|Oil & Energy
|PCI DSS compliance; gain more network visibility & log retention
With primarily one person dedicated to security, Nittany Oil was looking for an affordable, PCI DSS-compliant solution that was easy to deploy, manage and maintain on a daily basis.
Nittany Oil chose Blumira’s platform over other costly vendors to help them gain one year of data retention to meet PCI requirements, as well as providing greater network visibility, prioritized detections and playbooks for faster response.
Blumira is at least 50% -- if not more -- affordable compared to some of the other solutions. I would definitely recommend Blumira to other companies looking to increase their visibility into the security of their networks.
Founded in 1958, Nittany Oil is one of the largest heating, oil and gasoline distributors headquartered in Central Pennsylvania. They serve customers in the energy and retail sector with two main operational offices, five satellite offices and 27 convenience store locations. Their services include home heating oil, HVAC services and installation and commercial services.
Nittany Oil’s Director of IT and Security Ethan Shutika has to balance engineering, security analysis and overseeing IT operations for the company with a small team of three IT professionals running their help desk and security.
The nature of their industry and size of their company were concerns that drove their search for a log monitoring, detection and response solution. According to the PCI Security Standards Council, 71% of malicious hackers attack small businesses and merchants with fewer than 100 employees (source: Plante Moran).
“We’re definitely more at risk than other companies. We’re smaller, but at risk due to being in the energy industry and a public-facing company,” Shutika said.
With primarily one person dedicated to security, they were looking for a solution that was easy to deploy, manage and maintain on a daily basis. Nittany Oil also needed a solution to help them achieve PCI DSS compliance (Payment Card Industry Data Security Standard) to protect cardholder data in support of their retail locations.
PCI DSS requires keeping audit trails of system and user activity, daily log reviews for suspicious or anomalous activity, retaining audit trails for at least one year, and other requirements to help keep data secure. Shutika was initially brought on to help Nittany Oil get PCI DSS compliant and improve their security posture. Now they were seeking a way to gain more visibility into their network and retain logs.
Shutika had looked at different SIEM, detection and response vendors over the years, including Splunk, Elkstack and Rapid7. Nittany Oil was using a separate tool to detect network intrusion, but it didn’t retain logs — a requirement to meet PCI DSS compliance.
At a small online security conference, Shutika evaluated Blumira’s solution and found it to be easy to use and more affordable for Nittany Oil compared to other vendors.
“Blumira is at least 50%, if not more affordable compared to some of the other solutions. I didn’t even take some of them to our board for approval as I knew they were out of our budget,” Shutika said.
They also liked that in addition to centralizing log alerts, Blumira’s cloud SIEM platform provided threat detection and response, as well as log data retention for up to a year to help them meet PCI DSS compliance requirement 10.7 that requires at least one year of retention and a minimum of three months immediately available for analysis.
Blumira can help with this requirement by collecting security event logs and retaining them for up to one year, providing a reliable audit trail for investigation and reporting. Blumira
“We definitely had a very smooth deployment. Prior to implementation and during our proof of concept, Blumira took the time to engineer a unique role we have in order to get a special log — that was important for us to capture that log and parse it,” Shutika said.
Nittany Oil integrated Blumira with their Sophos endpoint detection, Windows Server, Active Directory, Proofpoint, Cisco Meraki and more for complete security visibility, data correlation, detection and response across their entire environment, which is mainly on-premises, according to Shutika. Blumira has many on-prem and cloud third-party integrations, with the engineering team constantly working to add new integrations and parsers for new data types.
“It’s easy to use the portal, and Blumira’s team is quick and helpful to add rules and help with detection,” Shutika said. “I like that I can get text notifications of higher risk findings. Being on a small team without the time to watch the application constantly, that can be helpful.”
Shutika also uses Blumira’s playbooks that come with every finding to guide them through next steps to take for threat response, and Blumira’s Scheduled Reports feature for daily review of several reports, including failed logins and account lockouts.
For additional security visibility, Blumira has helped Nittany Oil’s IT team with asset discovery, finding old remote software running on some of their PCs.
“The platform helps me dig through data without having to maintain or monitor it too much. I’ve found old software sitting around on our network that I might have not seen otherwise. It’s great to have an extra set of eyes looking at our environment,” Shutika said. “I would definitely recommend Blumira to other companies looking to increase their visibility into the security of their networks.”
See how easy it is to set up in minutes – sign up for Blumira’s free edition to protect your Microsoft 365 environment today.