The American stock exchange NASDAQ is attempting to shield itself from the security vulnerability known as “Shellshock” or “The Bash Bug”, with the help of operational intelligence platform Splunk.
The security flaw has been discovered in Linux-based software called Bash – also common on Apple Mac operating systems – and it has been claimed that it could be exploited to take control of any other system that uses Bash software.
Despite Linux and Unix vendors, as well as Apple having released patches for the vulnerability, end users could still be vulnerable to the flaw, and recent reports suggest that similar Shellshock-like remote code execution is possible on Windows systems too.
At splunk.conf 2014 in Las Vegas, NASDAQ CISO Mark Graff told delegates that the company is using Splunk’s platform in a bid to patch and vulernable systems which could be exposed by attackers.
The company had previously used Splunk to help with the Heartbleed bug, which was said to allow “anyone on the internet” to read the memory of systems protected by vulnerable versions of OpenSSL.
When the Heartbleed bug became public knowledge, Graff suggested that it became a race between attackers trying to make use of the flaw, and the defence trying to patch it in time.
NASDAQ built a dashboard using Splunk on the day that Heartbleed was made public.
“We wrote it on the same day and ran it, and it’s really fundamental to our defence,” Gradd explained.
He said that NASDAQ‘s systems are always targeted with attacks, and in this case it had 500 outward facing websites which were vulnerable.
“We wanted to track if someone was coming after us and see which system they were trying to get into, and find out whether the system is vulnerable or not and whether it can be patched if it is,” Graff said.
He presented the dashboard that one of NASDAQ’s developers built using Splunk, with charts showing the number of vulnerable systems against the number of attacks, and a detector to highlight which systems could be hacked.
“I knew they were going to come after us but the question was whether we could beat them,” Graff said.
The company eventually got its vulnerable systems patched and according to Graff, NASDAQ “beat” the attackers.
The company will be using Splunk in a similar way to help it with Shellshock, which has been deemed “worse than Heartbleed”.
NASDAQ had initially implemented Splunk as a security information and event management (SIEM) tool, and is now working on refining its applications and the way it responds to intrusions. Graff said that he hopes “to get to the point where the enterprise will defend itself”.