Menu Close

Data driven security at Blibli.com

  • With Metabase, Blibli’s Cyber Security and Resiliency team can now easily monitor their security stack for fraudulent or malicious activity.
  • The ease of finding insights with Metabase’s graphical query builder and simple charts and graphs has accelerated their ability to conduct security investigations.
  • Their team uses Metabase to reduce false positives and to more clearly see malicious patterns.

About Blibli.com

Blibli.com is an Indonesia e-commerce company with over 1,000 employees. Established in 2011, Blibli.com calls itself an online mall, and has a wide range of offerings, from consumer goods to electronics, health and beauty, automotive, and lifestyle products. With a business-to-business-to-consumer model, the company has built strategic partnerships with more than 75,000 merchants. To support the company’s growth, Blibli.com owns and operates their own logistics system (Blibli Express Service, or BES) with warehouses and hubs in many major cities across Indonesia, and has set up strategic distribution alliances with 15 logistic partners.

With their web traffic growing by a factor of 1,000 from 2011 to 2018, Blibli.com has plenty of data to track, analyze, and secure. Monitoring all of this data for fraudulent or malicious activity is a must, which is why Muhammad Fajar Masputra from the Cyber Security and Resiliency team at Blibli.com were looking for a solution that could do just that.

Why they picked Metabase

After comparing many tools, Fajar says they landed on Metabase for a few reasons. According to Fajar, most of the team has a background in network engineering and cybersecurity. Using Metabase he says, “Makes it easier for them to review applications for security, and search when an incident occured because there is no need for advanced database skills.” Metabase’s graphical query builder has also made it simple for these users to create all the charts and dashboards they rely on without needing to know SQL. “The ease of finding insights is extraordinary, especially for those who do not have SQL skills,” says Fajar.

And since Blibli was already using LDAP internally, it was easy for them to set up access controls, too. But ultimately to Fajar, “the most important thing is the ease of deploying [Metabase].”

Visualizing the security stack

As you might expect of a large, modern tech company, Blibli has a sophisticated and complex security stack with a large amount of data, which they use Metabase to analyze. This includes data from their firewalls (IDS/IPS), threat intelligence, endpoint detection and response (EDR), and host-based intrusion detection system (HIDS) logs from Splunk.

The team uses Metabase to monitor their system and conduct investigations into incidents when they occur. Fraud info about flash sales and promotions, malicious activities from the firewall, suspicious IPs, and more all get fed into Metabase to let the team visualize their system and find patterns. This kind of monitoring allows the team to make adjustments on the fly, like tuning the rules of their web application firewall to reduce false positives.

But the team has higher ambitions than just monitoring. They call what they’re doing “Data Driven Security,” using data science and data access to improve their response to incidents and strengthen the platform as a whole. Being able to use Metabase to go deeper and analyze historical trends and patterns, investigate attack vectors across dimensions like location or ID, or review data from the entire security stack holistically has changed the way Fajar and his team approach security at Blibli.

Tips from Fajar and the team

  • Fajar suggests you take advantage of Metabase’s collection permissions to organize your dashboards and set team-level permissions on them.
  • If you’re already using LDAP or something similar, Fajar highly recommends connecting that to Metabase to automatically handle user groups and authentication in Metabase.
  • “Use Smart Numbers!” Fajar loves how this trend visualization allows you to watch for anomalies in real time to spot abnormal increases or decreases in important metrics.