Splunk at VeriSign

Delivering Powerful Capabilities Across Mulitple IT Teams

Overview

Industry

  • Security & Internet Infrastructure

Splunk Use Cases

  • Application Management - Application Troubleshooting
  • Operations - Transaction Tracing, Workload Planning
  • Security - Incident Investigations
  • Compliance Reporting - PCI, SOX, SAS-70

Business Impact

  • Reduced the time to track digital certificate deliveries and failures by 90%
  • Automated the reporting for SOX, SAS-70 and PCI, reducing labor from days to hours
  • Protected revenue by monitoring flagship Identity Protection Service, which peaks at over 100,000 transactions per day
  • Improved SLA monitoring and reporting

Data Sources

  • OS/Hypervisor Logs: Unix, Windows, VMware
  • Front Office Web Servers: Apache, Tomcat, Access logs
  • Back Office Application Server Logs: WebLogic, JBoss and custom applications
  • Monitoring logs: Nagios
  • Syslog and Server Logs: System audit, RAID controllers
  • Infrastructure Logs: DNS server, SMTP, network switch, routers
  • Server/Desktop Logs: Linux, Windows, Solaris

Download

Success Story
Splunk at VeriSign

“Splunk helps us generate reports for SOX, SAS-70 and PCI over greater amounts of data in hours instead of weeks.”
Sean Delaney
Senior Security Architect

The Business

As the company that proects over a million web servers with digital certificates and secures billions of Internet communications and transactions every day, VeriSign is practically synonymous with the term "trust". The company's comprehensive spectrum of authentication and fraud protection products and services inspires confidence in both enterprise and invidual Internet users around the world. Even though VeriSign is built entirely around the concept of trust, they're not exempt from compliance regulations.

Challenges

VeriSign's authentication servers, network/security devices and applications generate a massive amount machine data. To manage and monitor their infrastructure, each functional IT team used its own set of tools and homegrown monitoring systems—each a silo. Between the sheer quantity of data and its fragmentation across the organization, visibility at VeriSign was a major challenge.

Enter Splunk

VeriSign started by monitoring certificate deliveries and generating failure alerts - a major revenue stream for the company. With Splunk, VeriSign now takes 90% less time to track certificate deliveries. Plus, with a few clicks, teams can drill into alerts, find issues and fix failures on the fly. With this early success, VeriSign expanded its Splunk deployment:

Compliance

Although VeriSign invested significant time and money on compliance initiatives it wasn't able to produce consistent, reliable or accurate results. With a single, secure, Splunk index, VeriSign fulfills the log consolidation and retention requirements for PCI, SOX, and SAS-70 compliance. Role-based access integrated with LDAP is in place to ensure data protection.VeriSign monitors compliance using dashboards and reports that provide visibility into system access and help confirm a secure audit trail.

Splunk also simplifies certificate issuance auditing for hosted enterprise customer accounts. VeriSign used Splunk for its first automated log audit. A key part of this was reviewing issuance and revocation transactions for certain classes of certificates - a snap with Splunk. And for PCI and SAS-70 compliance audits, Splunk makes fast work of the required data collection and reporting.

Application Management

VeriSign uses Splunk to support application troubleshooting, performance monitoring and service level monitoring and reporting.

With Splunk, application developers have immediate and secure access to relevant machine data from production systems. Developers can now search through data with a single browser-based view, speeding the debugging and quality assurance process. For example, VeriSign developers can now correlate disparate events such as database errors with permission failures. Sysadmins no longer have to manually pull data from silod production systems since Splunk provides the developers secure access to the data.

The VeriSign Identity Protection Service, a major contributor to company revenue, peaks at over 100,000 transactions per day. Splunk monitors this service to understand average response times for capacity planning and to adhere to SLAs. Splunk also proactively monitors transaction response times to find and remediate system inefficiencies or breakdowns before they impact revenue.

Security

Splunk's incident investigation capabilities help VeriSign analyze suspicious activities by particular IP address or user account over any time period. Splunk is crucial in helping security analysts set up threshold-based alerts for specific criteria and then monitor for known bad actors, IP addresses or activities. They can quickly shut down identified threats and isolate devices under attack for rapid incident response. This visibility across both traditional security and other operational machine data provides VeriSign the ability to uncover patterns across large swaths of time, prove compliance and avoid potential attacks.

Breakthroughs

Using Splunk, VeriSign has turned reactive responses into preemptive actions. Splunk-empowered teams share data and dashboards, yet role-based controls keep vital information secure. Employees freed from manual analysis of their machine data are now focused on delivering better service to the business.

VeriSign is using Splunk to maintain compliance. Flexible report creation in a few clicks, role-based access and abilities such as tagging events for compliance review have transformed an unreliable and suspect activity into a trustworthy, reproducible and efficient process.

The powerful statistical analysis and reporting capabilities enabled by Splunk allow the VeriSign IT team to generate Service Level Agreement (SLA) reports and create workload-planning information.

With the ability to identify patterns, trends, anomalies, and track KPIs by monitoring and analyzing billions of events across their security and application infrastructures Splunk has helped deliver VeriSign operational intelligence.