BSkyB turns to Splunk to help detect hacks on Sky customer accounts

Software introduced as cyber attacks continue to rise

British Sky Broadcasting (BSkyB) is deploying Splunk's data management platform to help it detect when hackers are trying to access Sky customer accounts.

The move comes as Rupert Murdoch's media empire, and others organisations like it, are targeted by an increasing number of sophisticated cyber attacks that aim to steal user's bank details, email addresses and other personal data.

Mark Debney, principal engineer of developer operations at BSkyB, told ComputerworldUK that the Splunk Enterprise platform, which is designed to help businsses derive insights from their data, enables the Sky "identity" team to monitor each customer's login behaviour better than before.

"If you have a user that repeatedly tries to sign in constantly and fails, that might indicate they've either just forgotten their password or it might indicate there's actually someone who is trying to hack into their account," he said at Splunk's annual conference in Las Vegas today. "If a user successfully signs in from one country and then half an hour later they sign in from another country that might dictate either one of those or both of those was not an accurate log in.

"We use Splunk to create a number of different rules in real time and look for those sorts of events."

In terms of the log in rules that Splunk analyses, they go from being "very simple" to "very complicated", according to Debney.

Each time a log in attempt is made, BSkyB uses Splunk's software to compare it to previous log in attempts. "You either find more attacks or dismiss it as normal behaviour," said Debney.

Previously, BSkyB created its own in house tools and rules that looked at customer log in behaviour.

"It was a constant development keeping them up to date and actually being able to scale these security tools to deal with the capacity was getting harder and harder," said Debney. "It's possible to do but do you really want to spend your time paying for a development team when there are other things you could be focusing on like the rules themselves?"

BSkyB has been using Splunk in the proof of concept phase over the last year but Debney, who oversees a team of five developers and three network administrators, said the company is now ready to install and set up a true Splunk environment.

"We're looking at rolling out in the next three weeks," he said. "It's all racked and stacked now. It's just a case of installing it and transferring the rules across from our proof of concept onto the final system."

According to Debney, other project teams at BSkyB have followed the trial carried out by the identity group and are now keen to implement the software across their own departnments.

"There's loads of other teams that are now saying you guys are looking at Splunk; is this something we should be looking at?" he said. "I'm talking with other teams within Sky to help them figure out what their Splunk instance should look like. At the moment it looks like there could be several quite large instances within Sky all doing slightly different things."

Splunk also counts organisations such as John Lewis and Barclays among its UK customers.

Join the CSO newsletter!

Error: Please check your email address.

Tags BSkyBCreative & MediaapplicationssecuritysplunkcomputerworldsoftwareIT Business

More about British Sky BroadcastingSplunk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sam Shead

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts