Case Studies Archive Search Case Studies

Financial Services Firm Ensures High Website Availability, Improves Compliance with F5 Solution

A financial services company needed to increase the availability and performance of a critical customer website containing regularly updated investment information. The company also wanted to ensure the site achieved the required level of security to meet industry compliance standards. By implementing F5 IP Local Traffic Manager (LTM) and BIG-IP Application Security Manager (ASM), the company gave its web customers reliable access to their financial investment data, and improved its ability to comply with regulations. IT staff members now have simplified network and device management, and the company has benefited from strong technical support, consulting, and training from F5

Business Challenges

A large investment banking company provides a range of financial products and investment banking services to banks, asset managers, and other institutional clients.

The company’s IT team is also responsible for operating a corporate website,  which customers use every day to track investments and read updated market news and economic information. “This is a very critical site for our company, and it’s becoming more and more important   every day,” says a network engineer for the company. Because of this, and because service level agreements require 99.999 percent uptime, high availability is essential. “Customers need to be able to access their information whenever they need to, so strong performance is key, and any site downtime is completely unacceptable,” the network engineer says.

Availability is also important for the firm’s Microsoft SharePoint Server and Exchange Server deployments, which serve thousands of employees and are maintained from its headquarters. “Employees use the SharePoint portal and Exchange email to update customer information all the time, so these are critical systems,” adds the network engineer.

Maintaining high availability and solid performance had been a challenge with the company’s previous IT infrastructure. “We had some legacy web servers and systems that did not have any network optimization capabilities at all,” says the network engineer. “We absolutely needed those features.”

Security is also highly important, as the company must protect the online financial information of each customer. Specifically, because the website is an e-commerce site, the organization must be in compliance with industry regulations such as Payment Card Industry Data Security Standard (PCI DSS) to protect customer credit card information.  If organizations fail to comply with this standard, they can be fined or lose their ability to process credit cards. The company must also be compliant with online banking standards issued by the Federal Financial Institutions Examination Council (FFIEC).

Both PCI DSS and FFIEC compliance require that financial institutions maintain secure networks that are protected against Internet attacks. “We had web application firewalls in place for our web servers, but we were still interested in updating that technology,” says the network engineer.

In late 2010, the company began to look for a new technology solution that would provide better network optimization and web security functionality.

“Because we can ensure high availability using BIG-IP LTM, our customers can more easily access thes ite, no matter what time of the day, to see the latest information on their investments.” Network Engineer

Solution

After comparing solutions from several different technology companies, the firm decided on F5 Networks. “F5 offered an integrated solution, which is exactly what we wanted,” says the network engineer.  “We didn’t want network optimization technology from one vendor and security technology from another. We also wanted to go with the market leader in those areas, and that’s F5.”

In early 2011, the organization implemented a pair of BIG-IP LTM devices at its headquarters, with several more installed at an external data center. The BIG-IP LTM devices intelligently direct traffic between web servers to control bandwidth and minimize network bottlenecks, improving system availability and overall performance.  BIG-IP LTM improves availability by eliminating single points of failure and providing health monitoring features to check device, application, and content availability. It also provides advanced system failover and connection mirroring features for added high availability.

BIG-IP LTM features a streamlined GUI that helps simplify device management and provides detailed traffic and device information for easy activity monitoring.

The company also decided to take advantage of BIG-IP ASM, a web application firewall (WAF) that secures websites and applications and protects critical data from vulnerabilities. BIG-IP ASM provides granular attack protection by recognizing attacks and blocking illegal HTTP requests.  It also offers protection against Open Web Application Security Project (OWASP) Top Ten application security risks, such as attacks using fraudulent financial transactions.  Additionally, BIG-IP ASM contains built-in security features to help companies comply with PCI DSS and other security standards.

“Now, our web servers rely on BIG-IP ASM to mitigate vulnerabilities and cyber-attacks, which gives our customers more confidence that their confidential information is protected,” Network Engineer

Benefits

Using its F5 solution, the organization can offer high availability to its online customers and can comply with important financial regulations. Also, the company’s IT employees can more easily manage the network, and the organization can take advantage of F5 Professional and Support Services.

Customers have around-the-clock access to investment information

Prior to implementing the BIG-IP system, the company struggled to guarantee high website availability due to a lack of effective network optimization capabilities. Now, with BIG-IP LTM, the company can increase availability with intelligent traffic direction and other features. “With BIG-IP LTM, our website availability is much higher,” says the network engineer. “We can provide server redundancy and can better meet service level agreements for availability by using the network management features in BIG-IP LTM.” The company is also using integrated compression features in BIG-IP LTM to improve overall network performance.

As a result, the organization can ensure that its customers have reliable, around-the-clock access to updated investment information.  “Because we can ensure high availability using BIG-IP LTM, our customers can more easily access the site, no matter what time of the day, to see the latest information on their investments,” the network engineer says. “We can better serve our customers now, where in the past we had more network load issues and server availability challenges. This is better technology for our critical customer information.”

Compliance with industry standards

With BIG-IP ASM, the company can provide strong security for its corporate website. “Now, our web servers rely on BIG-IP ASM to mitigate vulnerabilities and cyber-attacks, which gives our customers more confidence that their confidential information is protected,” says the network engineer. It also ensures that the company is in compliance with PCI DSS and FFIEC regulations. “BIG-IP ASM gives us the web application protection we need to comply with PCI and other industry standards.  Without the ability to do that, our business wouldn’t be able to operate,” the network engineer states.

BIG-IP ASM also gives the firm better visibility into website security, through features like OWASP Top Ten security risk reports. “Our IT team receives weekly Top Ten reports and other daily reports that provide much better visibility into what’s really going on with the site,” says the  network engineer. “For example, even if someone connected to the website by mistake and their access was blocked, BIG-IP ASM reports it. That kind of reporting makes it easier for us to present security data to management, and it also shows that we’re serious about being proactive in terms of providing our customers with the best service.”

Easy management

The IT team now has a technology solution that provides simplified website management, thanks to a user-friendly GUI and centralized device and application control point. “The BIG-IP LTM GUI is very polished and straightforward and very easy to work with,” says the network engineer.  “I can control the network from a central point, quickly and easily view network statistics, and take advantage of excellent user documentation as well. It all makes my job much easier. And if someone new needs to learn the technology, it will be very easy for that person to get up to speed quickly.”

Strong implementation services

The organization also received strong support from F5 before, during, and after the implementation of the solution. “F5 helped us a lot by sending Professionals Services consultant’s onsite prior to and during deployment, as well as offering detailed training after deployment,” says the network engineer. “Having F5 consultants help out was really great for us, specifically for BIG-IP ASM. We could have tried doing it ourselves, but it wouldn’t have been the best solution for us without their assistance.”

The network engineer also participated in a local F5 user group session for BIG-IP ASM, which provided more in-depth information about the product’s features, as well as information about other F5 products.  “Overall, the Services team has been great,” says the network engineer. “We work with a lot of vendors, and F5 is one of the best in terms of their level of support.”