SlideShare una empresa de Scribd logo

Splunk for ibtrm

G
Greg Hanchin

Splunk for IBTRM

1 de 2
Descargar para leer sin conexión
Addressing the Internet Banking and Technology Risk Management (IBTRM) Guidelines from the Monetary Authority of Singapore Splunk App for IBTRM v3 F A C T S H E E T data from an asset management system that contains the system priority classifications, the user is able to work to remediate issues based on set priorities. Non-administrative IBTRM Security and Control Objectives (4.0): Data Confidentiality (4.1) Splunk provides the ability to monitor log data for confidential information such as credit cards. In some cases this information is needed when troubleshooting application issues. To use this data while protecting confidential information, Splunk can mask portions of the sensitive information from non-authorized users. Splunk can be used to monitor system configuration to make sure that particular encryption settings are in place for SSL and SSH. Configuration changes can also be monitored to ensure none take place outside of established time windows. Splunk can also log user access records and generate reports to provide an audit trail for cryptographic key access. System Integrity (4.2) Banking application logs can be monitored in real time to ensure that transactions happen in sequence and that the average time for banking transactions is used as a key performance metric. Also, application error rates can be monitored over time to indicate potential problems. This is particularly important when new versions of custom applications are tested and released to production. Log data records and transaction access logs comprise a comprehensive solution for PCI secure log collection, and as part of this the logs are signed to prevent tampering. System Availability (4.3) Log data contains important information that can indicate the reliability and usage of systems in the enterprise architecture. Monitoring systems for CPU utilization over time helps with capacity planning, improves reliability and can offer an understanding of the resiliency of the architecture. Metrics dashboards to track traffic volumes and transactions on a continual basis allow you to not only monitor the network and applications but also provide higher levels of customer satisfaction. Customer and Transaction Authenticity (4.4) Monitoring customer transactions in real-time for correct and complete authentication is the key tenant of IBTRM customer transaction authenticity control requirement. Splunk was built with this in mind and can monitor transactions represented in log data that mean transactions above pre-set values, creation of new account linkages, registration of third-party payee details, changes in account details and changes to fund transfer limits. Through the Splunk look-up feature, account limitation details that may reside in other parts of the infrastructure can be viewed in reports and dashboards along with customer transaction details. The Challenges of Risk Management In 2008, the Monetary Authority of Singapore (MAS) updated the Internet Banking and Technology Risk Management (IBTRM) Guidelines. The Guidelines aims to assist banks in: • Establishing a sound and robust technology risk management framework • Strengthening system security, reliability and availability • Deploying strong cryptography and authentication mechanisms to protect customer data and transactions Quoting the IBTRM v3, “Banks face the challenge of adapting, innovating and responding to the opportunities posed by computer systems, telecommunications, networks, and other technology-related solutions to dive their businesses.” The on-going understanding of risk to the bank translates to higher levels of trust from customers across the globe and differentiation from other banking centers. The new version of IBTRM provides expanded guidance for combating cyber threats and attacks, including emerging cyber exploits such as middleman attacks. It also recommends enhanced technology risk management requirements for strengthening system, network and infrastructure security, and articulates stronger procedures for system development and security testing. Why Splunk? Operational Intelligence and Continuous Monitoring Splunk Enterprise can collect any time-stamped ASCII text data in real-time without the use of special connectors typically associated with log collection and security and event management systems. Splunk allows the user to add knowledge from external sources and view this information in reports and dashboards. Using Splunk for IBTRM compliance The IBTRM requires that specific banking industry vertical strategies are established to meet the Security and Control objectives of: • Data Confidentiality • System Integrity • System Availability • Customer and Transaction Authenticity • Customer Protection By using Splunk as a central repository for security and application log data, as well as other third-party data, specific IBTRM requirements can be met. For example, log data may indicate a breach of data confidentiality on several systems but the log data doesn’t prioritize high value assets from those that are not. The question becomes where to start. By integrating
www.splunk.comlisten to your data 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com F A C T S H E E T Copyright © 2012 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-Splunk-IBTRM-101 • Monitor security system data suspicious traffic, intrusion attempts, and violations of bank security policies (Security Practices 5.2) • Monitor file system time/date changes for activities that happen outside of authorized change windows (Security Practices 5.2) • When developing applications, Splunk can be used to troubleshoot bugs and system errors to detect application vulnerabilities (System Development Life Cycle 6.1) Features • Indexes machine data across the IT infrastructure • Monitors configuration file changes • Automates compliance reporting across all components • Flexible and fast to meet auditor data request in seconds • Accelerates mandated daily audit trail review with event classification, visualization and tagging • Flexible alerting and reporting across machine data • Secure, policy-based remote access to IT data mitigates the impact and violations of access restrictions • Lets you share alerts/data with service providers & other tools • Alerts can trigger automated actions to immediately react to certain conditions. • Accelerated reporting across compliance mandated controls, from firewall configuration to password It’s also important to monitor the transactions for total time as a key infrastructure metric. This can effect customer service and indicate security or application issues related to risk. Customer Protection (4.5) The popularity of on-line banking continues to grow at a rapid pace in maturing markets all over the world. Customer protection through proper authorization is a requirement prior to accessing sensitive data. Banks have become a popular target for phishing, spoofing, spamming, viruses, worms, Trojan horses, trapdoors, key loggers, spyware, and other types of attacks. These sorts of attacks can create financial and reputation losses. The Zeus malware is an example that has been seen in a variety of variants each potentially more potent than the last. Zeus started out as malware that specifically targeted customer- banking passwords stored on their PCs but has more recently been seen on eastern-bloc ATM machine operating systems collecting account information and PIN numbers. Splunk can be configured to monitor malware patterns and reduce risk. In many instances root cause analysis requires the security team to view log data that may contain private data. Splunk has the ability obfuscate credit card and PIN numbers so that the user can view the data for forensics purposes without violating payment card industry (PCI) requirements. Other Benefits of Using Splunk for IBTRM Security system and application monitoring go hand-in-hand when implementing risk reduction. Anything impacting the acquisition of customers, revenue, expenses or reputation should be examined and where possible mitigated. The Splunk ability to collect any IT data means that application and security system data can be viewed together for complete investigations of customer risk related events. Splunk can be implemented in ways that compliment the core security components of IBTRM: • Monitor physical security access logs for unauthorized access to areas where critical data is stored (5.1 HR Management) • Implement Splunk native capabilities to ensure role-based access for segregation of duties (5.1 HR Management) • Collect, monitor and alert on access control issues related to employees, service providers, and others (5.1 HR Management) • Utilize audit capabilities to monitor users of Splunk to ensure timely use and viewing of report data (5.1 HR Management) F A C T S H E E T Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com.

Recomendados

Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEMSecureData Europe
 
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features rver21
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
SIEM
SIEMSIEM
SIEMvikasraina
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 

Recomendados

Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyJonathanPritchard12
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEMSecureData Europe
 
Joe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo-ASQ Presentation
Joe Buonomo-ASQ PresentationJoe Buonomo
 
LTS Secure SIEM Features
LTS Secure SIEM Features LTS Secure SIEM Features
LTS Secure SIEM Features rver21
 
Changing the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoChanging the Security Monitoring Status Quo
Changing the Security Monitoring Status QuoEMC
 
SIEM
SIEMSIEM
SIEMvikasraina
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEMPatten John
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fismaGreg Hanchin
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security models
Security models Security models
Security models LJ PROJECTS
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information SystemsDr. Rosemarie Sibbaluca-Guirre
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkPrecisely
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 
Central Bank,Mas
Central Bank,MasCentral Bank,Mas
Central Bank,MasAnas ali
 
Introduciton to Python
Introduciton to PythonIntroduciton to Python
Introduciton to PythonMoshe Kaplan
 

Más contenido relacionado

La actualidad más candente

IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiyMohsin Ali
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices FrameworkSujata Raskar
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityPrecisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models7wounders
 
Security models
Security models Security models
Security models LJ PROJECTS
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)rver21
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?VISTA InfoSec
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkPrecisely
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationPrecisely
 

La actualidad más candente (20)

IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Log maintenance network securiy
Log maintenance network securiyLog maintenance network securiy
Log maintenance network securiy
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
Application security Best Practices Framework
Application security Best Practices FrameworkApplication security Best Practices Framework
Application security Best Practices Framework
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and Auditing
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
What is SIEM
What is SIEMWhat is SIEM
What is SIEM
 
Splunk for fisma
Splunk for fismaSplunk for fisma
Splunk for fisma
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Security models
Security models Security models
Security models
 
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM) LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
LTS SECURE SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
 
What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?What is a Firewall Risk Assessment?
What is a Firewall Risk Assessment?
 
Security and Control Issues in information Systems
Security and Control Issues in information SystemsSecurity and Control Issues in information Systems
Security and Control Issues in information Systems
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in SplunkGet Mainframe Visibility to Enhance SIEM Efforts in Splunk
Get Mainframe Visibility to Enhance SIEM Efforts in Splunk
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & AnonymizationSecurity 101: Protecting Data with Encryption, Tokenization & Anonymization
Security 101: Protecting Data with Encryption, Tokenization & Anonymization
 

Destacado

Central Bank,Mas
Central Bank,MasCentral Bank,Mas
Central Bank,MasAnas ali
 
Introduciton to Python
Introduciton to PythonIntroduciton to Python
Introduciton to PythonMoshe Kaplan
 
Introduction to Big Data
Introduction to Big DataIntroduction to Big Data
Introduction to Big DataMoshe Kaplan
 
Spark and C Integration
Spark and C IntegrationSpark and C Integration
Spark and C IntegrationMoshe Kaplan
 
Web systems architecture, Performance and More
Web systems architecture, Performance and MoreWeb systems architecture, Performance and More
Web systems architecture, Performance and MoreMoshe Kaplan
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNKGreg Hanchin
 
Splunk Application logging Best Practices
Splunk Application logging Best PracticesSplunk Application logging Best Practices
Splunk Application logging Best PracticesGreg Hanchin
 

Destacado (7)

Central Bank,Mas
Central Bank,MasCentral Bank,Mas
Central Bank,Mas
 
Introduciton to Python
Introduciton to PythonIntroduciton to Python
Introduciton to Python
 
Introduction to Big Data
Introduction to Big DataIntroduction to Big Data
Introduction to Big Data
 
Spark and C Integration
Spark and C IntegrationSpark and C Integration
Spark and C Integration
 
Web systems architecture, Performance and More
Web systems architecture, Performance and MoreWeb systems architecture, Performance and More
Web systems architecture, Performance and More
 
NUTANIX and SPLUNK
NUTANIX and SPLUNKNUTANIX and SPLUNK
NUTANIX and SPLUNK
 
Splunk Application logging Best Practices
Splunk Application logging Best PracticesSplunk Application logging Best Practices
Splunk Application logging Best Practices
 

Similar a Splunk for ibtrm

Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002Greg Hanchin
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfaotmp2600
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for complianceGreg Hanchin
 
Soc security-analytics
Soc security-analyticsSoc security-analytics
Soc security-analyticsbharti singhal
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk
 
IRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural AnalyticsIRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural AnalyticsIRJET Journal
 
Soc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoftSoc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosofthardik soni
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSridhar Karnam
 
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsAnton Chuvakin
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTSplunk
 
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsAnton Chuvakin
 
How to choose the best IT infrastructure monitoring tool for your business
How to choose the best IT infrastructure monitoring tool for your businessHow to choose the best IT infrastructure monitoring tool for your business
How to choose the best IT infrastructure monitoring tool for your businessDevLabs Global
 
Benefits of network monitoring for Businesses
Benefits of network monitoring for BusinessesBenefits of network monitoring for Businesses
Benefits of network monitoring for BusinessesGrace Stone
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunk
 
TROIA e-catalogue_EN
TROIA e-catalogue_ENTROIA e-catalogue_EN
TROIA e-catalogue_ENSaraLampret
 
Session Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderSession Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderBMST
 
Product description shell control box 4 lts
Product description shell control box 4 ltsProduct description shell control box 4 lts
Product description shell control box 4 ltsmchatoramhuru
 

Similar a Splunk for ibtrm (20)

Splunk guide for_iso_27002
Splunk guide for_iso_27002Splunk guide for_iso_27002
Splunk guide for_iso_27002
 
Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditing
 
Why Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdfWhy Regular Audits are Necessary in IT Asset Management.pdf
Why Regular Audits are Necessary in IT Asset Management.pdf
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Splunk for compliance
Splunk for complianceSplunk for compliance
Splunk for compliance
 
Soc security-analytics
Soc security-analyticsSoc security-analytics
Soc security-analytics
 
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
Splunk MINT for Mobile Intelligence and Splunk App for Stream for Enhanced Op...
 
Leveraging Log Management to provide business value
Leveraging Log Management to provide business valueLeveraging Log Management to provide business value
Leveraging Log Management to provide business value
 
IRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural AnalyticsIRJET- Two Factor Authentication using User Behavioural Analytics
IRJET- Two Factor Authentication using User Behavioural Analytics
 
Soc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoftSoc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoft
 
Securing your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWPSecuring your IT infrastructure with SOC-NOC collaboration TWP
Securing your IT infrastructure with SOC-NOC collaboration TWP
 
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and Operations
 
What’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINTWhat’s New: Splunk App for Stream and Splunk MINT
What’s New: Splunk App for Stream and Splunk MINT
 
Log Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and OperationsLog Analysis Across System Boundaries for Security, Compliance, and Operations
Log Analysis Across System Boundaries for Security, Compliance, and Operations
 
How to choose the best IT infrastructure monitoring tool for your business
How to choose the best IT infrastructure monitoring tool for your businessHow to choose the best IT infrastructure monitoring tool for your business
How to choose the best IT infrastructure monitoring tool for your business
 
Benefits of network monitoring for Businesses
Benefits of network monitoring for BusinessesBenefits of network monitoring for Businesses
Benefits of network monitoring for Businesses
 
SplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and LogsSplunkLive! Zurich 2018: Integrating Metrics and Logs
SplunkLive! Zurich 2018: Integrating Metrics and Logs
 
TROIA e-catalogue_EN
TROIA e-catalogue_ENTROIA e-catalogue_EN
TROIA e-catalogue_EN
 
Session Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior RecorderSession Auditor - Transparent Network Behavior Recorder
Session Auditor - Transparent Network Behavior Recorder
 
Product description shell control box 4 lts
Product description shell control box 4 ltsProduct description shell control box 4 lts
Product description shell control box 4 lts
 

Más de Greg Hanchin

Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchangeGreg Hanchin
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threatGreg Hanchin
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43courseGreg Hanchin
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administrationGreg Hanchin
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Greg Hanchin
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 courseGreg Hanchin
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43courseGreg Hanchin
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline Greg Hanchin
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk AdministrationGreg Hanchin
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionGreg Hanchin
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk courseGreg Hanchin
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsGreg Hanchin
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Greg Hanchin
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_briefGreg Hanchin
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduceGreg Hanchin
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktopGreg Hanchin
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_altoGreg Hanchin
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connectGreg Hanchin
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directoryGreg Hanchin
 

Más de Greg Hanchin (20)

Splunk for exchange
Splunk for exchangeSplunk for exchange
Splunk for exchange
 
Splunk for cyber_threat
Splunk for cyber_threatSplunk for cyber_threat
Splunk for cyber_threat
 
Splunk Searching and reporting 43course
Splunk Searching and reporting 43courseSplunk Searching and reporting 43course
Splunk Searching and reporting 43course
 
Advanced Splunk 50 administration
Advanced Splunk 50 administrationAdvanced Splunk 50 administration
Advanced Splunk 50 administration
 
Advanced searching and reporting 50 course
Advanced searching and reporting 50 course Advanced searching and reporting 50 course
Advanced searching and reporting 50 course
 
Administering splunk 43 course
Administering splunk 43 courseAdministering splunk 43 course
Administering splunk 43 course
 
Using splunk43course
Using splunk43courseUsing splunk43course
Using splunk43course
 
Using Splunk course outline
Using Splunk course outline Using Splunk course outline
Using Splunk course outline
 
Advanced Splunk Administration
Advanced Splunk AdministrationAdvanced Splunk Administration
Advanced Splunk Administration
 
Splunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class descriptionSplunk Advanced searching and reporting Class description
Splunk Advanced searching and reporting Class description
 
Administering Splunk course
Administering Splunk courseAdministering Splunk course
Administering Splunk course
 
Splunk Searching and Reporting Class Details
Splunk Searching and Reporting Class DetailsSplunk Searching and Reporting Class Details
Splunk Searching and Reporting Class Details
 
Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring Splunk FISMA for Continuous Monitoring
Splunk FISMA for Continuous Monitoring
 
Splunk forwarders tech_brief
Splunk forwarders tech_briefSplunk forwarders tech_brief
Splunk forwarders tech_brief
 
Splunk and map_reduce
Splunk and map_reduceSplunk and map_reduce
Splunk and map_reduce
 
Splunk for xen_desktop
Splunk for xen_desktopSplunk for xen_desktop
Splunk for xen_desktop
 
Splunk for palo_alto
Splunk for palo_altoSplunk for palo_alto
Splunk for palo_alto
 
Splunk for f5
Splunk for f5Splunk for f5
Splunk for f5
 
Splunk for db_connect
Splunk for db_connectSplunk for db_connect
Splunk for db_connect
 
Splunk for active_directory
Splunk for active_directorySplunk for active_directory
Splunk for active_directory
 

Splunk for ibtrm

  • 1. Addressing the Internet Banking and Technology Risk Management (IBTRM) Guidelines from the Monetary Authority of Singapore Splunk App for IBTRM v3 F A C T S H E E T data from an asset management system that contains the system priority classifications, the user is able to work to remediate issues based on set priorities. Non-administrative IBTRM Security and Control Objectives (4.0): Data Confidentiality (4.1) Splunk provides the ability to monitor log data for confidential information such as credit cards. In some cases this information is needed when troubleshooting application issues. To use this data while protecting confidential information, Splunk can mask portions of the sensitive information from non-authorized users. Splunk can be used to monitor system configuration to make sure that particular encryption settings are in place for SSL and SSH. Configuration changes can also be monitored to ensure none take place outside of established time windows. Splunk can also log user access records and generate reports to provide an audit trail for cryptographic key access. System Integrity (4.2) Banking application logs can be monitored in real time to ensure that transactions happen in sequence and that the average time for banking transactions is used as a key performance metric. Also, application error rates can be monitored over time to indicate potential problems. This is particularly important when new versions of custom applications are tested and released to production. Log data records and transaction access logs comprise a comprehensive solution for PCI secure log collection, and as part of this the logs are signed to prevent tampering. System Availability (4.3) Log data contains important information that can indicate the reliability and usage of systems in the enterprise architecture. Monitoring systems for CPU utilization over time helps with capacity planning, improves reliability and can offer an understanding of the resiliency of the architecture. Metrics dashboards to track traffic volumes and transactions on a continual basis allow you to not only monitor the network and applications but also provide higher levels of customer satisfaction. Customer and Transaction Authenticity (4.4) Monitoring customer transactions in real-time for correct and complete authentication is the key tenant of IBTRM customer transaction authenticity control requirement. Splunk was built with this in mind and can monitor transactions represented in log data that mean transactions above pre-set values, creation of new account linkages, registration of third-party payee details, changes in account details and changes to fund transfer limits. Through the Splunk look-up feature, account limitation details that may reside in other parts of the infrastructure can be viewed in reports and dashboards along with customer transaction details. The Challenges of Risk Management In 2008, the Monetary Authority of Singapore (MAS) updated the Internet Banking and Technology Risk Management (IBTRM) Guidelines. The Guidelines aims to assist banks in: • Establishing a sound and robust technology risk management framework • Strengthening system security, reliability and availability • Deploying strong cryptography and authentication mechanisms to protect customer data and transactions Quoting the IBTRM v3, “Banks face the challenge of adapting, innovating and responding to the opportunities posed by computer systems, telecommunications, networks, and other technology-related solutions to dive their businesses.” The on-going understanding of risk to the bank translates to higher levels of trust from customers across the globe and differentiation from other banking centers. The new version of IBTRM provides expanded guidance for combating cyber threats and attacks, including emerging cyber exploits such as middleman attacks. It also recommends enhanced technology risk management requirements for strengthening system, network and infrastructure security, and articulates stronger procedures for system development and security testing. Why Splunk? Operational Intelligence and Continuous Monitoring Splunk Enterprise can collect any time-stamped ASCII text data in real-time without the use of special connectors typically associated with log collection and security and event management systems. Splunk allows the user to add knowledge from external sources and view this information in reports and dashboards. Using Splunk for IBTRM compliance The IBTRM requires that specific banking industry vertical strategies are established to meet the Security and Control objectives of: • Data Confidentiality • System Integrity • System Availability • Customer and Transaction Authenticity • Customer Protection By using Splunk as a central repository for security and application log data, as well as other third-party data, specific IBTRM requirements can be met. For example, log data may indicate a breach of data confidentiality on several systems but the log data doesn’t prioritize high value assets from those that are not. The question becomes where to start. By integrating
  • 2. www.splunk.comlisten to your data 250 Brannan St, San Francisco, CA, 94107 info@splunk.com | sales@splunk.com 866-438-7758 | 415-848-8400 www.splunkbase.com F A C T S H E E T Copyright © 2012 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-Splunk-IBTRM-101 • Monitor security system data suspicious traffic, intrusion attempts, and violations of bank security policies (Security Practices 5.2) • Monitor file system time/date changes for activities that happen outside of authorized change windows (Security Practices 5.2) • When developing applications, Splunk can be used to troubleshoot bugs and system errors to detect application vulnerabilities (System Development Life Cycle 6.1) Features • Indexes machine data across the IT infrastructure • Monitors configuration file changes • Automates compliance reporting across all components • Flexible and fast to meet auditor data request in seconds • Accelerates mandated daily audit trail review with event classification, visualization and tagging • Flexible alerting and reporting across machine data • Secure, policy-based remote access to IT data mitigates the impact and violations of access restrictions • Lets you share alerts/data with service providers & other tools • Alerts can trigger automated actions to immediately react to certain conditions. • Accelerated reporting across compliance mandated controls, from firewall configuration to password It’s also important to monitor the transactions for total time as a key infrastructure metric. This can effect customer service and indicate security or application issues related to risk. Customer Protection (4.5) The popularity of on-line banking continues to grow at a rapid pace in maturing markets all over the world. Customer protection through proper authorization is a requirement prior to accessing sensitive data. Banks have become a popular target for phishing, spoofing, spamming, viruses, worms, Trojan horses, trapdoors, key loggers, spyware, and other types of attacks. These sorts of attacks can create financial and reputation losses. The Zeus malware is an example that has been seen in a variety of variants each potentially more potent than the last. Zeus started out as malware that specifically targeted customer- banking passwords stored on their PCs but has more recently been seen on eastern-bloc ATM machine operating systems collecting account information and PIN numbers. Splunk can be configured to monitor malware patterns and reduce risk. In many instances root cause analysis requires the security team to view log data that may contain private data. Splunk has the ability obfuscate credit card and PIN numbers so that the user can view the data for forensics purposes without violating payment card industry (PCI) requirements. Other Benefits of Using Splunk for IBTRM Security system and application monitoring go hand-in-hand when implementing risk reduction. Anything impacting the acquisition of customers, revenue, expenses or reputation should be examined and where possible mitigated. The Splunk ability to collect any IT data means that application and security system data can be viewed together for complete investigations of customer risk related events. Splunk can be implemented in ways that compliment the core security components of IBTRM: • Monitor physical security access logs for unauthorized access to areas where critical data is stored (5.1 HR Management) • Implement Splunk native capabilities to ensure role-based access for segregation of duties (5.1 HR Management) • Collect, monitor and alert on access control issues related to employees, service providers, and others (5.1 HR Management) • Utilize audit capabilities to monitor users of Splunk to ensure timely use and viewing of report data (5.1 HR Management) F A C T S H E E T Free Download Download Splunk for free. You’ll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting sales@splunk.com.