESS Collector) in separated networks collecting, buffering and forwarding log messages through internal firewalls to a central LOGNESS Collector cluster responsible for enterprise-wide log management. The central system contains an elasticsearch database cluster with three nodes providing adequate response time and log loss prevention.
With hundreds of Windows operating systems in the log reports we established strong controls to detect inactive hosts and any further anomalies in the log flow. We set up alerts for missing heartbeats originated from operation systems with LOGNESS Windsender agents installed and also activated statistical trend-analysis to detect critical deviation of the number of log messages per host system or application.
After integration, LOGNESS Administrator level and LOGNESS security analyst trainings were held and the further fine-tuning of the system was made by the clients’ Data Protection Department.