City of Kenai strengthens security and compliance with Log360

Business requirements

The City of Kenai needed a centralized log management solution to meet audit requirements and simplify troubleshooting across its IT infrastructure. Dan Castimore, the city's IT manager, explained:

The city needed a solution that could centralize logs from multiple sources, including domain controllers and firewalls, while providing a lightweight security information and event management (SIEM) capability. Castimore referred to Log360 as “SIEM light,” noting that it enables the team to begin exploring SIEM functionalities without the complexity of larger systems.

A critical operational need for the city is proactive security monitoring. In particular, the IT team needs to detect potential VPN breaches. Their workflow involves monitoring for excessive failed VPN login attempts, checking the source IP against advanced threat intelligence feeds, and automatically adding a deny rule on the firewall if the IP is flagged as malicious. This ensures immediate action against potential attacks, protecting the city's network in real time.

The solution: ManageEngine Log360

To address these requirements, the City of Kenai implemented ManageEngine Log360. Log360 provides a centralized platform to collect, correlate, and analyze logs from various systems. It integrates seamlessly with the city's existing ManageEngine products, including ServiceDesk Plus, Endpoint Central, AD Self-Service Plus, and Network Configuration Manager. This integration helps maintain continuity and empowers the IT team to leverage familiar interfaces across different tools.

For the VPN monitoring use case, Log360's alerting capabilities are configured to detect excessive login failures. Once detected, the system checks the IP address against threat intelligence feeds. If the IP is flagged, an automated workflow adds a deny rule on the firewall, blocking the malicious actor. This setup provides the city with real-time response to potential threats, improving overall network security.

Streamlined implementation and expert support

Castimore highlighted the value of professional onboarding services and credited Afshaan Ahmed from ManageEngine's OnboardPro team for making the process smooth:

Although log management is inherently complex, the expert guidance made integration into the city's existing infrastructure straightforward. Castimore noted that no log management system is entirely simple, but the support provided by the Log360 team significantly reduced implementation challenges.

Explore Log360's online demo

Outcomes and improvements

With Log360 in place, the City of Kenai has achieved several key outcomes. Audit requirements have been fully met, ensuring compliance with relevant standards such as the Center for Internet Security, with partial consideration for HIPAA where applicable. Centralized log collection has streamlined troubleshooting and operational oversight, making IT management more efficient.

The VPN monitoring workflow demonstrates the platform's proactive security capabilities. By detecting multiple failed login attempts, checking them against threat intelligence, and automatically blocking malicious IPs, Log360 helps prevent potential breaches before they can impact the organization.

Castimore acknowledges ManageEngine's continuous innovation and responsive support, and appreciates Log360’s balance between out-of-the-box functionality and customization, stating:

Castimore also highlighted ManageEngine's ongoing innovation and responsive support, noting that Log360 continues to evolve quickly and that the team is always ready to help when needed.

About OnboardPro

OnboardPro is a ManageEngine service that provides solution implementation to clients upon request. This service includes the installation and customized configuration of ManageEngine solutions. It enables clients to seamlessly begin work without worrying about the complexities of product installation, deployment, and use. Every client environment is unique and requires additional support beyond the basic installation and standard features. With custom onboarding, clients have the option to engage a team of product experts to manage the installation, implementation, customization, and training based on their business needs. For more information, visit manageengine.com/onboarding/manageengine-onboardpro-iam-and-siem-professional-service.html.

About Log360

Log360 is a unified SIEM solution from ManageEngine with integrated DLP and CASB capabilities that detects, prioritizes, investigates, and responds to security threats. Vigil IQ, the solution's threat detection and incident response module, combines threat intelligence, an analytical Incident Workbench, ML-based anomaly detection, and rule-based attack detection techniques to detect sophisticated attacks. It provides an incident management console for effective remediation. With reengineered detection—including a centralized detection console, multi-mode rule creation, tuning insights, and object-level filters—Log360 elevates signal quality and reduces false positives. The solution provides holistic visibility across on-premises, cloud, and hybrid environments with intuitive security analytics and monitoring. For more information about Log360, visit manageengine.com/log-management and follow the LinkedIn page for regular updates.