iiNet’s Web analytics delivers real-time security bonus

A Website analytics tool, originally implemented by Internet service provider iiNet to gauge customer reaction to changes to its online applications, has delivered an unexpected bonus by allowing the company’s technical staff to detect and monitor hacking attempts in real time.

iiNet’s implementation of the Splunk real-time intelligence tool was originally designed to provide “marketing metrics to determine how the user experience is going,” iiNet development manager Mark McDonald told attendees at this week’s SplunkLive! Conference in Melbourne.

In the past, Web metrics had been collated using data from Omniture, whose suite forms part of the hosted Adobe Marketing Cloud. However, limitations on the use of the data drove McDonald to look for a deeper-level tool for analytics to support the work done by his ten-strong development team in maintaining iiNet’s Toolbox customer portal.

“We wanted to know how many people were hitting the site, whether they were buying things, and whether changing the colour of a button would sell more widgets,” he explained. “The Adobe metrics is good data, but it doesn’t address the effect of what’s happening inside, and doesn’t really help you look at what the cause of the problem is.”

Splunk provided that, allowing the team to track visitors’ experiences across all of its sites. Statistics on page loads, new visitors, traffic sources, and more are grouped into real-time dashboards providing great visibility for the platform, and performance monitoring of its servers.

This allowed developers to post an updated feature, then measure its effect on overall site performance, and quickly tweak again to see the effect. It also supported iiNet’s move to introduce a measure of customer ‘happiness’ – icons of a smiley face, sad face and indifferent face added to iiNet pages and used to ask customers how they are feeling.

“We’ve gotten a heap of data out of that, and it’s great to be able to see which things about the site they’re struggling with or enjoying the most.”

Yet as Splunk became tightly embedded with the team’s development processes, it became clear that it could be used for proactive monitoring of hacking attempts on iiNet’s customer-facing sites.

“We were having a bit of a search around through the logs and saw what looked like a suspicious query string in one of the Web server logs,” McDonald recalled. “It looked like someone was trying to do a remote file traversal exploit, so we had a look at what they were trying to do.”

Further digging into the data revealed that the site was being hit by someone trying a variety of approaches to compromise the site, including SQL injections and other attacks. The iiNet team then used the real-time Splunk capabilities to watch the ongoing attempts to breach the site’s security.

“We were able to watch this guy trying to break into our site in real time,” he said, “just going through the different hack attempts. We got his IP address, send it through to our security team and told them to check it out because this guy wasn’t mucking around.”

As it turns out, the intruder wasn’t able to penetrate the site: the security team advised that iiNet had previously already run extensive pen testing as part of its PCI DSS compliance work. However, having learned firsthand that its tools could be used for security as well as user-experience testing, the team built out additional reports that it uses to monitor security-related statistics.

For example, “in a matter of minutes we were able to whip up a real-time map dashboard showing where all of the international logins were coming from,” McDonald said, “and people accessing Toolbox who weren’t our customers.”

“We only sell products within Australia, to Australian households – but we found over seven days that we had all of these international logins within this window, which was insane. We did not expect that to happen at all, and we had no idea there were that many people trying to get to our Toolbox internationally. That was a pretty cool insight to find.”

Join the CSO newsletter!

Error: Please check your email address.

Tags SplunkLive ConferenceAdobe Marketing cloudWebsite analytics toolsplunkiiNet

More about Adobe SystemsIinetOmnitureSplunk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts