EventLog Analyzer powers the compliance program of Samsung R&D Institute

Business challenges

• Lack of centralized log management: Samsung R&D Institute (SRI) lacked the mechanism to centrally collect and aggregate logs from critical infrastructure, especially dynamic Linux build servers, making it difficult to meet compliance mandates and audit requirements.
• Urgent compliance implementation: Following an internal mandate, SRI needed to deploy a log management solution rapidly to ensure 365-day log retention across all systems, ahead of national regulations.

The problem

Upon receiving a directive from Samsung's headquarters in South Korea, SRI India had to implement a 365-day retention of logs collected across all desktops, servers, and network devices. “We didn’t have any automated solution to capture logs at one place,” said Shakil Ahmad, the CISO and data protection officer (DPO) of SRI. Furthermore, SRI's IT team lacked provisions to accurately capture Linux server logs as part of their IT audit, as the logs were either overwritten or insufficiently captured.

"Being an R&D organization, we have a lot of software builds happening. So, we have at least 100 build servers. A new build server might be commissioned for just a month or two, then decommissioned, and then another one would be commissioned," Ahmad said to emphasize the organization's critical need to capture Linux logs. "The biggest challenge was managing the event logs for Linux servers." To address these challenges, the team needed a reliable log management solution to centralize log data and demonstrate compliance during internal reviews and external privacy audits.

The Solution

SRI's IT leadership implemented EventLog Analyzer following a successful consultation with ManageEngine's team. “Everything worked well. We made a quick decision [to implement EventLog Analyzer], and we’ve done very well with it since,” Ahmad said.

By leveraging EventLog Analyzer's ability to collect and aggregate logs from over 700 sources, SRI accomplished comprehensive log management across both Windows and Linux environments.

The technical support offered by ManageEngine proved to be a major strength in SRI's journey with EventLog Analyzer. “The experience has been smooth. Whenever we raise a ticket, we receive a solution and never have to follow up on a ticket. The experience has been good."

“Security logs are one of our key KPIs,” Ahmad said. “Since deploying EventLog Analyzer, we’ve achieved 100% of the KPI across all servers for several quarters—something we consistently failed before.” Presently, EventLog Analyzer is the centralized SIEM solution for SRI's offices across the Southeast Asian region.

Ahmad added that EventLog Analyzer's log management capabilities played an instrumental role in strengthening the organization's SIEM strategy, adding that "Setting up EventLog Analyzer in my center helped streamline things and paved the way to a good SIEM posture, which we always wanted."

About EventLog Analyzer

EventLog Analyzer is complete log management software that provides holistic cybersecurity. It collects, analyzes, and manages log data from over 700 log sources. With real-time security auditing capabilities, it's easier to monitor critical changes in all your end-user devices. EventLog Analyzer offers instant threat detection to uncover security threats using event correlation and threat feed analysis, and instant mitigation using automated workflows. For more information about EventLog Analyzer, visit manageengine.com/products/eventlog/.