With more than 1,200 employees in Stockholm and Vienna, the bwin Group is one of the world’s leading providers of online gaming entertainment. The company offers sports betting, poker, casino games, soft games and skill games via the Internet and other digital distribution channels in more than 27 different languages.
All companies that process, store or transmit payment card data must comply with the Payment Card Industry Data Security Standard (PCI-DSS). This standard aims to prevent fraud, protecting both consumers and businesses from financial loss. Compliance with the standard also helps companies lower transaction costs significantly.
Among other requirements, the most recent PCI-DSS specification calls on payment card processors to maintain a secure network, protect stored cardholder data, implement strong access control measures, regularly monitor and test networks, and maintain a comprehensive information security policy.
With millions of customers, thousands of internal users and hundreds of applications and databases, bwin was spending significant time and effort compiling reports to prove its compliance with the PCI-DSS. Compliance was managed on a departmental basis, which was inefficient and made it difficult to ensure that the same approaches and policies were being applied uniformly across the company. To reduce the cost and effort of compliance and improve security reporting, bwin needed an automated, centralised solution for monitoring and managing multiple security log files.
Following a review of available solutions, bwin ran a pilot project using Sentinel, then worked with Verizon Business to deploy the solution across its entire payment infrastructure. In addition to rolling out the solution across the data centres of its global subsidiaries, bwin plans to extend the scope of monitoring to all corporate systems, pending the completion of a full risk assessment.
"The responsiveness of the Novell (now a part of Micro Focus) team was an important factor in our choice of solution," said Oliver Eckel, Head of Corporate Security, bwin International Ltd. "Equally, Sentinel offers significantly better performance than the other solutions we considered."
The current Sentinel environment at bwin covers Microsoft Windows servers in the payment infrastructure, while the full rollout of the solution will add Sun Solaris systems and Oracle databases. The solution aggregates security logs from the specified network elements – servers, workstations, storage devices, routers and switches – in real time, normalising the data they contain to create consistent, centralised reports. Rather than monitoring hundreds of disparate logs in different locations, the bwin security team now has a single viewpoint for all security events.
"Deploying Sentinel enabled us to centralise our monitoring into a single corporate function, removing all compliance effort from the departments and making it easier to apply corporate policies," said Eckel. "Sentinel gives us all the tools we need to identify anomalies, detect intrusions, and meet the log monitoring and auditing requirements of the PCI-DSS."
As a high-profile company processing large volumes of card payments, bwin is an attractive target for increasingly sophisticated online fraudsters. To protect against emerging vulnerabilities, bwin implemented the optional Sentinel Advisor module, which provides centralised security intelligence to proactively identify and counteract new varieties of attack, as well as to eliminate false positives.
By using Sentinel to centralise and rationalise its network security monitoring and reporting capabilities, bwin has strengthened its protection against intrusion.
Sentinel replaces the manual, department-led monitoring of distinct network elements with an automated, enterprise-wide solution for real-time monitoring and reporting of security issues, managed from a single point of control. In addition to improving security metrics, the Novell solution is helping to reduce security and compliance costs by releasing departmental staff from monitoring duties.
"Novell Sentinel makes our security infrastructure much more transparent, and the improved monitoring capabilities give us better quality assurance, particularly where change management is concerned," said Eckel. "Using the Novell solution, we have optimised our security workflows, saving time by eliminating the need to manually check log files on hundreds of systems."
Most important, the solution has simplified the process of security reporting while enriching the information itself, enabling bwin more easily to demonstrate compliance with the PCI-DSS.
"Compliance is a significant business issue for bwin, helping us to protect our status as a trusted payment card processor and demonstrate to customers that we place the highest possible emphasis on the security of financial data," said Eckel. "Sentinel has improved our ability to monitor and correlate security incidents, enabling us to take a more proactive approach to network security and helping us to demonstrate compliance."