Category: Financial Services

Case Study: Netwealth bolster their security with Splunk

The prompt and decision

"As a financial services organisation, information security and system availability are core to the success of our business. With the business growing, we needed a solution that was scalable and which allowed our team to focus on high-value management tasks rather than on data collection and review."

Information security is vital to modern organisations, and particularly for those that deal in sensitive data, such as Netwealth. It is essential to actively assess software applications for security weaknesses to prevent exploitation and access by third parties, who could otherwise extract confidential and proprietary information. Security monitoring looks for abnormal behaviours and trends that could indicate a security breach.

"The continued growth of the business and the increased sophistication of threats prompted us to look for a better way to bring together our security and IT operations information and events," explains Chris Foong, Technology Infrastructure Manager at Netwealth. "Advancements in the technology available in this space over the last few years meant that a number of attractive options were available."

The first stage in Netwealth’s project was to select the right tool for the job, with several options short-listed. Each of these options was pilot tested, to establish which was the best fit to the requirements—and Splunk, with its high versatility and ease of use, was the selected solution.

The power in the solution comes from Splunk’s ability to combine multiple real-time data flows with machine learning and analysis which prioritises threats and actions, and the use of dynamic visual correlations and on-demand custom queries to more easily triage threats. Together, this empowers IT to make informed decisions.

Objective

Netwealth’s business objective was to implement a security information and event management (‘SIEM’) compliant tool to enhance management of security vulnerabilities and reporting. Their existing tool no longer met the expanding needs of the business, and so they looked to Splunk and JDS to provide a solution.

Approach

Netwealth conducted a proof of concept with various tools, and Splunk was selected. JDS Australia, as Splunk Implementation Partner, provided licensing and expertise.

IT improvements

Implementing Splunk monitoring gave Netwealth enhanced visibility over their security environment, and the movement of sensitive data through the business. This enabled them to triage security events and vulnerabilities in real time.

About Netwealth

Founded in 1999, Netwealth was established to provide astute investors and wealth professionals with a better way to invest, protect and manage their current and future wealth. As a business, Netwealth seeks to enable, educate and inspire Australians to see wealth differently and to discover a brighter future.

Netwealth offers a range of innovative portfolio administration, superannuation, retirement, investment, and managed account solutions to investors and non-institutional intermediaries including financial advisers, private clients, and high net worth firms.

Industry

Financial Services

Primary applications

  • Office365
  • Fortigate
  • IIS
  • Juniper SRX
  • Microsoft DNS
  • Microsoft AD and ADFS (Active Directory Federation Services)
  • JBoss (Java EE Application Server)
  • Fortinet

Primary software

  • Splunk Enterprise
  • Splunk Enterprise Security (application add-on)

The process

Now that Splunk had been identified as the best tool for the job, it was time to find an Implementation Partner—and that’s where JDS came in. JDS, as the most-certified Australian Splunk partner, was the natural choice. "JDS provided Splunk licensing, expertise on integrating data sources, and knowledge transfer to our internal team," says Foong.  

An agile, project managed approach was taken.  

  1. Understand the business requirements and potential threats associated with Netwealth’s environment.
  2. Identify the various services that required security monitoring.
  3. Identify the data feed for those services.
  4. Deploy and configure core Splunk.
  5. Deploy the Enterprise Security application onto Splunk.
  6. Configure the Enterprise Security application to enable features. These features gave visibility into areas of particular concern.

The JDS difference

For this project, JDS "assisted Netwealth in deploying and configuring Splunk, and gaining confidence in Splunk Enterprise Security," explains the JDS Consultant on the case. "We were engaged as a trusted partner with Splunk, and within hours of deployment, we had helped Netwealth to gain greater visibility of the environment."

JDS were able to leverage their Splunk expertise to give added value to the client, advising them on how to gain maximum value in terms of both project staging, and in the onboarding of new applications. "We advocated a services approach—start by designing the dashboard you want, and work backwards towards the data required to build that dashboard."

"The JDS team worked well with our team, were knowledgeable about the product, and happy to share that knowledge with our team," says Netwealth’s Chris Foong. "They delivered what they said they would, and didn’t under- or over-sell themselves. We would work with them again."

End results

Chris Foong says that Netwealth was looking for "improved visibility over security and IT operations information and events, to aid in faster response and recovery"—and the project was a success on all counts.

"The project was delivered on time and to budget, and Splunk is now capturing data from all the required sources," adds Foong. "We also identified a number of additional use cases, over and above the base Enterprise Security case, such as rapidly troubleshooting performance degradation."

Now that Netwealth has implemented Splunk, the software has further applicability across the business. The next step is continuing to leverage Splunk, and JDS will be there to help.

Business Benefits

  • Gave Netwealth better visibility into the organisation’s security posture
  • Presents the opportunity for leveraging of Splunk in other areas of the business; for example, marketing
  • Allows Netwealth to have greater visibility into application and business statistics, with the potential to overlay machine learning and advanced statistical analysis of this business information

Using Splunk and Active Robot Monitoring to resolve website issues

Recently, one of JDS’ clients reached out for assistance, as they were experiencing inconsistent website performance. They had just moved to a new platform, and were receiving alerts about unexpectedly slow response times, as well as intermittent logon errors. They were concerned that, were the reports accurate, this would have an adverse impact on customer retention, and potentially reduce their ability to attract new customers. When manual verification couldn’t reproduce the issues, they called in one of JDS’ sleuths to try to locate and fix the problem—if one existed at all.

The Plot Thickens

The client’s existing active robot monitoring solution using the HPE Business Process Monitor (BPM) suite showed that there were sporadic difficulties in loading pages on the new platform and in logging in, but the client was unable to replicate the issue manually. If there was an issue, where exactly did it lie?

Commencing the Investigation

The client had deployed Splunk and it was ingesting logs from the application in question—but its features were not being utilised to investigate the issue.

JDS consultant Danesen Narayanen entered the fray and was able to use Splunk to analyse the data received. He could therefore immediately understand the issue the client was experiencing. He confirmed that the existing monitoring solution was reporting the problem accurately, and that the issue had not been affecting the client’s website prior to the re-platform

Using the data collected by HPE BPM as a starting point, Danesen was able to drill down and compare what was happening with the current system on the new platform to what had been happening on the old one. He quickly made several discoveries:

1. There appeared to be some kind of server error.

Since the re-platform, there had been a spike in a particular server error. Our JDS consultant reviewed data from the previous year, to see whether the error had happened before. He noted that there had previously been similar issues, and validated them against BPM to determine that the past errors had not had a pronounced effect on BPM—the spike in server errors seemed to be a symptom, rather than a cause.

Database deadlocks were spiking.
Database deadlocks were spiking
It was apparent that the error had happened before

2. There seemed to be an issue with user-end response time.

Next, our consultant used Splunk to look at the response time by IP addresses over time, to see if there was a particular location being affected—was the problem at server end, or user end? He identified one particular IP address which had a very high response time. What’s more, this was a public IP address, rather than one internal to the client. It seemed like there was a end-user problem—but what was the IP address that was causing BPM to report an issue?

Daily response time for all IPs (left axis), and for the abnormal IP (right axis). All times are in seconds.
Daily response time for all IPs (left axis), and for the abnormal IP (right axis). All times are in seconds.

Tracking Down the Mystery IP Address

At this point our consultant called for the assistance of another JDS staff member, to track down who owned the problematic IP address. As it turned out, the IP address was owned by the client, and was being used by a security tool running vulnerability checks on the website. After the re-platform, the tool had gone rogue: rather than running for half an hour after the re-platform, it continued to open a number of new web sessions throughout the day for several days.

The Resolution

Now that the culprit had been identified, the team were quickly able to log in to the security tool to turn it off, and the problem disappeared. Performance and availability times returned to what they should be, BPM was no longer reporting issues, and the client’s website was running smoothly once more. Thanks to the combination of Splunk’s power, HPE's active monitoring tools, and JDS’ analytical and diagnostic experience, resolution was achieved in under a day.

Case Study: Bendigo Bank delivers a higher quality customer experience with HP

Bendigo Bank provides banking and wealth management services to individual and small to medium businesses. It is represented in all states and territories with almost 900 outlets, including more than 190 company-owned branches, 250 locally-owned Community Bank® branches, 90 agencies and 800 ATMs.

With a tradition of adding value for customers through quality personal service, the bank recently began to look to technology as the enabler of service delivery and business performance. Realising its existing systems were account-centric and not customer-focused, the bank embarked on an ambitious program to align technology more closely with its business strategy. The result? It purchased Siebel Customer Relationship Management (CRM) and Universal Customer Master (UCM) applications to streamline customer-facing operations.

Known as ‘Enable Customer Phase 1’, the objective of this 18-month project was to introduce CRM and UCM capability across the organisation. As this would significantly impact 5,000 users and would result in considerable change management, the bank knew it had to deliver high-quality applications that functioned and performed at the levels demanded by the business.

“Enable Customer Phase 1 is the single largest implementation undertaken across the Bank in the past 15 years,” explains Robert Murphy, the project’s Technical Implementation Manager. “We had one chance to get it right and we knew quality assurance had to play a big part in the equation. We decided to make use of HP Quality Center software, which has been in the organisation for the past seven years. By leveraging an existing quality management solution, we could reduce our total cost of ownership and ensure a smoother transition to our new CRM platform.”

Objective

To drive the business value of its new customer facing solutions, Bendigo Bank sought to standardise system quality and performance 

Approach

Bendigo Bank adopted a quality and performance assurance approach using HP Quality Center software and HP LoadRunner software

IT improvements

  • Standard platform manages every aspect of system quality and performance
  • Centralisation enhances productivity
  • Isolated and fixed defects quickly
  • Established benchmarks for future enhancements
  • Fine-tuned testing efforts around data migration

About Bendigo Bank

The Bendigo Bank is the retail arm of the Bendigo and Adelaide Bank Group, an Australian company formed in November 2007 as a result of the merger between Bendigo Bank and Adelaide Bank. A publicly listed company, the group is owned by more than 82,000 shareholders.

Industry

Banking and Finance

Primary applications

  • Siebel CRM
  • Siebel URM

Primary software

  • HP LoadRunner software
  • HP Quality Center v9

Partnership provides valuable and timely expertise

To complete the quality approach and ensure all aspects of the new system were tested, the bank appointed JDS Australia to provide services in load testing and performance management.

An HP Platinum Partner and winner of the coveted HP Software Partner of the Year Award for the past four years, JDS is widely regarded as a leader in the Quality and Performance testing space. The company provides extensive and in-depth knowledge of the HP suite of testing and monitoring solutions offering support to clients in a variety of industries.

Steve Smith, JDS Australia’s Account Manager, believes that validating performance of newly deployed mission-critical systems is the key to achieving high user adoption and enhancing the consumer experience. Ensuring that applications are available and performing as intended is something that all organisations grapple with. JDS assisted Bendigo Bank by deploying HP LoadRunner to stress-test its Siebel CRM/URM system to ensure it could handle the peak loads and transactional volumes it would be subjected to, once live.

A quality ownership imperative

Prior to the adoption of HP Quality Center, the bank performed quality assurance on its core systems using a mixture of spreadsheets and documents. Following two mergers, the bank expanded rapidly and decided it needed to standardise its approach to quality assurance as a way of gaining some unity across the business and driving competitive advantage in a tough financial market. Today, the bank is firmly focused on retaining and growing its customer relationships, increasing loyalty and delivering personalised and consistent service experiences.

“We began the quality assurance part of the Enable Customer Phase 1 project by putting the ownership of quality in the hands of the business. We sought to make the business accountable for its operational outcomes. In short, we wanted quality management to be part of everyone’s mandate and HP Quality Center enabled us to do just that,” says Murphy.

“The quality management structure of this project was somewhat unusual. We used an iterative approach to development and put the business analysts, testers and developers into the one team. This allows us to fast-track time to success by facilitating communication and collaboration. But more importantly, it bridged the gap between business and technology expert, aligning testing more closely to business outcomes.”

Standardised processes improve decision-making

By providing a seamless, repeatable process for gathering requirements, planning and scheduling tests, analysing results and managing defects, HP has brought structure to managing quality for this project.

Murphy explains, “HP Quality Center creates an end-to-end quality management infrastructure to enforce standardised processes and best practices, such as our policy of ‘no work without a ticket’. It has given us the ability to streamline the management of defects, so that we can make effective ‘go/no-go’ decisions.

“By standardising on one quality platform we can do a lot of work in a short space of time, knowing that it is all contributing to our overall quality objectives. We can monitor the advancement of our work against these objectives to determine whether we are on track, on budget and on time. Having such insight into our progress delivers good governance and greatly improves decision-making.”

Testing what’s needed reduces risk

With quality firmly embedded in the centre of the organisation’s development mandate, ensuring that testing is prioritised according to business need was vital to achieving timely results for the bank.

HP Quality Center provides risk-based quality management to objectively assess and prioritise the highest-risk, highest-priority requirement, so testing efforts can be fine-tuned based on quantifiable business risk.

“HP Quality Center supports our approach of not wanting to test everything,” adds Murphy. “It enabled us to marry testing priorities with risk. We focused our testing efforts around data migration from our legacy systems into Siebel, as this was an integral part of future functionality.

“Prioritising our testing was also cost-effective in terms of centralisation and reusability. It meant that our people could store tests in one central location, review test planning information and reuse entire test plans or amend test cases across project components. Plus, having access to quality metrics put the business at ease because we could show that elements had been effectively tested and would work as intended.”

Validating performance

Gaining an understanding of how the Enable Customer project would meet the performance and scalability of the business was another objective the bank sought to achieve. Specifically, it wanted to obtain an accurate picture of end-to-end system performance before going live.

HP LoadRunner software was used to emulate the bank’s working environment with thousands of concurrent users. It stressed the application from end-to-end, applying consistent, measurable and repeatable workloads and identified issues that would affect its users in production.

“As we drove loads against the system, HP LoadRunner captured end-user response times for key transactions. It showed us that had we gone live, our users would have experienced slow performance when printing following a query. We rectified the issue in five days, but without HP LoadRunner it could easily have taken us a month or more to fix it.

“In the end, HP LoadRunner verified that our new Siebel CRM/URM system would meet specified performance requirements including sub-second response times,” confirms Murphy.

Quality, confidence, and success

After extensive testing and a successful pilot in two branches, the bank recently went live on Enable Customer Phase 1 without any showstoppers.

“We are delighted with the success of the project’s deployment and have achieved good outcomes through quality and performance testing,” adds Murphy. “Throughout the course of the project, we were able to isolate and fix defects quickly, automate quality processes and establish benchmarks for future enhancements. Quite simply, we delivered a high-quality, high-performing, robust system to support our people.”

“The value that HP Quality Center has brought to Bendigo Bank can be summarised in terms of standardisation, visibility and insight. We gained an end-to-end quality management infrastructure that gave us visibility into every element of the system and the insight we needed to make good decisions.”

Business Benefits

  • Gained 360-degree visibility into application quality
  • Went live on the single largest IT implementation in 15 years (Siebel CRM/URM) which functioned and performed at levels demanded by 5,000 users
  • Rectified performance issue in five days instead of a month
  • Aligned testing to business outcomes by facilitating communication and collaboration among business analysts, testers and developers
  • Reduced application deployment risk
  • Streamlined management process to assist with go/no-go decisions
  • Monitored the progress of work against objectives to track timeliness, budget and readiness

Looking ahead

HP Software will continue to play a key role as the backbone of Bendigo Bank’s quality and performance validation engine.

“We have successfully deployed one of the largest customer-facing projects in the history of the bank. Our focus now is on continuing to manage quality and performance of this system on a quarterly basis, ensuring that updates, changes, and upgrades are validated prior to release.

“Overall, HP has helped Bendigo Bank set the benchmark for ensuring our mission critical applications are high in quality and give the best performance to support our users in delivering excellent products and services,” concludes Murphy.

Case Study: Superpartners optimises IT operations with HP and JDS

With a mission to achieve efficiency and effectiveness through operational excellence, Superpartners sought to strengthen the end-user experience by gaining greater visibility into its IT infrastructure. The company turned to HP and adopted a Business Technology Optimization (BTO) approach to optimize the availability, performance and effectiveness of its business services and applications with HP Business Availability Center software.

Objective

To try and maximise the end-user experience, Superpartners sought to proactively monitor IT availability and performance

Approach

Superpartners adopted an HP Business Technology Optimisation (BTO) strategy with HP Business Availability Center software as the centrepiece in its application management strategy

IT improvements

  • Problems isolated, and issues resolved efficiently and effectively
  • Increased the quality of services to the business, its customers and employees
  • Better understanding of the complexities and interdependencies of the IT infrastructure including networks, systems and applications
  • Improved SLA compliance and reduced exposure to risk

About Superpartners

Superpartners is one of the largest superannuation administrators in Australia, employing over 1,500 people in eight offices Australia-wide. The company services about 6 million member accounts, 667,000 employer accounts and has over $72 billion in funds under administration.

Recognising that technology is a key enabler of its success, Superpartners develops core applications in-house, and sources third party products and services that complement its offering. Operating a business on considerable scale and complexity, the company has embraced a service-oriented technology strategy with business efficiency and service delivery as its focal points.

Industry

Superannuation

Taking a Proactive Approach and Gaining End-to-End Visibility

In supporting such a large user base, Superpartners is keenly focused on ensuring its business processes and technology operations deliver value to the business. Prior to implementing HP Business Availability Center, the company had outsourced monitoring of its infrastructure, which proved limiting. And with the growth of the organisation’s application portfolio, the need to comprehensively and proactively monitor the health of its systems became increasingly apparent.

Gary Evans, Chief Information Officer, Superpartners explains, “We needed to gain a better understanding of our environment and we wanted to become proactive and respond more effectively to incidents. The early warning systems that we had in place just weren’t enough. We also wanted a more accurate way to determine if we were meeting our Service Level Agreements. Put simply, we needed a comprehensive application management solution and HP Business Availability Center met our requirements.”

Partnering to Fast-Track Time to Benefit

To facilitate deployment, Superpartners engaged HP Business Partner, JDS Australia, experts in software testing and monitoring with HP solutions. JDS provided specialist services in application monitoring to help Superpartner realise value from its HP investment. Steve Smith, General Manager (Victoria) JDS says, “Superpartners was quick to recognise the benefits of application monitoring, particularly in terms of enhancing their end-user services. In a matter of weeks they were monitoring the availability and performance of their application, and gaining true end-to-end visibility into what was happening behind the scenes. By having access to vital and detailed information about their systems, they can now be appraised of issues ten minutes before their end-users experience an outage, and begin resolution.

“Overall, Superpartners is realising the benefits of proactive visibility and access to a consolidated end-user and infrastructural view of their application performance. They have achieved much improved SLA compliance and have considerably reduced risk. We are delighted with the outcome and believe that the collaborative approach we established with Superpartners is the key to success.”

 

Fast Resolution of Problems, Productivity Gains, and Reduced Risks

A comprehensive business application management solution, HP Business Availability Center has allowed Superpartners to monitor the health of its systems. Specifically, the organisation is keeping a close eye on the end-user experience, continuously isolating problems and assessing the status of key services and applications.

Gary explains, “HP Business Availability Center has enabled us to see the actual performance of our systems as experienced by our customers. It provides us with an early warning system and we can drill down to the transaction level to examine potential issues. We now have the ability to pinpoint exactly where a problem might be and potentially fix it before our end-users experience degradation in our systems.

“In addition, HP Business Availability Center has helped us better understand the complexities and interdependencies of our IT infrastructure including networks, systems and applications. In turn, this provides us with the information we need to diagnose, isolate and fix problems quickly to maintain business continuity. As a result, we have improved the quality of our services and are benefiting from increased productivity by having the ability to concentrate resources where needed and by achieving quicker resolution time. We have also enhanced SLA compliance and we can now report on both infrastructure and application availability. Finally, the synthetic monitoring that HP Business Availability provides reduces our application deployment risk and we have gained confidence that our applications will perform as intended.”

Business Benefits

  • Improvements to the performance and availability of Superpartners’ IT Infrastructure and Applications
  • Association with JDS Australia delivered fast time to value
  • Gained true end-to-end visibility of its systems to improve the end-user experience
  • Improved service quality, increased productivity and gained confidence in the availability and performance of its applications.
  • Operational efficiencies, alignment of business and IT, and delivery of better governance

Better Governance and Future Plans

Today, Superpartners’ Technology team is able to undertake forward planning, proactive management and maintenance of its systems, instead of functioning in a reactionary state. This is delivering added benefits as the organisation’s business operations and future direction can be fully supported by a high-performing technology infrastructure, capable of adapting to market changes.

Gary elaborates, “We are yet to capitalize on the full potential of HP Business Availability Center. We still have additional functionality and capabilities to leverage to further optimize our systems, but we’re now in a strong position to react and fix issues quickly. Not only are we also enabling a much more efficient environment, but we are delivering better governance, particularly around our SLAs.”

Looking to the future, we are aiming to ensure HP Business Availability Center is rolled out across all our application environments. This will enable us to gain true alignment between our monitoring capabilities and our user experience, to achieve end-to-end optimization of our services and applications.”

On the whole, HP Business Availability Center is enabling Superpartners to manage and optimise the quality, performance and effectiveness of its business services and applications.