Correlation between changes made with improvements/degradations in application performance
Ability to spot suspicious behaviour then record the entire event to provide evidence for inspection
Scalability to quickly feed data into complex event processing platforms to manage risk and fraudulent activity
The Beginning
bet365 needs visibility to ensure delivery of mission critical applications and detect anomalous behaviour in their environment
bet365 is one of the world's leading online gambling groups with over ten million customers in 200 different countries. The Group employs over 2,000 people and is one the world's largest online gambling companies with its reported figures to March 2012 showing amounts wagered on sports at £12.2 billion, revenues of £646 million and an operating profit of £116.5 million. bet365 has more than 11 million customers worldwide, and at peak times its systems can have up to 2 million concurrent users, generating hundreds of thousands of transactions per second.
Behind the scenes, the firm has multiple sites running highly critical IT infrastructure using both "off the shelf" and highly bespoke custom applications processing billions of digital transactions each year.
Alongside developers and operations teams working 24/7 to ensure its mission critical apps are delivered as expected to its users, a parallel security team continually examines its systems to prevent and detect any "irregular" activities. The company has a well-trained and capable IT department that uses an array of management tools and has tended to be an early adopter in terms of IT innovation to help gain a competitive edge and to maintain a positive customer experience.
We work in a very competitive marketplace, and minimizing service disruption is essential for maintaining customer retention. The ExtraHop solution provides the visibility we need to prevent issues before our performance is affected.
Neil Selby
Head of Networks and Security,
bet365
The Transformation
ExtraHop's agentless platform provides bet365 with real-time, actionable insights
In 2012, the firm approached ExtraHop with a requirement to gain more visibility over its IT operations and to solve a few "niggling" challenges that it had never been able to fully resolve. One key stipulation was that the company wanted to avoid technology that put any additional clients, probes or performance burden on its carefully tuned servers. Its multiple requirements broadly spanned performance optimisation, development analyses and pervasive monitoring of the infrastructure that could provide early anomaly and security event detection in real time, as well as help guide the IT team on what exactly constituted anomalous behaviour in their evolving environment.
Unlike other monitoring tools that either rely on historical logs or agents to collect performance statistics, ExtraHop's Wire Data Analytics platform monitors all L2-L7 communications, including the full bi-directional payload. This network and application traffic, called "wire data" is the most complete source of information about the performance, availability, and security of an IT environment, whether it's on-premises, in the cloud, virtualized, or hybrid. The Wire Data Analytics platform goes beyond passive monitoring, delivering real-time reassembly of all packets into per-client transactions, flows, and sessions across a range of protocols including HTTP/S, MQ, SOAP, SQL, CIFS, LDAP and others commonly used by client server and web applications, all at up to 20Gbps. By mining and analysing wire data, ExtraHop's platform provides IT teams and the businesses that rely on them with actionable insights into the performance, availability, and security of the IT environment.
The Outcome
bet365 improves application delivery and network performance and strengthens its anti-fraud procedures
To start with performance optimisation; bet365 wanted to be able to quantify improvements or degradations in applications performance based on patches, upgrades, version or bespoke development changes. With ExtraHop, for the first time, they could accurately evaluate how changes impacted across multiple parts of the application delivery chain through linked apps, infrastructure and even sites.
Another area is the ability to spot "suspicious" behaviour then record the entire event to provide evidence for immediate inspection to the security team. With multiple data centres, virtualised servers and distributed architecture, it was only through ExtraHop's wire data analytics that bet365 were finally able to gain a more granular understanding of much more complex trends that were previously obscured by the huge volume of disparate transaction data.
A future aspirational project is the ability to feed data into a complex event processing platform that helps the gambling industry manage both risk and avoid fraudulent activity. Previously, funnelling data from multiple applications, locations, services and applications into this system was incredibly complex. Instead, bet365 is experimenting with using ExtraHop to examine, rebuild and generate real-time snapshots of the entire transaction landscape that can be quickly fed into the platform. The idea is that ExtraHop will replace a legacy solution that requires multiple physical servers that had continually struggled with the workload with limited scalability.