Follow LogRhythm:

 Follow LogRhythm on Twitter Visit the LogRhythm BLOG, The DiaLog

French Landing Page
Products
       One Integrated Solution
       Log and Event Management
          Log Management
          Log Analysis
          Event Management
          Intelligent IT Search
       Advanced Intelligence Engine (AI)
       SmartResponse
       File Integrity Monitoring
       Host Activity Monitoring
       Geolocation & Visualization
       Reporting
       Turnkey Appliances
       High Availability Solutions
       Software & Virtual Deployments
       Advanced Agent
       WebRhythm Remote Access
       Cisco MARS Replacement

Applications
       Overview
       Compliance
          PCI DSS Compliance
          HIPAA Compliance
          NRC GR 5.71
          NEI Compliance
          NERC CIP Compliance
          SOX Compliance
          GLBA Compliance
          FISMA Compliance
          GCSX Compliance
          Protective Monitoring: GPG13
       SIEM
       IT Optimization
       Business Intelligence
       Insider Threat/Fraud Detection
       Forensics/Investigation
       eDiscovery
       Database Monitoring

Services
       Professional Services
       LogRhythm Labs
       Training Options
          Online Instructor-Led Schedule
          Boulder Based Schedule
       Maintenance and Support

Resources
       Overview
       Prepare for NERC CIP
       Datasheets
       Use Cases
          Protective Monitoring
          Detect Advanced Threats (APTs)
          Absence of an Event
          Continuous Monitoring
          Rapid Forensics
          Advanced Correlation
          Rapid Time-to-Value
          Fraud Detection and Prevention
          Protecting Critical Assets
          Change Control
          Protecting ePHI
          Enriching Data w/ Geolocation
          Network & Process Monitoring
          Controlling Operating Costs
          Privileged User Monitoring
          Flexible Reporting
          Visualizing Log & Event Data
          Zero Day Exploits
          Architecture for Any Enterprise
       Case Studies
          Canadian Auto Association
          University of Nottingham
          Endsleigh Insurance Services
          The Share Centre
          ALPS Funds Services
          St John Ambulance
          Phoenix Sun
          Ventura
          Ascent Media Group
          Commidea
          Center for American Progress
          Fortis Bank
          Cardiff County Council
          Regis Corporation
       Compliance Solution Briefs
       Compliance White Papers
       Sample Reports
       Customer Testimonials
       3-Minute Product Demo
       In-Depth Product Demo
       Request Online Demonstration
       Multimedia
       Industry Info
       Request More Info

Partners
       Partners Overview
       Reseller Partners
       MSP/MSSP Partners
       Services and Solutions Partners
       Technology Partners
       Ecosystem Partners

Company
       Overview
       In the News
       Press Releases
          Press Releases - Current
          Press Releases 2010
          Press Releases 2009
          Press Releases 2008
       Events
       Executive Team
       Careers
       Contact
       Privacy Policy

Support
       Customer Support Portal
Schedule an Online LogRhythm Demo Download White Papers Request More Information View 3-Minute Product Demo
Resources

LogRhythm is part of our systematic approach to security. It is not a checkbox or asnapshot. LogRhythm
underpins an ongoing operational approach that allows our staff to be experts on our own systems. We
understand the user and network behavior and can quickly identify anomalies and take appropriate
actions.

Bernie Rominski Regis
IT Security Officer
Regis Corporation

Regis Corporation – Leveraging PCI DSS

Regis Corporation is the beauty services industry’s global leader in beauty salons, hair restoration centersRegis Logo and cosmetology education. Regis Corporation has annual revenues exceeding $2.5 Billion and engages in the ownership, operation, and franchising of hair styling and hair care salons throughout the world. This includes the United States, the United Kingdom, Canada and Puerto Rico. Regis Corporation’s salons operate primarily under the Regis Salons, MasterCuts, Trade Secret, SmartStyle, Supercuts, Cost Cutters, and Sassoon trade names in malls, department stores, mass merchants, and high-street locations.

Committed to the right customer experience

In the retail and services industry, positive customer experience is paramount. Regis is committed to keeping its customers happy by delivering exceptional products and services and offering world-class loyalty rewards. Regis’ IT organization must ensure that the total customer experience is supported by efficient and secure credit card transactions as well as reliable access to loyalty program data.

Ensuring PCI Compliance and Strengthening IT Security

The IT organization must ensure that Regis is in compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) requirements for payment account data security. For some organizations, complying with the PCI DSS is merely a burden they need to bear. However, for Bernie Rominski (CISM, CISSP) IT security officer for Regis, it is an enabler. “Protecting customer loyalty and credit card data is essential to ensure a positive customer experience. Embracing PCI DSS as a complement to our IT security best practices enables us to drive organization-wide awareness of the value of our overall IT security program and the impact that it has on the health of our business.” says Rominski.

Millions of logs and audit trails are generated daily from a variety of IT infrastructure components across Regis’ global enterprise. This includes AS/400, AIX, Linux, Windows and Mac servers, Cisco and Checkpoint devices, McAfee security and compliance applications, and even business-critical applications such as core HR and financial systems. Attempting to collect, analyze, retain, report and monitor for exceptions in real time by assessing the log and audit trails, manually or through a home-grown system is a daunting task, if not impossible. Regardless, PCI DSS calls for the centralization, correlation, review, archiving, monitoring and reporting of the logs and audit trails. But simply complying with PCI standards isn’t enough, according to Rominski. “PCI compliance is just a snapshot. Assuming that you are safe because you take preventative measures makes you weaker – you must take action to be a step ahead of those who are constantly looking to exploit holes in your network.”

Securing Executive-level Support

Regis Store Front“Simply put, we cut hair. Executive management in the beauty services industry has not traditionally embraced technology. Let’s face it, there’s not a lot technology can do that to deliver a better hair cut” says Rominski. But the higher-level concern about the cost of non-compliance with PCI DSS created an opening. PCI DSS enabled Rominski to engage with executive management at Regis to help them understand how investment in technology would positively impact Regis’ customers and corporate profitability. For example, if a customer has to wait an extra 3-5 minutes to complete a credit card transaction or cannot access their customer loyalty program account while they are at a salon, there is a huge impact on their Regis experience. Similarly, if a customer uses their credit card to pay for a haircut and the system on which that credit card data is stored is compromised, the customer’s perception of Regis could be irreparably damaged. That message resonated with Regis’ executives and led to a commitment to invest in a more comprehensive IT security strategy.

Log and Event Management in One Solution

Regis considered a variety of options when it came to log and event management. Rominski’s staff had experience with a traditional security event management application, but it didn’t provide the completeness of functionality needed for log and event management. They also looked at outsourcing this function, but Rominski pointed out “You can outsource management of the technology, but you can’t outsource the risk.”

LogRhythm’s ability to provide comprehensive out-of-the-box log collection, analysis, correlation, real-time monitoring and reporting for Regis’ diverse heterogeneous environment was a prime driver in decision to select LogRhythm.

“LogRhythm is part of our systematic approach to security. It is not a checkbox or a snapshot. LogRhythm
underpins an ongoing operational approach that allows our staff to be experts on our own systems. We
understand the user and network behavior and can quickly identify anomalies and take appropriate
actions,” said Rominski.

Powerful Tools to Drive a Strong Security Program and Risk Management

“Sitting in front of the console is fascinating even for non-technical people,” stated Rominski. “Our systems are talking to each other in a very detailed way, which was invisible before simply because of our inability to collect and manage all of the log and audit information. LogRhythm not only collects all of this data, it provides real- time data analysis to quickly identify meaningful events and incidents. The security team at Regis found an immediate benefit with the out-of-the-box “canned” alarms provided by the LogRhythm solution. Shortly after deployment, the real-time monitoring and alarming engine escalated an event to our security team empowering them to take action before it impacted our customers. I’m totally confident we made the right choice with LogRhythm.”

Download Regis Case Study 'PDF' Regis Case Study PDF Download
 
© 2011 LogRhythm, Inc.    All Rights Reserved.