Customer Story

Security Visibility with Sportingbet

An integrated, real-time view across all tiers and proactive early warning of potential problems

Detailed information on the activities of affiliate networks and partner transactions

An ability to quickly spot and counteract network security threats

The Beginning

The IT and security teams need visibility into application and performance issues as well as security threats

From its headquarters in the UK, Sportingbet runs a dedicated IT department that manages operations spanning 50 different website brands processing millions of transactions worldwide each week. For an operation generating billions of pounds a year in revenues, the reliability of its IT systems plus the security of transactions is critical and Sportingbet runs extensive systems and processes to ensure it meets internal requirements and external regulatory compliance from agencies including the UK Gambling Commission.

Within its infrastructure, Sportingbet has a highly diverse environment including Unix, Linux, Windows and network elements from multiple vendors including Cisco and Juniper. Adding to the complexity, the company has an ethos to avoid reliance on a single vendor and mixes both off the shelf applications with software developed in house.

They also have to grapple with significant security concerns. According to Lee Riches, operational analyst for Sportingbet, "As a leading sports betting brand we are obviously a target and we run a dedicated team, all in house, to respond to any threats."

With huge volumes of transactions running across its complex and dynamic infrastructure, Sportingbet needed a solution to help it gain more insight into operational activities, deliver persistent security visibility into potential threats, and provide visibility into the quality of service delivered from each of its websites – all without adding additional complexity or latency.

Quote Icon

ExtraHop has delivered a significant return on investment for us almost from day one.

Lee Riches
Operational Analyst, Sportingbet

The Transformation

With ExtraHop, Sportingbet can uncover valuable insights into complex environments

Prior to ExtraHop, Sportingbet had used a collection of logging and monitoring tools to deliver IT and security visibility. However, the sheer volume of traffic and growing number of systems meant this method required a lot of manual correlation to uncover issues and troubleshoot incidents – a process which was proving both cumbersome and unable to resolve the most complex issues.

ExtraHop technology overcomes these issues through the analysis of wire data and performs full-stream reassembly and full-content analysis of this data running across the network to extract IT and business insights. ExtraHop examines wire data passively using a copy of network traffic mirrored off a physical or virtual switch.

In order to gain real-time visibility across tiers, better understand their infrastructure, and ensure security and end-user performance, Sportingbet deployed an ExtraHop EH8100 appliance with 20 Gbps throughput able to analyse 825,000 transactions per second.

"With ExtraHop we don't need to place any additional monitoring applications on any of our servers, which is a major consideration. It also enables us to diagnose the root cause of application issues by dissembling the complex relationship and data flows between different parts of an overall process and giving us the granular visibility we need to understand those relationships and flows," says Riches. ExtraHop has also proved its value in a security context. In common with much of the online sports betting community, Sportingbet needs to be vigilant to prevent network security threats and other activities that can impact its business. Common threats such as brute force attempts to break into accounts as well as "scrapers" that attempt to gather data from multiple websites can be detected and subverted with real-time insight ExtraHop provides across the network.

The Outcome

ExtraHop gives correlated, cross-tier visibility across all applications and systems

With ExtraHop successfully deployed and in regular usage, the Sportingbet IT department are unearthing valuable insights and solving issues that were previously challenging to resolve.

"ExtraHop is probably the tool we use most often for gaining insight into our infrastructure," says Riches.

"We generate huge amounts of data, but prior to ExtraHop, we had no scalable way to mine that data, let alone extract insight and value from it. With ExtraHop, we can now harness all data moving across our infrastructure, correlate it with other data sets, and gain a really good understanding of the who, what, when, where, and how of our environment," Riches adds.

Understanding Performance Impacts Across Tiers

One of the key benefits that Sportingbet has realised through the ExtraHop deployment is the ability to pin down the underlying cause of poor application performance. In one notable incident, the team uncovered a DNS call that was dramatically slowing down a critical web application. By spotting the issue early and getting to the root cause, Riches and his team were able to limit the impact on user experience, ultimately saving the company a hit to both reputation and revenue.

Broadening the Power of Wire Data

Sportingbet is also looking at ways to extend the value they are seeing from ExtraHop even further. The company is currently working on leveraging the ExtraHop Open Data Stream, which enables IT to stream wire data from ExtraHop into highly-scalable and non-proprietary environments. With Open Data Stream, Sportingbet will be able to correlate data from ExtraHop with other data sets for even richer contextualised insight.

"ExtraHop has delivered a significant return on investment for us almost from day one," says Riches, "We are starting to really understand the potential it offers across a wide range of processes and our next step is to implement it within Logscape to allow us to do more complex long-term IT planning projects," Riches concludes.