British Sky Broadcasting (BSkyB) has deployed operational intelligence platform Splunk to monitor cyber attacks which are aimed at compromising Sky users’ accounts.
Mark Debney, principal engineer of developer operations at BSkyB told Computing at splunk.conf in Las Vegas, that BSkyB had created a range of in-house development tools a few years ago in an attempt at securing customer accounts.
The company used that created dashboards using behaviour-based rules but with a raft of new services coming in – such as Now TV – Sky’s capacity requirements were growing and the organisation had to make a decision on what the best strategy would be to manage the growth.
“It was a case of either investing more money in a development team that could scale these security appliances or looking at another third party that could do the same sort of thing and that’s when we stumbled across Splunk,” Debney explains.
The company also considered using Elasticsearch kibana on the backend and maintaining a development team which would create apps but Debney decided that Splunk was a better fit for Sky’s needs.
According to Debney, the Splunk proof of concept was put together swiftly on virtual machines.
“Even then it performs really well so on dedicated hardware we’re expecting really good things,” he says.The firm brought in a professional services firm to help with the transition from Sky’s development tools to Splunk.
“The [BSkyB] guys already had a good idea of what data was in the logs, what rules they wanted and it was pretty easy to translate what they had written in Java code for our own apps into Splunk,” he says.
The company is now looking into using more real-time dashboards to get visibility for its own development and security teams as well as other teams from operation engineering, capacity management and monitoring.
“We want to be able to present the teams with nice dashboards to see what information they need without having to compromise the identity platform’s own security,” Debney says.
Debney believes that Splunk will soon be used across BSkyB, with numerous departments already showing a keen interest in the platform.
“I don’t think it will be a hard sell, we’ve been approached by a number of areas within Sky that have looked at Splunk and they’re asking us what our experience has been … there has been a lot of talk about moving to Splunk.
“Once we are set up with our two main use cases, I think there will be a big push to see what else we can use it for. If we can get people from the business to access the dashboards themselves then that would be fantastic and I think it’s going to go in that direction,” says Debney.