Satellite TV Provider Achieves Fast, Secure Online Payment Processing with F5 Solution A major satellite TV broadcaster wanted to provide customers with a superior website experience and an online credit card payment process that was compliant with the Payment Card Industry Data Security Standard (PCI DSS). By replacing its existing Application Delivery Controllers (ADCs) with an F5 solution, the provider was able to protect customer transactions from insidious application-level security attacks typically missed by traditional firewalls and intrusion prevention solutions. The provider also enhanced customer satisfaction with a speedy, stable customer-facing website, all while complying with stringent PCI DSS regulations. Business Challenges The pay television broadcasting market is very competitive, with little to no recent growth in potential customers. To acquire new customers and prevent existing ones from switching to competing providers, this major U.S.-based satellite TV broadcaster wanted to provide the best possible customer experience. The broadcaster currently serves more than 14 million customers nationwide with a staff of 24,500. Its plan was to expand through acquisitions to offer additional services, such as wireless data services and streaming Internet video broadcasting to PCs and mobile devices. As part of its efforts to provide superior customer service, the satellite TV broadcaster sought to offer customers fast online access to their account information and secure online credit card processing for bill payment and purchase of services and content. Stringent Payment Card Industry Data Security Standard (PCI DSS) regulations require any organization offering web- based credit card transaction processing to either install a web application firewall or perform costly annual code reviews to discover and address application vulnerabilities. Web application firewalls can detect and block cross-site scripting, denial-of-service, SQL injection, and other application-level attacks that typically get past traditional firewalls. “We needed a solution that would deliver content securely and protect credit card information, not only over the Internet, but over the wire and at rest in our data center,” says the senior manager of infrastructure for the satellite TV provider. To provide these capabilities quickly without compromising website performance and customer service, the provider wanted a solution that was not only powerful, up to date with the latest attacks, and effective, but quick and easy to install—and architected to have virtually no impact on website performance. “We really wanted a solution that anyone could run,” the senior manager says. Ideally, the provider sought to improve website performance using its existing Application Delivery Controllers (ADCs). But without a viable web application firewall solution, the provider would have been subject to stiff regulatory penalties and fines or forced to perform costly annual vulnerability analyses. “It was faster to replace all our current Application Delivery Controllers with the F5 devices and configure BIG-IP ASM on top than to add other web application firewall solutions.” Senior Manager of Infrastructure, Satellite TV Provider Solution The provider worked with F5 technology partner South Seas Data to architect a solution that included 34 F5 ADCs running BIG-IP Local Traffic Manager (LTM). These devices sit at the front end of the provider’s web server infrastructure at three U.S.-based data centers. Where necessary to protect account and credit card interactions from application-level attacks, the provider added BIG-IP Application Security Manager (ASM) as a module on the BIG-IP LTM devices. To meet its security and performance goals, the provider evaluated several alternative hardware and software solutions. The incredible ease of use of the F5 solution immediately won over the provider’s IT department. “It took less than a day to get the F5 devices out of the box, installed, configured with rule sets, and passing traffic, compared to multiple weeks and consultants with other vendors,” says the provider’s senior manager of infrastructure. “It was faster to replace all our current Application Delivery Controllers with the F5 devices and configure BIG-IP ASM on top than to add other web application firewall solutions to our existing network.” The IT team also loved F5’s powerful iRules scripting language in BIG-IP LTM and the ability it provides to look deeply into HTTP traffic headers to determine exactly what application and content is being called. IRules can be created using that data to intelligently direct traffic, not just to a specific server but to a specific application and data. “The deep header inspection and iRules functionality F5 offered just didn’t exist with other solutions,” the senior manager says. That meant that instead of having to devote a separate pair of Apache web servers at the front end of each of its applications, as it was doing previously, the provider could consolidate all of its web content and application access into a single pair of Apache web servers. IT administrators can either create their own customized iRules or find many sample iRule scripts on F5 DevCentral—a community of more than 100,000 users and developers. Hoping to increase its subscriber base, the provider considered scalability an important factor in its purchasing decision. Finally, F5’s smooth integration with a corporate identity governance solution from SecureAuth would allow the provider to authenticate its growing staff of call center operators to ensure there was no unauthorized access to its customer information. “The reliability of the F5 solution keeps web customers happy.” Senior Manager of Infrastructure, Satellite TV Provider Benefits Since deploying the solution, the provider has been very pleased with the results of its BIG-IP ASM installation. The solution delivered many important business benefits, including regulatory compliance, secure online credit card transaction processing, and enhanced customer service. Fast, stable website performance The F5 BIG-IP solution has had a dramatic impact on the reliability and performance of the provider’s customer-facing services. “Website stability has been a big business benefit,” says the provider’s senior manager of infrastructure. “BIG-IP devices do a much better job than our previous solution of checking the health of a web server before sending traffic to it, so website performance is much more stable. The reliability of the F5 solution keeps web customers happy rather than frustrated and switching to other pay TV sites.” Safe credit card transactions and PCI DSS compliance BIG-IP ASM has delivered powerful, effective protection from application-level attacks, allowing the provider’s customers to pay bills and browse and purchase products and services online quickly, easily, and securely. The result is enhanced customer satisfaction. BIG-IP ASM has also brought the provider into PCI DSS compliance, which means there is no longer any risk of regulatory fines, penalties, or the loss of online credit card services in the future. Secure call center access to customer information With an average of 3,500 call center agents on the phone with customers at any given moment, each minute of lost call center access would cost the provider about $1,900. Thanks to the tight integration of BIG-IP ASM with SecureAuth’s Identity Enforcement Platform, the provider is able to give call center employees stable, secure access to customer information. This enables the provider to deliver superior customer service without compromising customer privacy and confidentiality. Server hardware cost savings Based on the ability to intelligently direct traffic using iRules, the provider was able to reduce its deployment of Apache servers from sixteen (eight pairs, each fronting one web application) to two servers (a single pair fronting the provider’s web applications), all while reducing downtime and improving website performance. Future plans call for this satellite TV provider to upgrade to the next version of BIG-IP system software, take advantage of its IPv6 capabilities to ensure the company’s customer service Internet infrastructure is up to date, and incorporate F5 BIG-IP Global Traffic Manager (GTM) to extend load balancing across global data centers.