MasterCard deploys security information manager tool

MasterCard International Inc. launched new security information manager (SIM) software purchased from a small vendor last April and only three months later saw big improvements in security management efficiency that continue today.

MasterCard, in Purchase, N.Y., deployed Sentinel software from Vienna, Va.-based e-Security Inc. on its mainframe, distributed servers and hundreds of network devices at a central location in St. Louis. The goal, according to Malcolm McWhinnie, technology head of information security, was to simplify security event and information management that was previously handled by custom-built tools. He declined to disclose the initiative's cost but called it a medium-size IT project.

McWhinnie's team evaluated several other products before choosing Sentinel. He wouldn't name the other options that were studied, which included some from large management software vendors that more broadly provide systems and network management as well as SIM-related tools.

MasterCard's custom tools required a great deal of maintenance and had limited scalability compared with what e-Security's Sentinel 5 and the Sentinel Wizard module have provided, McWhinnie said. 'It is very scalable ... and the data presentation in the [graphical user interface] is excellent,' he said, noting that the Wizard module simplified configuration of software agents used in hundreds of devices.

The use of Sentinel has boosted IT efficiency, although McWhinnie said he hasn't calculated the return on investment. 'My people are spending much more time drilling into the security events they see and much less time managing the tool and taking action on that,' he said. The tool evaluates and collects 'millions and millions' of security-related logs daily, helping security staff by eliminating such things as false positive security reports.

Although it took only three months to implement, McWhinnie noted that there was still a large amount of 'grunt and groan' work to tune the tool to report actionable security events and avoid passing on too much irrelevant data.