Salvation Army Australia achieves game-changing cybersecurity with LogRhythm

Salvation Army Australia achieves game-changing cybersecurity with LogRhythm

Salvation Army Australia has strengthened its IT security and improved visibility of key infrastructure components with LogRhythm.

The organization

For more than 140 years, the Salvation Army has been providing support and guidance for those in need throughout Australia. The faith-based movement offers a range of services including assistance for the homeless, alcohol and drug rehabilitation, youth support and Disaster Recovery.

Each year the organization assists more than one million Australians. During an average week, it provides 100,000 meals for the hungry, 2,000 beds for the homeless and 3,000 people with aged care services.

The challenge

As the Salvation Army’s presence in Australia has grown during recent years, the organization has become increasingly reliant on its core IT systems. Used for everything from resource planning and budgeting to record keeping and communication with clients, the infrastructure comprises a complex array of hardware that supports a number of critical software applications.

Lachlan McGill, Executive Manager Cybersecurity, Information Technology Services at Salvation Army Australia

“During the past two years in particular, we had come to the realization that the way in which our infrastructure was being protected from cyberthreats was not as strong as it needed to be,” said Lachlan McGill, Executive Manager Cybersecurity, Information Technology Services at Salvation Army Australia. “It was clear that we need to remove what was essentially a gap in our visibility to ensure we did not fall victim to a potentially damaging attack.”

The solution

In late 2020, plans were made to implement a more robust security platform to improve the level of protection for the organization’s critical IT assets. A range of options were reviewed before a decision was taken to deploy a SIEM platform from LogRhythm.

“What we liked about LogRhythm over its competitors was its large array of pre-built integrations, and its superior automation and orchestration capabilities,” said McGill. “We were also attracted by the ease of use of the analyst console and the platform’s very competitive pricing.”

McGill said the Salvation Army IT team was also impressed with the knowledge and experience exhibited by managed services provider Seamless Intelligence which had proposed the LogRhythm solution.

“Seamless was able to demonstrate a deep understanding of the technology and how it would meet our specific requirements. They began the deployment for us in February 2021 and it was completed by April.”

Once the new SIEM was fully operational, the Salvation Army IT team was quickly noticing some significant benefits. It was now possible to gain insights into issues and incidents that would previously not have been possible without trawling through endless logs or paying third parties to conduct audits.

“Overall, we have been able to significantly reduce the level of risk that cybersecurity presents to our organization,” said McGill. “There is no doubt our maturity level has greatly improved, and we look forward to further leveraging the capabilities of LogRhythm to provide further benefits.”

McGill points to threat detection efficiency and effectiveness as areas that have experienced significant improvement, due in no small part to the processes introduced by Seamless Intelligence and their ability to extract the most value from the LogRhythm SIEM.

“We have logs coming in from several different systems and services which means that the insights we’re now getting have greater coverage,” he said. “This allows us to see where an attack has originated from and where it has potentially made its way to in other parts of the network infrastructure.”

For example, using the threat intelligence in LogRhythm, the IT team can see if a potentially malicious email has made it through the infrastructure’s filters or whether a staff member has clicked on a link and caused their workstation to become infected with malware. LogRhythm SmartResponse is then used to block the sender or malicious URL and do a forensic examination of the workstation.

Looking ahead, McGill said the next step was to take advantage of LogRhythm’s automation capabilities to reduce the workload on the IT team and further improve the levels of protection being achieved.

“We now have in place a security infrastructure that meets our needs now while also having the ability to scale with us in the future,” he said. “It’s been a gamechanger.”

Browse our latest issue

Intelligent CISO

View Magazine Archive