NASDAQ attempts to shield itself from Shellshock with help of Splunk

The US stock exchange had previously used Splunk to combat the threat from Heartbleed

The American stock exchange NASDAQ is attempting to shield itself from the security vulnerability known as "Shellshock" or "The Bash Bug", with the help of operational intelligence platform Splunk.

The security flaw was discovered last month in Linux-based software called Bash - also common on Apple Mac operating systems - and it has been claimed that it could be exploited to take control of any other system that uses Bash software.

Despite Linux and Unix vendors, as well as Apple, having released patches for the vulnerability, end users could still be vulnerable to the flaw because of the widespread use of Linux in all kinds of devices, and recent reports suggest that similar Shellshock-like remote code execution is possible on Windows systems too.

At splunk.conf 2014 in Las Vegas, NASDAQ CISO Mark Graff told delegates that the company is using Splunk's platform in a bid to patch vulnerable systems that could be exposed by attackers.

The company had previously used Splunk to help with the Heartbleed bug, which was said to allow "anyone on the internet" to read the memory of systems protected by vulnerable versions of OpenSSL.

Once Heartbleed had become public knowledge, Graff suggested that it was a race between attackers trying to make use of the flaw, and defenders trying to patch their systems before they could.

NASDAQ built a dashboard using Splunk on the day that Heartbleed was made public.

"We wrote it on the same day and ran it, and it's really fundamental to our defence," Graff explained.

He said that NASDAQ‘s systems are constantly being targeted with attacks, and in this case it had 500 outward facing websites which were vulnerable.

"We wanted to track if someone was coming after us and see which system they were trying to get into, and find out whether the system is vulnerable or not and whether it can be patched if it is," Graff said.

He presented the dashboard that one of NASDAQ's developers built using Splunk, with charts showing the number of vulnerable systems against the number of attacks, and a detector to highlight which systems could be hacked.

"I knew they were going to come after us but the question was whether we could beat them," Graff said.

The company eventually got its vulnerable systems patched and, according to Graff, NASDAQ beat the attackers.

The company will be using Splunk in a similar way to help it mitigate Shellshock, which has been deemed "worse than Heartbleed".

NASDAQ had initially implemented Splunk as a security information and event management (SIEM) tool, and is now working on refining its applications and the way it responds to intrusions. Graff said that he hopes "to get to the point where the enterprise will defend itself".