MasterCard charges ahead on managing security data

23.01.2006
Rolling out a new breed of tools that capture information from IT security logs can be a daunting task for corporate users, who may need to bulk up their systems and storage devices to handle the torrents of data that can be generated.

But MasterCard International Inc. has survived the deployment process and is seeing big gains in efficiency among its security staffers, according to Malcolm McWhinnie, the company's information security technology head.

Last April, MasterCard installed Sentinel, a security information management tool from e-Security Inc., on its mainframe and distributed servers and on hundreds of network devices at its data center in O'Fallon, Mo. The goal, McWhinnie said last week, was to simplify security event management procedures that were previously handled by custom-built tools, which required a great deal of maintenance and had limited scalability.

McWhinnie hasn't done a formal calculation of return on investment. But, he said, "my people are spending much more time drilling into the security events they see and much less time managing the tool and taking action on that."

Sentinel collects and evaluates "millions and millions" of security-related logs daily, helping MasterCard's security workers by eliminating things such as false-positive reports, McWhinnie said. It took only three months to implement the software, but he noted that a large amount of "grunt and groan" work was required to tune the tool so it would report only actionable security events and avoid passing on too much irrelevant data.

Because of such challenges, MasterCard's early success is a rarity among large SIM rollouts, said George Hamilton, an analyst at Boston-based Yankee Group Research Inc. who is familiar with the credit card company's project.