Focus on: Security
Specialty apparel retailer Express found itself in a technology quandary in 2007 when it was purchased by the private equity firm Golden Gate Capital. All of the company’s IT functions were centralized through its previous parent company, Limited Brands. After the buyout, Express had to reinvent an IT strategy and implement the necessary infrastructure.
A key component to its IT strategy was identifying and implementing a security information event management, or SIEM, solution that would automatically monitor for common exceptions such as invalid log-in attempts, intrusion attempts, malware alerts and other potentially malicious network activity. Additionally, the SIEM had to satisfy requirements for PCI compliance relative to monitoring payment card transactions.
After reviewing its options, Express began implementing a SIEM solution from LogRhythm, Boulder, Colo., in August 2009. Within days, the new system was up and running on the company’s core servers, routers and firewalls, then quickly expanded across the network. Now the SIEM also monitors all POS and back-office systems in each of the company’s 580 stores.
“It has helped us maintain a strong security posture, while also yielding a tremendous value with a pretty quick return on investment,” said Jason Luttrell, security engineer, Express, Columbus, Ohio. “Before, several full-time employees had to monitor and follow up on events. Now, we get automated alerts that enable us to quickly cut through noise in the network and focus our efforts on core issues.”
The security solution allows users to set thresholds so alerts can be generated based on requirements defined by Express. For instance, the system can issue an alert as soon as an event happens, even if it occurs just once on a single system, or it can be configured to alert when an event happens multiple times within a defined time period.
“We can set alerts however we want, but we typically define thresholds so the system doesn’t interrupt us frequently with white noise, but instead only sends critical alerts that need attention,” Luttrell explained.
However, the main driver for choosing an SIEM solution, according to Luttrell, was compliance with PCI requirements, including all of the necessary reporting. For example, one PCI requirement is to identify when an unencrypted credit card number has been viewed and by whom.
The LogRhythm SIEM generates a daily report that identifies every instance when an unencrypted credit card number has been viewed and whether the person viewing the number was authorized to do so as part of his job. If an unauthorized person is involved or if the volume is outside the norm, the SIEM automatically sends an alert of a potential intrusion so Express can quickly launch an investigation and avert widespread losses.
Luttrell noted that before the SIEM, this level of oversight and intervention would have been much more difficult; identifying who was involved and whether or not that person’s action was warranted would likely have taken days or, at the very least, hours.
Overall, the most daunting IT security challenge Express faced was monitoring its entire network, which requires that each individual log be reviewed. Now, Luttrell credits the SIEM with “having enough intelligence” to recognize when a log is likely suspicious activity. The system aggregates suspicious logs over a 24-hour period, enabling the security department to have visibility to all exceptions so they can easily assess issues and have a big-picture perspective of the total network on a daily basis.
Target launches anti-smoking campaign with American Cancer Society
MINNEAPOLIS – Target announced that it is launching a month-long anti-smoking campaign in connection with the American Cancer Society’s 2010 Great American Smokeout to support guests and team members in their efforts to quit smoking.
"Target is committed to helping our guests and team members reach their well-being goals, which may include quitting smoking, and we’re proud to work with the American Cancer Society for this year’s Great American Smokeout," said Dr. Joshua Riff, Target’s medical director. "As part of our focus on prevention, Target offers a variety of tools, tips and products for those who want to stop smoking and stay smoke-free. This campaign advances our prevention efforts and will ultimately lead to healthier communities."
The campaign will begin on Nov. 1 and will highlight Target’s assortment of stop-smoking aids and give greater visibility to Target Pharmacy and Target Clinic healthcare professionals, who can offer support, smoking-cessation materials and advice, the company reported. The campaign is anchored by in-store signing and informational brochures in all Target stores, as well as features in the weekly ad and at Target.com.
The American Cancer Society’s 35th annual Great American Smokeout takes place Nov. 18, and is designed to motivate and empower smokers with personalized tools, tips and support to help them quit for good.
B&N launches parents’ loyalty program
NEW YORK – Barnes & Noble announced the launch of the B&N Kids’ Club (www.bn.com/kidsclub), a free loyalty and rewards program for Barnes & Noble parents and caregivers. The B&N Kids’ Club is an in-store and online program that provides exclusive benefits along with savings and discounts on Barnes & Noble’s outstanding selection of children’s books and educational toys and games.
When customers sign-up for the B&N Kids’ Club they will be welcomed with a 30% off coupon to use on a future purchase of children’s books, educational toys and games, and adult games and puzzles, the company reported. Kids’ Club members will also receive a $5 coupon for every $100 they spend on children’s books and toys up to four times per year.
“Barnes & Noble is committed to being a valuable resource for parents,” said Jaime Carey, chief merchandising officer for Barnes & Noble. “Our recently launched B&N Kids’ Expert Circle and our newly expanded Educational Toys & Games section in stores and online reflects our dedication to helping parents choose the best products and receive meaningful advice about all the stages of raising children. B&N Kids’ Club is our way of saying thank you for continuing to trust Barnes & Noble.”