Category: Secure

ATLASSIAN

Scale with confidence and simplify complexity

Teams are at the heart of every business.

But as businesses grow aggressively, some turn to uncompromising control to keep chaos in check.

Slowing down teams and innovation.

It’s time to stop thinking of businesses as a collection of silos, and start embracing them for what they really are— the ultimate team of teams.

Move your business forward with Atlassian

Atlassian offers the software, services, and practices that power indestructible collaboration for every team, at every level.

So you can scale with confidence, simplify unnecessary complexity, and increase pace of innovation.

Move forward faster and smarter with Atlassian’s products and practices built for teams, optimised for the enterprise.

Unleash the potential of your team of teams.

An Enterprise DevOps Solution

High-performing teams deploy more often with fewer failures and faster recovery.

Atlassian provides the tools and best practices for building a culture of collaboration for your DevOps transformation.

Fostering a culture of collaboration between development and IT operations teams within your organisation begins with Atlassian software.

Atlassian tools speed up releases by automating tasks and defining processes, and accelerates time to resolution with faster feedback loops, helping you to prioritise unplanned tasks.

Why Atlassian?

Get full visibility into the status of development work. All change, test and deployment information for an upcoming release is in one place with Jira Software. Jira Software unlocks the power of agile and Kanban by giving your team the tools to easily create & estimate stories, build a sprint backlog, identify team commitments & velocity, visualise team activity, and report on your team's progress.

Confluence is a collaboration tool used to help teams collaborate and share knowledge efficiently. It acts as your document collaboration and repository as it keeps full tracking of what changed in each document, when, and by whom to keep an 'audit' trail.  Team members can create, share, and collaborate on content.

From best-in-class integration with Jira to a better code review, Bitbucket Data Center gives your team everything you need to build high quality software at scale. Support your growing team and maintain performance with built-in active-active clustering and disaster recovery.  Create a pull request workflow that works for your team with default reviewers, customisable merge checks, and five different merge strategies.

Focus on coding and count on Bamboo as your CI and build server. Create multi-stage build plans, set up triggers to start builds upon commits, and assign agents to your critical builds and deployments. Run automated tests in Bamboo to regress your products thoroughly with each change. Parallel automated tests unleash the power of Agile Development and make catching bugs easier and faster. Bamboo offers first-class support for the "delivery" aspect of continuous delivery.

It’s no longer ITSM versus Agile, or ITSM versus DevOps. ITIL 4 encourages an integrated approach that combines best practices across all ways of working, such as Agile, DevOps, and Lean. These methodologies keep rules simple, allowing teams to adapt based on the situation, focus on good outcomes for the customer, and learn from failure.

Atlassian has been incorporating Agile methodology and DevOps practices into their IT processes for years, and it is exciting to see this way of working become the industry standard. From quickly delivering new functionality, to recovering from outages, to planning and managing available resources, organisations are facing an unprecedented rate of change. Now is the time for high-velocity IT teams to embrace the shift from rigid rules to flexible guidelines to move the business forward.

Why choose JDS?

For over 15 years, JDS Australia has been a respected IT solutions provider helping large enterprise customers ensure their IT systems are working. JDS Australia is a team of 80+ full time employees, headquartered in Melbourne and with offices in Sydney, Brisbane and Adelaide. JDS origins are in IT testing, monitoring and IT management solutions, with deep expertise and partnerships with a number of chosen industry-leading vendors.

JDS provides expert advice and consulting for a range of Atlassian products, including Jira Core, Jira Software, Confluence, Bamboo and BitBucket, with services including provision and management of licenses, planning and implementation of new installations, review and optimisation of existing installations, migration and performance tuning of organisational and software processes.

Speak to us today about integrating Atlassian software into your business, and how to use it to its full potential.

Case Study: Netwealth bolster their security with Splunk

The prompt and decision

"As a financial services organisation, information security and system availability are core to the success of our business. With the business growing, we needed a solution that was scalable and which allowed our team to focus on high-value management tasks rather than on data collection and review."

Information security is vital to modern organisations, and particularly for those that deal in sensitive data, such as Netwealth. It is essential to actively assess software applications for security weaknesses to prevent exploitation and access by third parties, who could otherwise extract confidential and proprietary information. Security monitoring looks for abnormal behaviours and trends that could indicate a security breach.

"The continued growth of the business and the increased sophistication of threats prompted us to look for a better way to bring together our security and IT operations information and events," explains Chris Foong, Technology Infrastructure Manager at Netwealth. "Advancements in the technology available in this space over the last few years meant that a number of attractive options were available."

The first stage in Netwealth’s project was to select the right tool for the job, with several options short-listed. Each of these options was pilot tested, to establish which was the best fit to the requirements—and Splunk, with its high versatility and ease of use, was the selected solution.

The power in the solution comes from Splunk’s ability to combine multiple real-time data flows with machine learning and analysis which prioritises threats and actions, and the use of dynamic visual correlations and on-demand custom queries to more easily triage threats. Together, this empowers IT to make informed decisions.

Objective

Netwealth’s business objective was to implement a security information and event management (‘SIEM’) compliant tool to enhance management of security vulnerabilities and reporting. Their existing tool no longer met the expanding needs of the business, and so they looked to Splunk and JDS to provide a solution.

Approach

Netwealth conducted a proof of concept with various tools, and Splunk was selected. JDS Australia, as Splunk Implementation Partner, provided licensing and expertise.

IT improvements

Implementing Splunk monitoring gave Netwealth enhanced visibility over their security environment, and the movement of sensitive data through the business. This enabled them to triage security events and vulnerabilities in real time.

About Netwealth

Founded in 1999, Netwealth was established to provide astute investors and wealth professionals with a better way to invest, protect and manage their current and future wealth. As a business, Netwealth seeks to enable, educate and inspire Australians to see wealth differently and to discover a brighter future.

Netwealth offers a range of innovative portfolio administration, superannuation, retirement, investment, and managed account solutions to investors and non-institutional intermediaries including financial advisers, private clients, and high net worth firms.

Industry

Financial Services

Primary applications

  • Office365
  • Fortigate
  • IIS
  • Juniper SRX
  • Microsoft DNS
  • Microsoft AD and ADFS (Active Directory Federation Services)
  • JBoss (Java EE Application Server)
  • Fortinet

Primary software

  • Splunk Enterprise
  • Splunk Enterprise Security (application add-on)

The process

Now that Splunk had been identified as the best tool for the job, it was time to find an Implementation Partner—and that’s where JDS came in. JDS, as the most-certified Australian Splunk partner, was the natural choice. "JDS provided Splunk licensing, expertise on integrating data sources, and knowledge transfer to our internal team," says Foong.  

An agile, project managed approach was taken.  

  1. Understand the business requirements and potential threats associated with Netwealth’s environment.
  2. Identify the various services that required security monitoring.
  3. Identify the data feed for those services.
  4. Deploy and configure core Splunk.
  5. Deploy the Enterprise Security application onto Splunk.
  6. Configure the Enterprise Security application to enable features. These features gave visibility into areas of particular concern.
JDS provided Splunk licensing, expertise on integrating data sources, and knowledge transfer to our internal team.
Chris FoongTechnology Infrastructure Manager
The JDS team worked well with our team, were knowledgeable about the product, and happy to share that knowledge with our team.
JDS are professional. They delivered what they said they would, and didn’t under- or over-sell themselves. They’ve provided ongoing support and advice beyond the end of the project. We would work with them again.

The JDS difference

For this project, JDS "assisted Netwealth in deploying and configuring Splunk, and gaining confidence in Splunk Enterprise Security," explains the JDS Consultant on the case. "We were engaged as a trusted partner with Splunk, and within hours of deployment, we had helped Netwealth to gain greater visibility of the environment."

JDS were able to leverage their Splunk expertise to give added value to the client, advising them on how to gain maximum value in terms of both project staging, and in the onboarding of new applications. "We advocated a services approach—start by designing the dashboard you want, and work backwards towards the data required to build that dashboard."

"The JDS team worked well with our team, were knowledgeable about the product, and happy to share that knowledge with our team," says Netwealth’s Chris Foong. "They delivered what they said they would, and didn’t under- or over-sell themselves. We would work with them again."

End results

Chris Foong says that Netwealth was looking for "improved visibility over security and IT operations information and events, to aid in faster response and recovery"—and the project was a success on all counts.

"The project was delivered on time and to budget, and Splunk is now capturing data from all the required sources," adds Foong. "We also identified a number of additional use cases, over and above the base Enterprise Security case, such as rapidly troubleshooting performance degradation."

Now that Netwealth has implemented Splunk, the software has further applicability across the business. The next step is continuing to leverage Splunk, and JDS will be there to help.

Business Benefits

  • Gave Netwealth better visibility into the organisation’s security posture
  • Presents the opportunity for leveraging of Splunk in other areas of the business; for example, marketing
  • Allows Netwealth to have greater visibility into application and business statistics, with the potential to overlay machine learning and advanced statistical analysis of this business information
The project was certainly a success, and Splunk is working well in our environment.

Security testing—the JDS approach

What is security testing?

Security testing, also known as penetration or vulnerability testing, actively assesses software applications for security weaknesses.  Such weaknesses may exist within the application’s code, configuration, or design, and allow the application to be exploited in a manner that will allow third parties to extract confidential and proprietary information.  

Application security testing is vital to good security practice, as it allows businesses to take control of their risks by identifying and reducing security concerns.  It provides the confidence that your organisational data is safe, and that your clients are protected in turn.

How does it work?

JDS provides an application security testing service that assesses your application’s controls, provides recommendations to remediate identified issues, and removes factors that could aid an attack upon your business.   We provide security testing for applications and environments specialising in web, mobile, and cloud applications.

JDS provides our security testing clients with reports containing both technical definitions of the security issues located and, importantly, the high-level business context for the vulnerability.  This includes scenario modelling in easily digestible language, enabling your business to make appropriate and timely business decisions and reduce your organisational risk profile.

A rigorous approach

JDS adopts the Open Web Application Security Project (OWASP) methodology for application security testing. This ensures all web, mobile, and cloud applications undergo a comprehensive assessment. All the findings and recommendations are made simple for organisations to digest and make informed decisions through the use of abuse cases, risk ratings, live exploit demonstrations, issue representation, and developer education.

Security Testing

Protect your digital enterprise

Attacks on web-based software applications are associated with significant business risks, resulting in potentially irreparable organisational damage.  There is the fear of financial costs, lost reputation, and the devastation of customer trust and confidence.  These modern risks expose businesses to lost market, and potentially, operational failure: it is estimated that 60% of small businesses close within six months of a security breach. Security attacks may originate from competitors, governments, organised crime groups—or simply from opportunistic individuals.

Recognise and respond to the signs

The majority of breaches aren’t discovered within the first day, and in fact, many are not discovered until weeks or months after they occur. Historically, Australian data breaches have gone under-reported. However, this is set to change with new mandatory reporting laws that came into force from February 2018. This puts an immediate onus upon businesses to ensure a proactive approach to their security management, to head off risks now, and reduce later operational burdens. Security testing your front-line applications is the essential first step in this process.

Why test your security?

Reveal vulnerabilities
Identify high-risk vulnerabilities that may be threatening your environment

Protect your reputation
Guard yourself against the brand damage that follows organisational data breaches

Ensure continuity
Avoid unexpected downtime or access issues

Compliance
Comply with organisational and legislative data security and reporting requirements

Plug the gaps
Highlight the existing weaknesses in your environment

Security testing capabilities from JDS

Security assessment
JDS can perform reconnaissance and analysis to produce a guiding report covering your application’s underlying technology, behaviour, and security features.
Application penetration testing
Penetration testing at JDS reflects the needs of the organisation. Simulations could represent attack by an insider, such as an employee, network or system administrator; or from an external source.
Security monitoring
Quickly detect and respond to internal and external attacks. Simplify threat management while minimising risk and safeguarding your business. JDS can streamline all aspects of security operations for organisations of all sizes and level of expertise.

Dynamic security analysis
Testing the dynamic behaviour of running web applications and services to identify and prioritise security vulnerabilities, we integrate dynamic and runtime analysis to find more vulnerabilities—and fix them faster.
Static code analysis
JDS scan source code, identifying the root causes of software security vulnerabilities while correlating and prioritising results, giving you line-of-code guidance on how to close gaps in your security.

Authentication and authorisation testing
Authenticated and unauthenticated testing of authentication and session management, access control, input validation, and output encoding, is rigorously performed against your organisation’s environment.

Why choose JDS?

JDS consultants are highly skilled at recognising and responding to security risks, helping keep your business safe from breaches and hacks. We have performed security analysis and testing for some of Australia's top businesses across various industries, including retail, energy, and higher education.

Combined with our extensive in-house experience testing for the largest corporate banks, financial services, and insurance corporations, JDS is the partner of choice for trusted security solutions and services.

Our latest stories