CSE498, Collaborative Design, Spring 2018
Computer Science and Engineering
Michigan State University

Symantec is a global leader in providing security and information management solutions. Their customers range from consumers and small businesses to large global organizations.

Symantec’s flagship authentication solutions include Symantec VIP, a multifactor authentication solution that enables businesses to secure access to networks and applications without affecting productivity.

Our system detects security threats by analyzing user authentication patterns and visualizing the results using Splunk and Elasticsearch, Logstash and Kibana (ELK).

Our custom Splunk and ELK apps enable VIP customers to view and analyze various operational and security trends in near real time. Both apps ingest and visualize VIP authentication log data pulled from Symantec servers using their VIP Reference Client.

A VIP customer initially configures their Splunk or ELK apps with their VIP account certificate. The apps open directly to pre-built dashboards, which show operational data and security trends. Users can add custom charts and panels to their dashboard.

While our dashboards do help to visualize data trends and behavior, security analysts may not always be viewing the dashboards. To prevent an analyst from missing an important security event, both the Splunk and ELK apps alert analysts via alternate methods when threats are detected.

Our Splunk app is written using the Splunk Enterprise software and dashboards are created with Splunk Processing language. Our ELK app runs on an Amazon Machine Image hosted on Amazon Web Services.