Fighting Cybercrime with Splunk Security Analytics

There are many industries which are in total explosion: Real Estate, Marketing Analytics, Retail, Recruiting Services, Big Data Analytics; but these are the good guys. There are other guys which are using its deep knowledge about Security, Hacking, Cracking, Phishing to take advantage of the popularity of these industries to cut a big slide of the pie and make money from that. A new kind of business have born: Crime as a Service (CaaS).

There are many examples today:

Do you want to hear more about this critical global problem? Just see this amazing talk by Marc Goodman (@FutureCrimes) of the Singularity University at Strata Summit 2011:

But, What is Splunk?

Ok, I will use the same short introduction from its site:

It’s the easy, fast and resilient way to collect, analyze and secure the massive streams of machine data generated by all your IT systems and technology infrastructure.

It’s a great Real-Time Analytics platform to allows to system engineers, security researchers, Data Scientists to collect massive quantity of data and make unified data analysis over these data sets. You can download it from here to try Splunk Enterprise or you can use it as a service with Splunk Storm.

I just did the fist option and I downloaded it, and I tested, and it’s actually awesome. (Stay tuned for a future post about how I downloaded, installed and configure Splunk Enterprise in my Debian Linux version 6.0.7 ). But you should be asking this question.

Why to use Splunk to fight against CaaS?

Let me give you my perspective behind this statement.

First: Product Security Features exposed

Splunk has an amazing group of features when you are looking for an Advanced Security monitoring platform:

  • It allows to combine all machine data from your firewall, access logs, mobile networks, in a single place, which is very important to apply some correlation analysis in these data sets.
  • It allows to do pattern recognition analysis based on several criteria like location, time of day, data criticality, action type, etc
  • It has many compliance solutions like SEC, HIPAA and FISMA and PCI. You can find more information about all this here
  • You can see what’s happening in real-time using a well designed dashboard focused on Security Incident identification, HTTP traffic activity and analysis, User agent analysis, Traffic size analysis and many more good things very useful for every Chief Security 0fficer (CSO) of every company or organization
  • It has something called: “Advanced Persistent Threats”, which you can use it to analyze all kind of threats in your network, focused on malware expansion and explosive growth. This is one of the most challenging global security problem, because it’s very hard to identify malware propagation networks, because the great minds behind this kind of infrastructure are brilliant, and change constantly its behavior using different platforms, IPs, ISPs, different targets, etc. And Splunk has a solution to be used right now to fight back

All this features do that Splunk is the platform which is disrupting Security Analytics business with something called:”Security Intelligence”

Second: Its amazing group of Real Secutity Practioners

Splunk has amassed a outstanding group of security experts to drive the innovation in this field everyday. Some of them are:

  • Mark Seward, Senior Director, Security & Compliance at Splunk, CISSP, PCI, HIPAA, FISMA/NIST 800–53, ISO 27001 and SB1386 compliance
  • Joe Goldberg, Senior Manager, Product Marketing at Splunk
  • Paul Pang, Director, Sales Engineering, Asia Pacific and Japan at Splunk, CISSP
  • Fred Wilmot, Minister of Silly Walks at Splunk, who is an expert in the Designing/Securing Architectures, Network Security, Incident Handling, CoBIT, PCI, HIPAA, and SCADA systems
  • Alex Raitz, Manager and Lead Developer, Applications at Splunk
  • John Topp, Senior Sales Engineer at Splunk, GCIA, GCIH, MCSE, ITIL, a global expert in Cyber Threat Detection networks
  • Debashish (Hash) Basu-Choudhuri, Sales Engineering Director — North East (North America) at Splunk, CISSP

If you want to see to one of them in action, just take a look to this video, where Mark talks about Security Intelligence at Splunk:

Third: Critical Partnerships

The Partnership network from Splunk is full of great companies like Palo Alto Networks, Cloudera, Cisco, RigthScale, Amazon, Microsoft and Vmware. This is a huge advantage for Splunk because these partners have an incredible number of customers, which could be very good for the business, and more an more companies and organizations or whatever are studying how to improve its security on its respective platforms, and Splunk could be play a key role in these requirements.

Conclusions

So, my good fellows, Do you want to help to your company to be ready for the hard challenges that put the cybercrime? Do you want to be two steps forward to hackers and take quick responses to their attacks? Just try Splunk today, and then, don’t forget to send me a simple note saying: “THANKS”, I will be delighted with that.