Splunk reduces firewall management from minutes to 20 seconds, says WorldPay

Online payment service provider saves time managing a diverse firewall estate

Online payment service provider WorldPay has reduced the time it takes to perform analysis and management of firewalls from minutes to just 20 seconds, thanks to the tools provided by operational intelligence firm Splunk.

That's what Darren Dance, Unix technical lead for WorldPay told the audience at the Splunk Live conference in central London today.

WorldPay, which was sold by the Royal Bank of Scotland in 2010, found that it didn't have the tools required to do everything in the timescales it was trying to meet. That led to the firm experimenting with network management solutions from Splunk, in order to help the security team with the labour-intensive task of performing root cause analyses.

"We had lots of conflicting technologies going in at the same time with a high rate of change in our environment. It was taking time, it was error prone and if you had a networking issue you bounced to another team... then it was bounced back," explained Dance.

By adopting the Splunk solution WorldPay managed to improve operational visibility for the team, allowing for problems with firewalls to be identified, dealt with, then logged, and enabling future instances of the same issue to be worked out much more quickly.

"Over time we're building up a catalogue of searches to reduce the time we're spending on fixing issues," said Dance.

Consistent with industry best practice, WorldPay employs multiple brands of firewall, all of which output their logs in a slightly different way. This meant that tracing issues required an in-depth knowledge of the WorldPay infrastructure. Employing Splunk changed that, Dance told the audience.

"Splunk searches all firewalls from one place, collating all firewall logs into one view. It eliminates the need for inherent knowledge of the WorldPay network infrastructure required to do the task," he said.

"It eliminates the need to log in to individual firewalls, making the security guys happy, and it reduces the time required from minutes to 20 seconds," he added.

According to Dance, using Splunk has allowed his team to become more efficient, providing more time to work on other projects and get better value for the business.

"It provides benefits because you start to save your searches and distribute them amongst the team with dashboards," he said.

"It helps us to diagnose issues quicker, first time, solving small problems before they become major problems. My team and I have more time for projects; we're getting more time to do more interesting stuff, more motivation for engineers and better value for the business."

Splunk has been so useful to WorldPay that the company is investigating its use in areas such as security, capacity planning and application development.

"Splunk isn't cheap, but the value you get out of it is from the amount of time you save, getting more value from data," he said.