Trek needed a more unified approach to security. Stand-alone security solutions created data silos that obscured end-to-end visibility, and slowed investigation of and response to incidents.
“To track down one item of data to figure out what was happening, I had to touch seven different consoles,” says Kevin TeStrake, Trek global information security engineer. “And you shouldn’t have to. It slows you down when you have to hop between seven different tools and remember which tools can do what.”
These blind spots left Trek potentially vulnerable to unauthorized intruders, malware or insider threats.
“Internally, it was challenging to find the source of a change to a critical system,” says Robert Garvito, the Splunk customer success manager who helped Trek apply Splunk’s technology to its security challenges.
Trek’s first goal was to gain visibility into its systems, beginning with internal security, such as user login processes and VPN access, and to better identify and defend against email phishing and other threats. Just weeks into its Splunk implementation, Trek has already logged several security wins. In one instance, Splunk Enterprise was able to identify the infrastructure change that shut down IT access for an entire business unit. In another instance, Trek used Splunk to rule out false positives in log data from a data center in Asia — which in the past might have required staff to work odd hours to resolve the issue.
A lot is riding on security for the entire Trek organization, in the same way it has on the course for the Trek team. In addition to securing the business’ intellectual property, customer data and other sensitive business information, race data will also need to be protected, including metrics around the Trek-Segafredo cyclists’ health and nutrition, plus data from sensors on the bikes.
A Fast Start
Splunk professionals got the ball rolling on Trek’s new security initiative in less than two weeks — with Splunk Cloud processing more than 100Gb of historical data by the end of the first week. By week two, they were already doing event analysis, dashboard creation, as well as creating requirements for future planned projects and discussing potential use cases for IoT.
“I worked closely with Kevin at Trek’s HQ in Waterloo, WI, assisting and guiding between Trek and our internal Splunk organization,” says Irshad Siddiqi, senior professional services consultant at Splunk. “We had many conversations about the technology landscape in general and how best to introduce Splunk across the teams at Trek.”
Once the Splunk platform was deployed, it started pulling data sourced to firewalls and security-based processes into dashboards and reports. For the first time, Trek security professionals could see who was logging on and off, at what time, and where physical devices were located.
Prior to implementing Splunk Cloud, Trek had no consolidated view of event logs from workstations or servers across the environment. Splunk was there to not only create more visibility into Trek’s environment, but help them understand what they were seeing by conducting hands-on sessions with each team, offering a handy intro to the platform. The Splunk team also helped them understand and query their data, conduct valuable searches and create meaningful dashboards, while also providing targeting demonstrations and workshops aimed at addressing Trek’s needs.
Trek now has the ability to quickly drill down into systems, conduct investigations and rapidly scour log data, as well as determine where their visibility is lacking. Trek also has the ability to instantly identify a network aberration that could indicate a potential disruption or more malicious threat.
“Threats are becoming more numerous,” TeStrake says. “Phishing threats are always there, and they get stronger. Having Splunk keep an eye on that stuff for us has freed up our ability to hunt for things, instead of waiting for them to hit us.”
The Road Ahead
From the security perspective, Trek wants to see which processes are running and why, and whether only authorized users are accessing authorized systems. This will lead into Phase 2 of the implementation, in which Splunk will use machine learning to help track and analyze failures and trends to proactively address a potentially harmful situation before it becomes an outage.
Enhanced security visibility is only the beginning. Going forward, Trek wants to use Splunk to be able to see a “big picture,” end-to-end view of the entire business from which they can drill down to individual departments to determine exactly what’s happening and where.
“It all makes them more competitive as an organization, as a race team and as a sales organization,” Garvito says.