Grand Lake Casino Streamlines Compliance Reporting and Mitigates the Risk of Privilege Abuse
In the gambling industry, the main challenge for the IT team is the high level of regulation. Netwrix Auditor is a great solution for this challenge because it makes us way more efficient in assembling information for audit reports and making sure we operate in compliance with all the regulations.
Ryan Allington, IT Manager,
Grand Lake Casino
- Grand Lake Casino is subject to several regulations, including PCI DSS and MICS (Minimum Internal Control Standards, which is enforced by the National Indian Gaming Commission). Auditing through Microsoft Event Viewer was tedious and did not provide enough information to fully satisfy audit requests.
- The IT manager was concerned about the risk of unauthorized insider activity, as well as privilege abuse by third-party contractors and IT members. He had no visibility into what users were doing across the IT environment, so he couldn’t spot and respond to incidents promptly.
- The casino stores all sorts of sensitive data, so control over file servers was of particular concern. The IT manager wanted to be able to see how employees handle sensitive data and detect potential issues before they result in security incidents or compliance violations.
Before Netwrix Auditor, I had to spend quite a bit of time configuring the Event Viewer and making sure it captured all the events. Now I can focus on more strategic tasks like optimizing processes and collaborating with other departments on their IT projects.
Ryan Allington, IT Manager,
Grand Lake Casino
A coworker recommended Netwrix Auditor to Ryan Allington, IT Manager at Grand Lake Casino. During the trial, he was impressed by the straightforward structure of the predefined compliance reports and the flexible alerts, both of which provided him with virtually all the information he needed. Since then, his team has been able to achieve the following results:
- Easier compliance reporting. Netwrix Auditor dramatically simplifies the annual and monthly compliance reporting process at the casino. The predefined reports are clear and provide all the data that auditors usually request, from changes to sensitive folders and security group membership to successful and failed logons to core systems. The software saves Ryan hours every month, enabling him to focus on more strategic tasks.
- Accountability of privileged users. Now Ryan can closely watch the activity of privileged users, including those from the casino’s third-party accounting firm. In particular, he can track the creation and deletion of privileged accounts in Active Directory, get alerts on privilege elevations, and monitor third-party activity with video recordings. These detailed insights help Ryan mitigate the risk of both human errors and insider threats.
- Control over sensitive data. With the detailed information that Ryan and his team get about changes to files, folders and permissions, they can promptly detect activity that might threaten the security of sensitive data. Moreover, common user issues that used to take an hour to investigate can be resolved in minutes. For example, if an employee cannot find a needed file, instead of painstakingly searching through all the folders, Ryan can simply use Netwrix Auditor to see immediately what happened to the file and fix the problem.
- Easier compliance reporting
- Quick detection of privilege abuse and insider threat
- Improved security of sensitive data
- Faster incident investigations
Grand Lake Casino in Grove, Oklahoma, U.S., offers 45,000 square feet of gaming and live entertainment, such as slot machines, table games, live music, restaurants and more.