![Page 1: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/1.jpg)
SkyiD Securing Customer Facing Apps Heineken Cup Rugby
![Page 2: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/2.jpg)
Greetings! I’m Mark Debney
![Page 3: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/3.jpg)
3
laptop
The Shape of BSkyB
![Page 4: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/4.jpg)
4
SkyiD
![Page 5: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/5.jpg)
5
SkyiD within BSkyB
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT SERVICES
laptop
![Page 6: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/6.jpg)
6
The SkyiD Security Team
Identity Incidents Investigations
![Page 7: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/7.jpg)
7
So What About SkyiD and Splunk?
CAPACITY VS
SECURITY
![Page 8: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/8.jpg)
Despicable Me 2
Capacity Monitoring capacity of the applications and the physical estate
![Page 9: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/9.jpg)
9
Real Time Performance Reporting to Every Service & Ops Team
Capacity and Business Need
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT SERVICES
laptop
![Page 10: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/10.jpg)
10
Capacity and SkyiD Applications
FREQUENCY
SPEED
ENDURANCE
![Page 11: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/11.jpg)
11
Traffic Profile of SkyiD Applications
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
![Page 12: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/12.jpg)
12
Measuring the Authentication Transaction
StopWatch > end to end performance
![Page 13: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/13.jpg)
13
Capacity and the Physical Estate
PHYSICAL RESOURCES CONSISTENCY
![Page 14: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/14.jpg)
14
Holistic view of infrastructure
Managing Physical Capacity
SUBSCRIBERS
30 million SkyiD accounts, accessing 30-40 Sky services
AUTH & SESSION MANAGMENT
SERVICES
laptop
![Page 15: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/15.jpg)
Security The Walking Dead
![Page 16: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/16.jpg)
16
Dedicated SkyiD Security Team
Team Composition
Devs QA Application teams DevOps
![Page 17: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/17.jpg)
17
Easy to Detect Attacks
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success Failure
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Normal
Success Failure
Brute Force Attack
![Page 18: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/18.jpg)
18
Single Service Attacks
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
![Page 19: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/19.jpg)
19
A Closer Look
23:00 0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure
![Page 20: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/20.jpg)
20
False Positive
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success
Failure Sign up
![Page 21: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/21.jpg)
21
A Closer Look
0:00 1:00 2:00 3:00 4:00 5:00 6:00 7:00 8:00 9:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00
Success Failure Sign up
![Page 22: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/22.jpg)
22
Elements and Indicators of Attacks
USERNAME ServiceName
INTERNAL IP
DATE
TIME
Successful
InvalidCredentials
errorCode aliasType
HTTP Status Codes
UR
L
User A
gent
Country code
Java Call
![Page 23: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/23.jpg)
23
Behavior Based Rules
Next Actions: Compare attributes across multiple transactions
Historical logs for the user and IP
USERNAME
TIME
Country code
![Page 24: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/24.jpg)
24
Tools of the Security Team
Visualization Behavior Based Rules Preventative Controls
![Page 25: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/25.jpg)
25
Best Practice
REMOVE NOISE START SMALL AND BUILD
REVIEW AND UPDATE
![Page 26: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/26.jpg)
26
Get visibility into your physical estate; it will set your team free
Understand end-to-end transactions relate that back to business needs
Gain insight into your transactions, tweak logging, determine what to log and what that data means
Look for a range of attack indicators, compare against normal to determine good/bad traffic profiles
Use simple detections to create complex behavior based rules
What You Can Start Doing
![Page 27: SkyiD - SplunkConf · accessing 30-40 Sky services AUTH & SESSION MANAGMENT SERVICES laptop 10 Capacity and SkyiD Applications FREQUENCY SPEED ENDURANCE 11 Traffic Profile of SkyiD](https://reader034.vdocuments.net/reader034/viewer/2022052014/602bc7a681f1a87d8e7276d6/html5/thumbnails/27.jpg)
Security office hours: 11:00 AM – 2:00 PM @Room 103 Everyday
Geek out, share ideas with Enterprise Security developers Red Team / Blue Team - Challenge your skills and learn new tricks Mon-Wed: 3:00 PM – 6:00 PM @Splunk Community Lounge Thurs: 11:00 AM – 2:00 PM
Learn, share and hack
Birds of a feather- Collaborate and brainstorm with security ninjas Thurs: 12:00 PM – 1:00 PM @Meal Room