Company Reduces Costs $680K While Improving Security

Leading Financial Institution Saves $680,000 With New Inline Security Solution

This company is a leading financial institution based in India providing retail and corporate banking services. Security of customer data is critical to them but so is controlling costs. They were looking for a visibility solution that would accomplish both.

As part of this technology initiative, the company wanted to reduce costs as the network was becoming increasingly complex and maintenance costs were rising. The bank was expanding its IT footprint by adding upgraded network and security tools to the existing architecture.

For the security intrusion prevention system (IPS) requirements, the original specification required eight units at a cost of approximately $200K each. The use of two network packet brokers (NPBs) and two bypass switches reduced the need to five IPS units which created a $600K savings - $400K instead of  $1 million. Other inline tool needs (like the Bluecoat decryption appliances and web application firewalls) were also reduced for a savings of another $200K. The cost of the Keysight security solution ended up being $120K. This resulted in a total savings to the customer of $680K.

According to the Manager of Network Operations, “Keysight’s inline security solution enabled us to do things we had never done before like service chaining of security tools and high availability. At the same time, we reduced our overall deployment costs by almost half.”

Keysight provided a robust solution to the customer requirement. The iBypass and NPB products did exactly what they needed to allow the company to connect multiple security tools inline and still reduce costs.

Banks Gains More Value from Security Tools

As part of this technology initiative, the company wanted to improve their inline security deployment, particularly by sharing information from their Bluecoat TLS appliance with other tools such as their FireEye security appliance. The best method to accomplish this is to daisy chain tools together and only pass the relevant information to the next tool. While the concept was simple, the implementation was extremely hard — until they discovered Keysight’s inline security solution.

A bypass switch was first inserted into the network to provide superfast fail-over capabilities so that security tools could be added or removed at will, with no disruption to the network. Next, a Vision One network packet broker was inserted to aggregate traffic from the bypass switch and before any security tools. Once the NPB was inserted, it could selectively direct specific data towards specific security tools. This enabled it to take specifically flagged data from security tools and pass that data on to another specific tool. This allowed for in-depth inspection of suspect data.

The NPB also provided data aggregation and load balancing functions to make the company’s security tools much more efficient.

Beyond efficiency and security, the company also wanted to deploy its security tools using a high availability solution. This was easily accomplished by deploying two iBypass switches and two activeactive redundant NPBs. The tools were deployed in an n+1 manner which allowed for survivability. In the case of the IPS, five units were deployed in a load sharing situation. Should any one of the five units fail, the remaining four could handle the entire network load.