Use cases
Vodafone handles a vast amount of sensitive and personal client data. Their massive data traffic is handled by a huge and complex IT and business infrastructure which is protected by an ever-growing security system. However, the bigger the system, the easier it is to find a security gap, as it becomes a challenge to monitor the full picture constantly and in real time. Hackers know this and look for opportunities to take advantage of the weakest links. LogDrill is a fast and smart analytical tool which has proven to be of great support in dealing with sensitive situations.
LogDrill at Vodafone is used to provide an instant alert about an attack, locate the exact IP address of the attack and thereby provide the opportunity to fix the vulnerable spot before the security breach causes any damage.
Vodafone even hired a team of white hackers to test how fast LogDrill could spot hacker attacks. These highly-qualified professionals had just started looking for open ports in the system when LogDrill detected the unusual data traffic they had generated and alerted system admins to strengthen those weak points – before the simulated hacker attack had even started. This identification process traditionally lasts days but LogDrill found the weak points within hours.
Huge amounts of data traffic not only challenge the company when it is produced but also later on. It is the legal obligation of service providers to save data about customers and transactions for a certain period. Archiving the data generated during the day takes place at night. The process is conducted automatically with no human intervention. This is an efficient process but makes it harder to spot problems which can potentially occur.
It once happened at Vodafone that the automatic saving process stopped but no experts or security devices noticed it for a while. Only error messages were constantly sent from the archiving system. LogDrill found the problem and its root cause in just a few hours, instead of days.