Barclays banking group’s security division is using Splunk, a big data technology tool, to help it comply with an increasingly complex regulatory environment and is also looking to roll out the technology across a number of other business units.
Barclays is one of the largest banking groups in the world, where it operates in over 50 countries and has tens of millions of customers.
Computerworld UK spoke to the bank’s head of security services, Stephen Gailey, at this week’s Splunk Live event in London, where he explained that Barclays initially had no plans to use the application, but was so impressed by its capabilities that it actually backtracked on rolling out other log management solutions to deploy Splunk.
When Gailey joined Barlcays seven years ago he rolled out a security information and event management solution (SIEM), which he said ran into problems scaling up when the bank acquired other banks and integrated other sections of the business into the Group.The SIEM solution was used as an integration point for everything that happened in Barclay’s security, where the team were able to see people logging in, getting viruses, remote access etc.
As the SIEM tool began to struggle, Gailey began looking around for a solution and was set on trying to integrate a log management system. However, he then attended a Splunk Live event three years ago, which changed his mind.
“People in my team kept saying to me I should look at Splunk, but I wasn’t convinced. I kept saying no, that we had a strategy and that we should push ahead with it. In the end I came to Splunk Live looking for more information to argue more effectively with them, because I was so sure it wasn’t the right thing for us,” said Gailey.
“I was turned around at the event, I came away thinking it was fantastic. So I went back to the office, called everybody together and told them to get Splunk into the lab and test it out compared to the log management solutions and other SIEM tools. It just blew them away.”
Gailey said that changing track and deciding to pursue Splunk was a big and risky decision, as he had convinced the business to pursue a new log management system already.
“Because we had got a strategy that senior management had already bought into, changing that was quite courageous. Then we had the additional challenge that we were influencing other business units – we had already talked the retail bank into log management. We had to go back and tell them, that’s all off!” he said.
“I had to take a deep breath and go tell them all that we were wrong and that there had been something in the market place for at least a year or two that was much better for us. But we ended up throwing away log management, and throwing away SIEM.”
Barclays instantly bought a 2TB licence from Splunk. Gailey said that deployment of the technology was fairly straightforward as they already had all the data coming into a central point so all they had to do was reroute the feeds into Splunk. Barclays has also been able to massively increase the number of data feeds going into Splunk, compared to what it was using previously, as on the previous system adding a new feed would have taken a month of technical work.
“In the old world nobody was allowed to bring any data in unless you had defined what reports you wanted coming out the other end. If you didn’t normalise it right you wouldn’t get out what you needed. With Splunk you can just throw anything at it,” said Gailey.