AlienVault Unified Security Management Platform Secures the City of Los Angeles, CA

• 网络安全和隐私 - 入侵检测
• 网络安全和隐私 - 网络安全
• 网络安全和隐私 - 安全合规

• 城市与自治市

• 商业运营
• 设施管理

• 资产健康管理 (AHM)
• 入侵检测系统
• 监管合规监控

• 系统集成
• 培训

ITA needed to secure the city’s computer infrastructure, which included a large network with several thousand routers and switches, over 500 application and web servers, and mainframes. This infrastructure incorporated financial systems, the LAPD, and critical systems for all departments. Additionally, the agency needed to ensure its systems were compliant with the PCI Data Security Standard (PCI-DSS) due to the presence of ten websites that process credit card payments. The PCI DSS is a comprehensive security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. ITA had to collect and store system logs, between 10,000-15,000 events per second, from all devices that process credit card information, including firewalls and intrusion prevention systems. Budget constraints and limited manpower further complicated the situation.

The Information Technology Agency (ITA) manages the IT infrastructure and its security for the City of Los Angeles, part of the greater Los Angeles Metro area with a population of 13 million. ITA ensures the business of government is efficient by providing a reliable, long-term, financially viable, and secure information technology infrastructure and systems. The agency continuously strives to improve the dissemination of public service information through the expanded use of communications, computing technology, and effective telecommunications oversight. ITA provides technical support services to City departments, including application design and development, post-implementation support, problem analysis, technical consulting, project management, and contractor monitoring. It is also responsible for the City’s E-Government and Web services, including website and application design and development, publishing of City web development standards, webmaster support, client consultation, and training and maintenance of Citywide Internet and Intranet Web sites. Despite having 500 employees, only a few are directly tasked with securing the City’s systems.

ITA had already purchased a product from a leading SIEM vendor but found it expensive to maintain and insufficient on its own. Modern threats require multiple security controls working together to effectively identify and react to attacks. ITA couldn't afford the additional investment required to scale up the solution to secure its entire complex network. Customizing the solution to collect data from its in-house systems was also proving impossible. ITA then turned to OSSIM by AlienVault, an open-source tool, and was impressed with its capabilities. This led to the adoption of the AlienVault Unified Security Management (USM) Platform. The AlienVault USM Platform integrates five critical security capabilities: asset discovery, vulnerability assessment, threat detection, behavioral monitoring, and security intelligence. This integration provided a quick and easy way to protect the enterprise with minimal integration and deployment overhead. ITA found the platform simple to deploy, and it immediately started discovering assets, performing vulnerability assessments, and detecting threats using network, host, and wireless intrusion detection. The platform also monitored system behavior to identify deviations that could indicate a breach. ITA was able to customize AlienVault plug-ins and build connectors to collect data from its legacy and best-of-breed anti-virus, intrusion detection, and intrusion prevention systems. With the AlienVault feed subscription, ITA could utilize numerous reports and effective correlation rules out of the box, log a large quantity of events, and store them as needed. The AlienVault Compliance Management solution enabled ITA to meet all regulatory requirements affordably.

• The AlienVault USM Platform provided ITA with immediate visibility into its infrastructure, which was previously unattainable.
• ITA was able to customize AlienVault plug-ins and build connectors to collect data from its legacy systems.
• The platform's simplified deployment model and built-in security controls allowed ITA to manage and secure its extensive infrastructure with very limited staff.

• ITA had to collect and store system logs between 10,000-15,000 events per second from all devices processing credit card information.