SECURITY SECURITY

Are We Making the Best Use of Our Security Analytics Platform?

As a Chinese saying goes, who wishes to do his work well must first sharpen his tools. When we have the best security intelligence platform in place, are we able to derive maximum benefits from it? It's interesting to hear from the HKT team, who stood out from nine contesting teams and became the champion after a fierce competition at the recent “Boss of the SOC” (BOTS) event hosted by Splunk Hong Kong.

Run here for the first time, BOTS is a jeopardy-style, capture-the-flag-esque (CTF) competition where participants use Splunk to answer questions about security incidents occurring in a realistic but fictitious enterprise environment. The whole game is based on a core belief that Splunk is an indispensable tool for all information security teams, and that learning can be both realistic and fun.   

Unlike the majority of CTFs which are red-team (attackers) oriented, BOTS turns participants into blue teams (defenders) to combat hackers by identifying security flaws and verifying the effectiveness of security measures. They not only have to know Splunk, but also have to think outside of the box while keeping up their “can do” attitude for this fun-for-all competition.

Think Outside of the “Splunk” Box

A number of clients and prospects were invited to join the latest round of BOTS taking place at Splunk Hong Kong in October. In this four-hour competition, they played in groups of 2 to 4 people to answer 30 to 40 questions of varying difficulty through an automated real-time scoring system. Easy questions are worth fewer points; hard questions are worth more. All questions require them to use Splunk efficiently to search, but not all questions can be answered without checking other open source intelligence resources—just like the real world.

As the champion of the competition, the HKT team hasn't only won a trophy; they've also gained valuable experience and knowledge from the game, as well as insights from investigating the real-life scenarios and security incidents using Splunk.

Talent Wins Games, Teamwork Wins Championships

“It’s just like a detective game!” says the HKT team after the competition. “We were guided step by step into the core of problems. Everything is so realistic and practical, just like what we are facing every day in our security operations center. In the past we have joined many red-team competitions and played the role of attackers, but it’s the first time we've become a blue team. This experience has effectively broadened our horizons to the constantly evolving hacker tactics and techniques.”

The HKT team also appreciates the fact that the competition has boosted their confidence. “We are a young team, but by putting our heads together, we managed to solve problems we have never encountered. Alone we can do so little, but together we can do so much! Many ideas grow better when transplanted into another mind than the one where they sprang up. Talent wins games, but teamwork and intelligence win championships.”

Going the Extra Mile into Security

Although HKT is renowned as Hong Kong’s largest telecommunications company, it also offers a range of cybersecurity services beyond connectivity. For example, the company is tapping into the cybersecurity segment to provide Security First Network solutions for all commercial and government customers.

HKT offers intelligent Threat Management Service (TMS) by riding on Splunk’s security analytics platform and HKT threat intelligence platform. In fact, the winning team in the BOTS competition comes exactly from this area—some of them are from the managed security service team and some from the security product implementation team.

Spreading the Core Values

The first BOTS was introduced last year at .conf2016, which was a big hit with over 150 participants! Since then, more than 60 BOTS have been conducted all around the world, bringing a gamified Splunk security learning experience to more than 2,000 individual participants. It's a real excitement to see the concept successfully land in Hong Kong. Stop, think, learn and have fun—that’s what Hong Kong people have to do in their busy schedule.

Paul Pang
Posted by Paul Pang

Being a technical evangelist of Splunk, Paul has particular interest and expertise in security, especially in the areas of SOC, Cyber Defense and MSSP. Paul works closely with the customers and partners in Asia Pacific, helping them get insights from machine data and apply big data to security and compliance. Prior to joining Splunk, Paul was a senior director of SE team at Arcsight. Paul frequently speaks at industry and security conferences in different markets.

Join the Discussion