By Matthias Maier October 07, 2016
Hello Security Ninjas,
Recently Deutsche Bahn joined forces with our Splunk Germany team and organized the first Cyber Defense Day at Deutsche Bahn. They had about 100 security people attending from within Deutsche Bahn, as well as from other companys in the Frankfurt area to encourage information sharing and networking between different organizations. Sven Grun from DB Systel (part of Deutsche Bahn) opened and moderated the event which was hosted in the Silvertower Skydeck in Frankfurt.
LIVE HACKING
Samuel Ruppert from DB Systel showed in a demo how to hack a vulnerable web application – for example an Info Entertainment System on a train. His takeway for the audience was that security needs to be implemented in each step of the software developement cycle.
SPLUNK AS A SIEM AT DEUTSCHE BAHN
Adem Sen, DB Systel, shared details on how they started with a Computer Security Incident Response Team (CSIRT) early in 2014 before going into warm up mode between April and July this year. After sharing some SIEM pain and the information that they spent most resources on implementation with a traditional SIEM (creating connectors etc.) they moved on to explain that with Splunk it is a total contrast. They can now focus on rapidly developing new use cases/features and finding new, business-relevant insights every day. They also see Splunk as a „hunting“ tool as it allows them to search through a lot of data without the long waiting times or time out errors, which they had before.
Adem also shared a great takeaway: „It’s fun working with Splunk software every day – it keeps our team motivated.“ This is what motivates everyone at Splunk every day – happy and successful customers.
BUILDING A SOC AT DZ BANK WITH SPLUNK
After Adem, Matthias Tauber from DZ BANK shared his project to establish and build a Global Security Operations Center (SOC) with Splunk and Splunk Enterprise Security.
DZ BANK started using Splunk some time ago for system monitoring and some specific security monitoring use cases (monitoring emergency system accounts and failed logons of service users). Now they are establishing the company proccesses paralllel to building out the technology stack. They used the NIST Cybersecurity Framework and he also pointed out that they use Splunk in the detect and resopnd categories here.
NETWORKING / WORLD CAFE
In a group exercise people discussed various security topics. Most groups agreed on a similar outcome – through digitalization and the Internet of Things organizations have to deal with a lot of new attack vectors in their environment which need to be properly understood and the risk managed effectively.
WORKERS COUNCIL AND BIG DATA BEST PRACTICES
Last but not least (even if I say so myself J) I shared some insights and best practices from a survey we have done in Germany on big data and the workers’ council (Big Data und der Betriebsrat). For those of you not in Germany, the workers’ council is a “shop-floor” organization representing workers, which functions as local/firm-level complement to national labour negotiations. Key to a smooth approval is to involve the workers’ council early, fully educate them on cyber security and explain to them why it is important. Many organizations spent several days to just develop a plan on how to communicate to the workers’ council. There are further details available – join one of our next events in Germany to learn more.
Thanks a lot to Deutsche Bahn and all the speakers for being there.
Happy Splunking and hope to see you at the next DB Event.
Matthias
26/10/2016 Update: You can finde a blog writes up in German language of Sven Christian Grun from DB on the Website of the Skydeck from Deutsche Bahn.