AccelOps Saves Cyber Monday

Ask Ray Keller, CEO of security services provider Intelink, to describe his worst nightmare and he sneers with a stiff upper lip like his idol John Wayne: “down time on Cyber Monday.” Intelink monitors a complex network of servers, applications, databases, storage arrays, firewalls, and networking gear for hundreds of retail customers. 

While you and I engaged in acts of mass consumerism December 1, Ray’s team was on high alert making sure no threats compromised the performance or security of his customers’ businesses. Each day, Intelink processes more than a billion events and correlates them against thousands of patterns to detect anomalies. This past Cyber Monday that number spiked to nine billion or roughly 104k events per second.

No anomalies the first hour. None the second or third. It wasn’t until 4:35 AM GMT that trouble surfaced. A Masque Attack was detected from a single buyer’s iPhone. It generated a traffic spike when malicious HTTPS requests flooded a shoe retailer’s e-commerce site. Before performance degraded Ray’s NOC team saw the security dashboard light up like a Christmas tree. 

AccelOps triggered the first incident by detecting deviations from the ICMP request baseline using the ICMP Request Traffic Profile report. That anomalous activity was then correlated with unexpected user-location events using the Identity and Location Report. It was the equivalent of the janitor logging into Oracle with admin credentials from the broom closet. Something was amiss. The Intelink NOC team investigated the source IP, confirmed it was on a malware watch list, isolated the user’s login and location, blocked the transaction, and watched as the spike flatlined minutes later and baseline activity resumed.

Days after the Masque Attack had first been identified, hours into the most critical day of the year, minutes into the start of a malicious attack, the attempt had been thwarted, the system healed itself, and new patterns had been created in AccelOps to detect the same issue from impacting other customers. All worked as expected in the NOC but what mattered most was Uncle Lew got his rawhide boots on schedule. Intelink got a Christmas card signed by every employee at the shoe company… and an order to manage another 10,000 servers.

Ray’s not a jovial man. He only watches spaghetti westerns and boycotts YouTube to avoid kittens and babies. When I met him in December his perpetual scowl gave way to a toothy grin when he shared this story. 

Ray, from our whole team, you’re welcome :). You’re going to love what’s ahead.

Authors

Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone Marta Stone

Try AccelOps FREE for 30 Days

 

Get a Live Product Demo

 

Tags

cloud security big data RSA analytics compliance Q&A PCI DSS HIPAA Sarbanes Oxley (SOX) Target breach

About Accelops

AccelOps provides the leading IT operations analytics platform for the modern data center. The virtual appliance software monitors security, performance and compliance in cloud and virtualized infrastructures – all from a single screen.

 

AccelOps automatically discovers, analyzes and automates IT issues in machine and big data across organizations’ data centers and cloud resources, spanning servers, storage, networks, security, applications and users. AccelOps’ patented analytics engine with cross-correlation and statistical anomaly detection sends real-time alerts when deviations occur that indicate a security or performance-impacting event.

 

The AccelOps platform scales seamlessly and provides unmatched delivery of proactive security and operational intelligence, allowing organizations to be more responsive and competitive as they expand their IT capabilities. 

Keep Social

twitter facebook linkedin