Speaking at the Splunk Live conference in London, Nigel Spencer, head of security operations at Vocalink said that its deployment of Splunk was enabling compliance with various standards and creating an audit trail for changes “which provides us with a who, what, where, when and why analysis of a security event.”
He said that the real strength of the technology was in its ability to go back and look at past events within the infrastructure, and shared the timeline of an actual event. On one day at 11.25am the company received 64 phishing emails, 30 of which were delivered to valid email addresses and each contained a malicious attachment claiming to come from a UK retail bank.
Spencer said that four minutes later, users began to report their suspicions about the email using the Outlook plug in, and eight minutes later the security operations center began to triage an analysis process.
No tags.
