How Financial Services Firms Monitor Their Digital Assets

Posted by on November 20, 2015

In my role at ThousandEyes here in New York, I spend a great deal of time with our financial institution customers, including the nation’s two largest banks, the second largest insurer and the second largest wealth manager. For these organizations, online and mobile technology have largely replaced the physical branch office experience. Most day-to-day financial transactions can be done online — from viewing account balances, paying bills, making trades or even applying for life insurance. As a result, Internet reliability has become critically important to the bottom line of a modern financial institution. Though as we experience it every day, the public Internet is not 100% reliable. It’s prone to a variety of issues, including DDoS attacks, BGP route leaks, DNS hijacks, routing instability, congestion and sometimes plain-vanilla human error.

To avert outages and service disruptions caused by these issues, financial services firms use ThousandEyes as an Internet intelligence platform to alert against and troubleshoot threats and other incidents as they occur. But exactly how do they do this? Let’s examine the most common ways ThousandEyes is used in the financial sector.

Data Center Ingress Monitoring

The largest financial services firms are truly global in nature and have customers, employees and data centers spread around the world. Using ThousandEyes Cloud Agents — which are installed in over 100 points of presence worldwide — our finance customers run synthetic tests targeting the IP addresses of the ingress points to the global data centers hosting their online products and services. This gives them end-to-end TCP-based performance data from many vantage points across the Internet. These synthetic tests simulate the financial firms’ end customer experience in accessing their web-based products, including online banking sites, brokerage data, insurance portals and trading applications. As Darrell Westbury, Director of Operational Analytics at Credit Suisse, explained recently, ThousandEyes gives him “the fundamental benefit of looking at the world from the outside-in.”

However, ThousandEyes isn’t just a website monitor providing simple up/down metrics and response times. Using the path visualization feature, operators can view and alert against issues on a hop-by-hop basis along the entire Internet transit path. This gives the global network team the ability to identify lossy interfaces, high latency links and network segments that are of chronic concern.

Figure-1
Figure 1: The path visualization feature gives users visibility on the entire Internet transit path.

Understanding ISP Performance

Any dip in application availability or sustained outage to a financial firm’s online presence can result in millions of dollars in revenue loss and potential reputational harm. More often than not, service disruptions originate from some sort of ISP issue, whether it is a routing problem, MTU misconfiguration or BGP leak. Unfortunately, most ISPs are loath to report these issues to their customers. Or, even worse, they may not even be aware of a critical issue occurring inside of their own network.

With Cloud Agents, our banking, wealth management and insurance customers can see inside their ISP networks and pinpoint issues that may impact the delivery of their products and services. They use this intelligence to take corrective action to mitigate any further disruption to their services. Typically, the customer uses information from ThousandEyes to route around the ISP in question by announcing to a different, secondary ISP that is connecting cleanly to their data centers.

Figure-2
Figure 2: Use the path visualization to identify and troubleshoot issues in your ISP network.

After the event, customers can also use the interactive sharing feature to directly share data from the outage or performance degradation event with the ISP at fault to determine if an SLA has been exceeded and whether reparations are required.

Figure-3
Figure 3: Share data directly with your ISP to determine whether an SLA has been exceeded.

DDoS Attack Analysis

Cyberattacks are a fact of life for large financial institutions. Large volumetric DDoS attacks can cripple even the most prepared financial services firms. To combat the threat, banks and other financial firms have invested in DDoS mitigation strategies, be it an on-site solution from vendors like Arbor Networks or via a third-party service like Prolexic or CloudFlare. In both cases, the external visibility provided by ThousandEyes helps banks and other financial institutions better understand and measure the impact of an ongoing DDoS event. Customers can also use this intelligence to evaluate the effectiveness of their mitigation strategy.

Utilizing the same Cloud Agents and tests as outlined above, our finance customers can get an external perspective into their online application’s performance during an attack. They can quickly locate packet loss, high latency links and overloaded scrubbing centers. This gives them deep insight into whether their mitigation techniques are working and what enhancements are required for future attacks.

Figure-4
Figure 4: Quickly locate packet loss, high latency links and overloaded scrubbing centers
to evaluate your DDoS mitigation techniques.

Visibility from Within the Data Center

Cloud Agents are highly effective for alerting against and troubleshooting problems across the Internet from an “outside-in” perspective. But sometimes the problems are much closer to home, even originating within our financial customers’ own infrastructure. Getting an “inside-out” perspective can uncover network issues on the data center side of the customer network.

For this perspective, our customers use Enterprise Agents, which take the form of downloadable software easily deployed on premises as a virtual appliance or Linux package. These agents are typically installed at the network egress points across all of the data centers where critical financial applications are being hosted.

By conducting outbound tests from each data center, network operators can determine if the source of any online application problem is due to local issues like suboptimal routing, DNS problems, proxy bottlenecks, capacity bottlenecks or MPLS misconfigurations. This allows them to quickly rule out any upstream issues beyond their egress and concentrate on remediating the problems inside their own network.

Figure-5
Figure 5: View MPLS performance across the corporate WAN.

Monitoring Your Digital Assets

Here at ThousandEyes, it is a privilege to count some of the world’s largest financial services organizations as customers. These banks, insurers and wealth managers solve a very important and complex challenge: ensuring resilient and reliable service across the Internet. No doubt our work will continue as more and more of the world’s financial services business moves online. Experience how we can help your organization by signing up for a free ThousandEyes Lite account.

Processing...