How ManageEngine's EventLog Analyzer helped FMC by balancing security and efficiency

Choosing the right logging tool

The FMC was in dire need of a log management solution that could retain logs for a specified period of time; since failing to retain logs hampers incident response capabilities, it can make it difficult to identify the root cause of an incident, assess the impact, and mitigate it effectively.

The lack of log retention can also lead to compliance violations, and for the FMC, compliance regulations play an important role—failing to comply can result in legal consequences or reputational damage. So, it is critical for the FMC to have a proper log retention mechanism in place to mitigate any risks and maintain a robust security infrastructure.

Major challenges faced by the FMC before EventLog Analyzer

As an independent federal agency, the primary concern for the FMC is to satisfy FISMA requirements. FISMA is not just a set of guidelines that need to be met by federal agencies—the whole idea of FISMA is to keep federal information safe by continuously identifying threats and vulnerabilities proactively.

The FMC is always under security attacks; it has faced attempted intrusions, phishing attacks, and brute-force attacks, as well as a Log4j issue few years back. Though the FMC has been able to thwart attacks, the organization was let down by its previous solution as it didn't retain logs properly or meet security needs.

Why EventLog Analyzer is an effective solution

With 50% of its activities on-premises and 50% in the Azure cloud, the FMC wanted a solution that could collect logs from multiple servers, generate real-time alerts, respond to event anomalies quicker, provide centralized log management, and produce FISMA compliance reports to meet auditing requirements.

So, after exploring many SIEM solutions like Microsoft Sentinel, the FMC chose ManageEngine EventLog Analyzer, finding it to be more cost-effective and easy to use with a familiar interface.

EventLog Analyzer feature that the FMC benefits from the most: Alerting

Gregory Francis, the CISO of FMC, mentioned that the alerting feature helped the organization the most, sending notifications in real time when threshold violations or network anomalies occurred. This feature also helped to identify any launching of suspicious applications, enabling the FMC to investigate it and remediate it effectively with the help of EventLog Analyzer's end-to-end incident management module. The solution also helped the FMC meet the requirements of FISMA's regulatory mandates with predefined compliance report templates and violation alerts.

The impact of EventLog Analyzer at the FMC

ManageEngine EventLog Analyzer's alerting feature helped the FMC detect suspicious threats in its network. Francis revealed that he found the solution to be better than the previous one the organization used as it gave the FMC more control over both the on-premises and Azure cloud environments, and the organization was able to detect and investigate any threat that occurs in its environment. Francis found the solution to be problem-free and was completely happy with the technical support team.

Francis came across an issue and was able to fix it with help of EventLog Analyzer. "I had an account that went out, and I was able to go in and change the account and update the account used to reach out to all the servers. I had to open up the firewalls for the various ports for them to communicate. That was quite simple," mentioned Francis.

FMC's smooth customer onboarding process

Francis appreciated ManageEngine's excellent onboarding service that allowed the solution to be deployed quickly and be up running in a short period of time. He was delighted with the support team's excellent response to issues, which made the implementation process smooth and enjoyable.

About Log360

ManageEngine Log360, a comprehensive SIEM solution helps enterprises to thwart attacks, monitor security events, and comply with regulatory mandates. The solution comes bundled with a log management component that provides better visibility into network activity, incident management module that helps quickly detect, analyze, prioritize, and resolve security incidents, ML-driven user and entity behavior analytics add-on that baselines normal user behaviors and spots anomalous user activities, threat intelligence platform that brings in dynamic threat feeds for security monitoring and aids enterprises to stay on top of attacks. For more information about Log360, visit manageengine.com/log-management.

About Onboarding

Onboarding is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of the ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of installation, deployment, and product use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With Onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization and training based on the business needs.