Iris Software meets compliance mandates and centralizes log management with Log360

Business challenges

• Compliance log retention and management: To meet multiple regulatory standards, Iris Software required secure collection and timely storage of logs from servers, endpoints, and applications.
• Efficient forensic capability: When an incident occurs, Iris Software's security team requires access to historical logs from diverse sources to perform comprehensive analysis.
• Centralized log aggregation: Iris Software's IT team was looking for a security information and event management (SIEM) solution that can centralize the collection and aggregation of logs from multiple environments.

The problem

With the organization serving financial and insurance clients, Iris Software operates under stringent compliance mandates including ISO 27001, SOC 2 Type II, the PCI DSS, and upcoming HIPAA requirements. Being under the purview of multiple regulations, Iris Software's CISO Kamal Dhamija had observed that his organization needed a SIEM solution to collect and retain logs for at least six months.

Besides compliance, Dhamija said that centralizing log collection was also an additional requirement: "Whenever something happens, obviously you need to require the logs from various applications, servers and the endpoints. So that you can perform the forensics on top of it. "He added that "without historical data, you won't be able to perform [investigations]. It's the core backbone for any organization."

The solution

The IT leadership at Iris Software implemented ManageEngine Log360, primarily because it met all technical, compliance, and usability criteria. To further explain the decision, Dhamija said:

Furthermore, Dhamija's positive experiences with ManageEngine during his previous stints in various companies made this decision easier and quicker.

Log360 provided Iris Software's security team with a centralized console to perform log management, aggregating data from applications, servers, and infrastructure. This not only helped Iris Software meet the 6‑month retention mandated by ISO standards, the PCI DSS, and HIPAA, but also enabled rapid forensic access. Dhamija highlighted that Log360's centralized visibility “makes life easy” for technicians when retrieving logs from a single source across the organization.

On support, Dhamija affirmed a positive partnership: “The journey is fantabulous. We don’t have to escalate things.” This sentiment was also echoed by Vireen Acharya, the director of IT services at Iris software, when he said: "Support from ManageEngine was excellent." Acharya was particularly impressed with the minimal deployment time taken by ManageEngine's solutions: "I was pleasantly surprised that they [ManageEngine's implementation team] were able to set the products up within a week's time and they were up and running."

Dhamija praised ManageEngine's research and development team for their responsiveness, noting that they promptly addressed requests for customizations and technical improvements whenever needed.

About Log360

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. Vigil IQ, the solution's TDIR module, combines threat intelligence, an analytical Incident Workbench, ML-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks, and it offers an incident management console for effectively remediating detected threats. Log360 provides holistic security visibility across on-premises, cloud, and hybrid networks with its intuitive and advanced security analytics and monitoring capabilities. For more information about Log360, visit manageengine.com/log-management/ and follow the LinkedIn page for regular updates.