Retail

Spinx is staying PCI DSS compliant-ready with Log360

Spinx

About the organization

Spinx is a privately held, South Carolina-based convenience store and fuel retailer. Spinx is passionate about fulfilling people's everyday needs by providing quality services and products in a clean, safe, and convenient environment. It strives to operate in a fun and respectful manner that balances profit, community involvement, and environmental awareness while valuing its on-the-go customers, partners, and team of employees. Spinx's motto is: "Making Life Easier!"

In 1972, Stewart Spinks formed Spinx and began operations with a home heating oil delivery service and one convenience store in Greenville, SC. Today, Spinx employs over 1,400 associates through its stores, food operations, and related businesses—including more than 80 convenience stores in South Carolina.

  • Organization

    Spinx
  • Country

    USA
  • Industry

    Retail

Challenges

As an organization with over 80 convenience stores, Spinx engages with a great deal of customers on a daily basis, resulting in numerous financial transactions. Hence it is liable to comply with one of the most stringent compliance mandates, the Payment Card Industry Data Security Standard (PCI DSS)—which was the company's biggest challenge.

Convenience stores collect and store customer information, including personal details and payment card data. If not adequately protected, this sensitive information can be targeted and compromised, leading to significant reputational damage and legal consequences. Being PCI DSS compliant was important for Spinx as it ensured a secure environment for financial transactions, lowered the risk of data breaches, and in turn built customers' trust.

For certain services, such as payment processing or inventory management, Spinx frequently relied on third-party providers and contractors. Adversaries often target a security vulnerability or loophole in third-party networks to access their target's resources. Therefore, Spinx also had responsibility to check its third-party access to combat external security threats and ensure its network security. Further, Spinx had to tackle potential insider attacks too by monitoring its privileged users' activities to spot suspicious behaviors. It needed a solution that could ensure its network security by keeping both internal and external threats under check.

With Spinx's previous security information and event management (SIEM) deployment, it was hard to achieve what was wanted; Spinx's IT team found it rather difficult to navigate through the solution and found it to not be very comprehensive.

Spinx leverages Log360 to meet its compliance requirements

ManageEngine Log360's integrated compliance management system—which comes with audit-ready reports and violation alerts—helped Spinx meet its compliance requirements. The ready-built PCI DSS audit report made Spinx ready to demonstrate its adherence to the regulatory mandate simple and easy. Further, Log360's features—like seamless and central log collection and storage mechanisms, as well as a real-time log analysis capability to keep track of configuration changes, security policy and rule changes, registry changes, system events, and other important security events taking place in the network—helped Spinx be proactive by spotting any anomalous behaviors or threats to the security of cardholder data.

Spinx's Technology Systems Manager, Jayson Dowswell, found it easy to generate the compliance reports with Log360's simple UI, quick search, and filtering capabilities for device logs. Spinx could easily gain insights into its network events and plan automated responses to manage these events.

Spinx finds Log360 to be the perfect fit, and cost-effective too

Spinx wanted to find a solution that would effectively identify unusual behavior and prevent potential threats from breaching its system; a cohesive SIEM solution. Spinx's IT team employed three different SIEM solutions over the last 10 years, all of which were largely focused on log management but fell behind in areas such as threat detection, IT compliance management, security analytics, and incident response.

However, Log360 was able to satisfy Spinx's log management needs and met its security objectives, at a reasonable cost. Now, Spinx's IT team is pleased with the decision to use ManageEngine Log360 as their SIEM solution, as they feel like it's the right fit and performs much better than all the other solutions that they have used in the past.

When asked about Log360, Dowswell said that Log360 meets all of their requirements.

Other significant features of Log360

  • Security orchestration, automation, and response (SOAR): Expedite threat resolution by automating your response to detected incidents using workflow options. Source and access security data from different platforms—such as Exchange Server, Microsoft 365, IaaS, PaaS, SaaS, on-premises network devices, servers, applications, and more—all in a single console.
  • User and entity behavior analytics (UEBA): Collect and analyze the data of users, machines, and other entities in a network, like event logs and packet capture data. Continuous monitoring and analysis of data from different sources will help to detect anomalies easily and instantly.
  • Threat hunting: Proactively search for advanced security threats and cyber criminals lurking in your network by utilizing a real-time event response system that alerts you about critical events and offers log search options to detect and stop malicious activities.
  • Real-time security monitoring: Monitor all security events compiled from your Windows and Linux/Unix machines; IIS and Apache web servers; SQL and Oracle databases; and perimeter security devices such as routers, switches, firewalls, intrusion detection systems, and intrusion prevention systems. You can do this in real time through interactive dashboards, out-of-the-box reports, and graphs.

About Log360

ManageEngine Log360, a comprehensive SIEM solution helps enterprises to thwart attacks, monitor security events, and comply with regulatory mandates. The solution comes bundled with a log management component that provides better visibility into network activity, incident management module that helps quickly detect, analyze, prioritize, and resolve security incidents, ML-driven user and entity behavior analytics add-on that baselines normal user behaviors and spots anomalous user activities, threat intelligence platform that brings in dynamic threat feeds for security monitoring and aids enterprises to stay on top of attacks. For more information about Log360, visit manageengine.com/log-management.

About Onboarding

Onboarding is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of the ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of installation, deployment, and product use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With Onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization and training based on the business needs.

Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. It combines threat intelligence, machine learning-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks, and offers an incident management console for effectively remediating detected threats. Log360 provides holistic security visibility across on-premises, cloud, and hybrid networks with its intuitive and advanced security analytics and monitoring capabilities.

Follow Us

2022 Zoho Corporation Pvt. Ltd. All rights reserved.