View
1
Download
0
Category
Preview:
Citation preview
SkyiD Securing Customer Facing Apps Heineken Cup Rugby
Greetings! I’m Mark Debney
3
laptop
The Shape of BSkyB
4
SkyiD
5
SkyiD within BSkyB
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT SERVICES
laptop
6
The SkyiD Security Team
Identity Incidents Investigations
7
So What About SkyiD and Splunk?
CAPACITY VS
SECURITY
Despicable Me 2
Capacity Monitoring capacity of the applications and the physical estate
9
Real Time Performance Reporting to Every Service & Ops Team
Capacity and Business Need
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT SERVICES
laptop
10
Capacity and SkyiD Applications
FREQUENCY
SPEED
ENDURANCE
11
Traffic Profile of SkyiD Applications
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
12
Measuring the Authentication Transaction
StopWatch > end to end performance
13
Capacity and the Physical Estate
PHYSICAL RESOURCES CONSISTENCY
14
Holistic view of infrastructure
Managing Physical Capacity
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT
SERVICES
laptop
Security The Walking Dead
16
Dedicated SkyiD Security Team
Team Composition
Devs QA Application teams DevOps
17
Easy to Detect Attacks
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success Failure
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Normal
Success Failure
Brute Force Attack
18
Single Service Attacks
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
19
A Closer Look
23:00 0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
20
False Positive
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure Sign up
21
A Closer Look
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success Failure Sign up
22
Elements and Indicators of Attacks
USERNAME ServiceName
INTERNAL IP
DATE
TIME
Successful
InvalidCredentials
errorCode aliasType
HTTP Status Codes
UR
L
User A
gent
Country code
Java Call
23
Behavior Based Rules
Next Actions: Compare attributes across multiple transactions
Historical logs for the user and IP
USERNAME
TIME
Country code
24
Tools of the Security Team
Visualization Behavior Based Rules Preventative Controls
25
Best Practice
REMOVE NOISE START SMALL AND BUILD
REVIEW AND UPDATE
26
Get visibility into your physical estate; it will set your team free
Understand end-to-end transactions relate that back to business needs
Gain insight into your transactions, tweak logging, determine what to log and what that data means
Look for a range of attack indicators, compare against normal to determine good/bad traffic profiles
Use simple detections to create complex behavior based rules
What You Can Start Doing
Security office hours: 11:00 AM – 2:00 PM @Room 103 Everyday
Geek out, share ideas with Enterprise Security developers Red Team / Blue Team - Challenge your skills and learn new tricks Mon-Wed: 3:00 PM – 6:00 PM @Splunk Community Lounge Thurs: 11:00 AM – 2:00 PM
Learn, share and hack
Birds of a feather- Collaborate and brainstorm with security ninjas Thurs: 12:00 PM – 1:00 PM @Meal Room
Recommended