ArtFamily - Fotolia
Travis Perkins is the parent company of 26 DIY and building merchant brands, operating in approximately 1,900 physical outlets across the UK and Ireland.
In 2016, the firm’s technology function implemented Splunk’s flexible security monitoring platform as part of its mission to move its on-premise customer, operations, stock and logistics data to the cloud.
This project was tasked to head of information security Nick Bleech. Now Splunk is in place to help protect the firm’s data against cyber attacks, Bleech is more focused on spotting trends.
“We’ve been using this technology for almost a year, and have a lot of data there to look through to start noticing trends,” he says.
Like most big firms, Bleech says Travis Perkins had been the target of some failed large-scale cyber attacks “very similar to the TalkTalk attack” aimed at accessing customer data.
But the firm is also focused on smaller or more systematic attacks that are filtered out by Splunk and may go unassessed.
“As a large organisation, we’ve got good protection in place, but the whole point of having a security monitoring system is to make sure that protection is working and to analyse what’s coming in to identify trends and correlations,” says Bleech.
Malicious activity detected
Bleech found a correlation between malicious activity and the firm’s business cycle, with peaks during the Christmas and Easter periods.
Ransomware is something Travis Perkins is on the lookout for, as Bleech stated smaller firms – such as its subsidiary brands Wickes and Toolstation – are more likely to pay up in a ransomware situation.
“The crooks have judged their market very carefully – this is all about economics and supply and demand,” he says. “If they put the price too high, people won’t pay up, and if they put it too low, they won’t make much money out of it.”
The Splunk incident handling system will calculate a risk score for each activity so Bleech’s team knows which threats are of most concern.
Read more about cloud adoption
- The private cloud is often viewed as a stepping stone for enterprises keen to tap into the business agility benefits of cloud without ceding total control over where their applications and workloads run.
- Organisations that are using cloud are increasingly looking to optimise hybrid workloads across on-premise and external cloud systems.
Lower-level events are usually dealt with and eradicated by antivirus software, but the firm is using data analytics to look at these low-level activities and see if there are any patterns.
The team performs manual reviews of these low-level activities to adjust how these risk scores are generated – antivirus activity, unusual network activity, and consistent use of a single IP address all contribute to these risk scores.
By doing this, Bleech hopes to “tune that risk scoring that drives our primary risk-handling process”, and the technology function will next look to automate some of this process using built-in machine learning tools provided by Splunk, which Bleech signed up for in April 2017.
Using Splunk elsewhere in the firm
While putting the focus on cyber security is not often the main priority in the boardroom, Travis Perkins is now also using Splunk to monitor service performance in various systems across the firm to find ways to make the service more efficient.
With different groups across the organisation putting information into the same Splunk system, Bleech says they each gain access to a wider range of statistics, trends and alerts. “The more different teams in the organisation that are able to use the same information sources, the more everyone benefits,” he adds.
Other areas of Travis Perkins could also benefit from using Splunk tools. Bleech explains the firm has made a huge push in e-commerce over the past five years, but consumer behaviour and building a single customer view have been a challenge.
The biggest part of this challenge is that customers have different login details for each of the brands owned by Travis Perkins. The firm plans to simplify this by bringing each of its brands under the same login ID.
“Our CIO Neil Pearce is bringing those together under a common customer ID,” says Bleech. “It’s not currently my concern from a security point of view, but it’s certainly a challenge for the business.”
Consumer behaviour a challenge
Consumer behaviour in the DIY and building materials space is also a challenge for Travis Perkins, as builders often have small, family-run businesses that prefer to visit a physical location to negotiate a price.
Although they are still using websites for price comparison, the customers will not log in and make themselves known to the brand unless they intend to make an online purchase.
Technology has made it easier for Travis Perkins to monitor customer interactions and adapt as a result, but Bleech thinks the firm is under-utilising Splunk from a single customer journey perspective.
“In a situation where I’ve got three different websites and three different customer IDs, if the businesses are happy for me to be monitoring what the customers are doing online, I can be putting those IDs together in Splunk more easily than they can,” he says.
The move away from on-premise
Travis Perkins is still in the process of moving many of its on-premise systems into the cloud. The deadline for this project was originally 2020, but the firm now aims to complete the migration by 2019.
All of the firm’s datasets are being transferred to the cloud, and Travis Perkins already has a framework in place with Amazon Web Services (AWS) after deciding to move away from an on-premise Microsoft system four years ago.
As the security monitoring framework for the firm was “born in the cloud” Travis Perkins is now assessing which applications need to be moved to the cloud, when they need to be moved by and what can be purged.
The introduction of a cloud-hosted enterprise resource planning (ERP) system will also “knock out a lot of legacy” for the firm, and Travis Perkins has already moved many of its documents, spreadsheets and email into Google Apps in the cloud.
“We’ve got the proof of concept done for the project,” says Bleech. “What we’re doing now is looking at the detailed planning to see what applications are going to move when.”