National Lottery operator to improve security

Log management system is also expected to improve compliance and reduce cost

Camelot's online services make £600m of sales annually

National Lottery operator Camelot will roll out a log management system to increase online security while ensuring compliance and reducing network management costs.

The system comprises log management, log analysis and event management and will cover all Camelot’s £600m web operations as well as meet Payment Card Industry Data Security Standard (PCI DSS) and ISO 27001 compliance.

Much of Camelot’s log data from several payment processing and banking applications is currently processed manually, so the company found that the system would help it automate processes and therefore bring in improved operational practices.

According to Paul Jay, Camelot’s head of information security, service integrity and player protection are paramount, and the system addresses both security and compliance requirements, while "substantially" reducing operational costs associated with log and event management.

“The implementation will introduce a new level of automation and efficiency into how log data is handled as well as how troubleshooting investigations are carried out. [The system] will enable us to take a more proactive approach to investigating incidents as they happen, not after the event,” said Jay.

“By removing these labour-intensive processes, we will not only improve our security but reduce the amount of man hours involved and subsequently the cost of managing Camelot’s technology estate,” he added.

Camelot anticipates a "rapid and substantial" return on investment with the rollout, which will initially focus on PCI DSS compliance, followed by other production systems.

It is expected that the LogRhythm-supplied system will also be part of the firm’s network security strategy and support vulnerability management.