Case Study

Multinational Financial Services Organization Protects Encrypted Financial Transactions with NETSCOUT

Multinational Financial Services Organization Protects Encrypted Financial Transactions with NETSCOUT

Highlights

The Challenge
  • Need for global end-to-end visibility into financial transactions and other applications
  • Need to validate TLS versions used by merchants and banks to ensure security and compliance
The Solution
  • nGeniusONE® Service Assurance platform with Dedicated Global Manager
  • InfiniStreamNG™ appliances with nGenius® Packet Flow Switches
  • MasterCare Remote Support Engineer
The Results
  • End-to-end visibility reduces downtime and speeds Mean Time to Restore
  • Mitigated business risk

Customer Profile

This multinational financial services organization operates around the globe supporting customers in dozens of locations domestically and abroad. Their primary business is facilitating the authorization, clearing, and settlement of electronic payment transactions between banks, merchants, consumers, and other groups. They also offer related products and services to help their customers ensure the safety and security of their business. With thousands of global employees engaged in the support of billions of transactions processed every year by their millions of customers, the organization works hard to protect this business and assure the delivery of services quickly and accurately.

The Challenge

One major challenge facing this organization was the migration of their banking partners to TLS (Transport Layer Security) 1.2. To ensure compliance with the Payment Card Industry Data Security Standard (PCI DSS), this organization’s Security team needed a way to ensure that they were receiving TLS 1.2 certificates from their partner banks. Failure to comply with PCI DSS requirements could result in up to $100,000 in fines every month that a company was found to not be in compliance. This concern impacted every financial transaction they processed, so it was very important. They also needed a way to see the performance of these secured transactions, and to be able to respond quickly if there was an encryption issue, for the security and protection of their end users.

Beyond this security concern, the application and network teams needed general end-to-end visibility on premises and in the cloud to see all revenue generating transactions, to validate and ensure SLA compliance. If there was an issue with a particular transaction, it was imperative to understand if the problem was with the organization, their partner bank, the merchant, or the consumer, all parties involved in the transaction. Getting this wrong could cost the business money.

Solution in Action

To protect the encryption of their business transactions and to ensure continuous visibility into critical revenue-generating transactions, this organization turned to NETSCOUT®. The organization partnered with NETSCOUT to deploy the highly scalable nGeniusONE Service Assurance platform globally, with local servers deployed at in-country datacenters and a Dedicated Global Manager server appliance to roll up the information collected into all-inclusive views and reports.

nGenius Packet Flow Switches connected to critical communications paths distributed and aggregated critical packet data to downstream monitoring devices including InfiniStreamNG appliances NETSCOUT’s patented Adaptive Service Intelligence™ (ASI) technology converted this smart data into even smarter analytics. In addition to the in-country data centers, the network team has also instrumented their connections at a colocation provider to monitor direct connectivity into AWS, Azure, and Google clouds. This visibility will give them insights into financial transactions coming in from customers of theirs with cloud presence.

One of the most valuable capabilities the nGeniusONE solution brings to this organization is the significant application level visibility they gain both in the data centers and out in remote office locations. This includes:

  • Visibility into class of service (via Type of Service classification) - to ensure that it’s marked and queued correctly
  • SSL/TLS versions - to ensure that financial transactions are encrypted securely for regulatory compliance
  • Specific performance and latency metrics around the financial transactions - to ensure that they’re being accurately processed in a timely fashion

For the encrypted traffic, in addition to ensuring the correct TLS version, they’re also looking for failures such as invalid handshakes, invalid certificates, corrupted certificates, and more. Any of these could be indicators of a transaction in jeopardy.

This company depends on a Remote Support Engineer from the MasterCare Premium Support Services team dedicated solely to this account who administered the system, configures all NETSCOUT equipment, customized application definitions, service tiles, dashboards, and reporting, and worked with the organization’s Security and application owners to use the tool to identify and resolve performance issues. In one instance, an important business application was relocated from one data center to another and was found to run slower in the new location. Slower transactions cost the business money, so it was important to identify the root cause and resolve. With the end-to-end visibility provided by nGeniusONE, the team had the information they needed to quickly find and fix the issue, which turned out to be slowness caused by a firewall.

The Results

NETSCOUT, NETSCOUT’s Remote Support Engineer, and nGeniusONE have proven invaluable to this organization. Since implementing this powerful solution, the organization has been able to gain important insights and visibility into critical financial transactions, mitigating business risk by validating TLS versions and protecting the business from failed transactions.

Broad scalability, combined with flexible, advanced application visibility, give this organization the ability to respond to a number of different failure scenarios. The ability to operate in dozens of countries with a consolidated view of all their TLS metrics (utilization, errors, versions, performance, etc.) enables the team to be agile and responsive no matter where in the world or what time of day or night an issue occurs. The team employs a “follow the sun” approach and NETSCOUT’s global, scalable solution is used by engineers around the world and at all hours of the day.

For this organization, that mitigation of business risk is tremendously important to the business. The potential savings of avoiding downtime could be in the millions of dollars from failed or abandoned transactions, regulatory fines, acceptance of potentially fraudulent charges, or other causes, so this risk is very real and very urgent. With the visibility provided by NETSCOUT, they can now move forward with confidence that their business traffic is protected.