British Sky Broadcasting (BSkyB) is deploying Splunk’s data management platform to help it detect when hackers are trying to access Sky customer accounts.
The move comes as Rupert Murdoch’s media empire, and others organisations like it, are targeted by an increasing number of sophisticated cyber attacks that aim to steal user’s bank details, email addresses and other personal data.
Mark Debney, principal engineer of developer operations at BSkyB, told ComputerworldUK that the Splunk Enterprise platform, which is designed to help businsses derive insights from their data, enables the Sky “identity” team to monitor each customer’s login behaviour better than before.
“If you have a user that repeatedly tries to sign in constantly and fails, that might indicate they’ve either just forgotten their password or it might indicate there’s actually someone who is trying to hack into their account," he said at Splunk’s annual conference in Las Vegas today. "If a user successfully signs in from one country and then half an hour later they sign in from another country that might dictate either one of those or both of those was not an accurate log in.
"We use Splunk to create a number of different rules in real time and look for those sorts of events."
In terms of the log in rules that Splunk analyses, they go from being “very simple” to “very complicated”, according to Debney.
Each time a log in attempt is made, BSkyB uses Splunk's software to compare it to previous log in attempts. “You either find more attacks or dismiss it as normal behaviour,” said Debney.
Previously, BSkyB created its own in house tools and rules that looked at customer log in behaviour.
“It was a constant development keeping them up to date and actually being able to scale these security tools to deal with the capacity was getting harder and harder,” said Debney. “It’s possible to do but do you really want to spend your time paying for a development team when there are other things you could be focusing on like the rules themselves?”
BSkyB has been using Splunk in the proof of concept phase over the last year but Debney, who oversees a team of five developers and three network administrators, said the company is now ready to install and set up a true Splunk environment.
“We’re looking at rolling out in the next three weeks,” he said. “It’s all racked and stacked now. It’s just a case of installing it and transferring the rules across from our proof of concept onto the final system.”
According to Debney, other project teams at BSkyB have followed the trial carried out by the identity group and are now keen to implement the software across their own departnments.
"There’s loads of other teams that are now saying you guys are looking at Splunk; is this something we should be looking at?" he said. "I’m talking with other teams within Sky to help them figure out what their Splunk instance should look like. At the moment it looks like there could be several quite large instances within Sky all doing slightly different things."