CUSTOMER STORY

UTI Asset Management Company Ltd remains at the industry forefront with F5 security solutions

BENEFITS

Heightened security and capacity of control

Ensured compliance and trust

Around the clock access to expert service and support

CHALLENGES

Exposure to DDoS attacks and cyber threats

Need for compliance

Maintaining uptime with influx of transactions

UTI Asset Management Company Ltd. migrated applications to the cloud to support its growth in the mutual fund industry. To navigate through digital transformation and the complex Financial Services landscape, UTI turned to F5 Silverline DDoS Protection, a Managed Security Service, and Advanced Web Application Firewall (WAF) to secure its premises and transactions while ensuring uninterrupted service availability.

The Challenge

Established in 1964, Unit Trust of India (UTI) was mandated to mobilize and invest retail savings in capital markets for small investors. UTI Asset Management Company Ltd. (UTI AMC) was incorporated in 2002, launching multiple portfolios to serve a variety of clients over the years. As of September 2019, UTI AMC is the seventh-largest asset management company in India and continues to grow its footprint in the mutual fund industry.

UTI AMC offers its investment solutions through a diverse range of distribution channels. With over 11 million live folios and a client base accounting for 12.8 percent of India’s mutual fund industry, the company needed to ensure its platform and applications could continue to be deployed quickly, reliably and securely with 24/7 availability. UTI AMC understood the importance of cloud adoption to enable its business strategy, becoming one of the first BFSI companies to migrate its applications to the cloud.

While moving to the cloud meant a quicker time-to-market, higher availability and greater scalability, it also meant broader and more distributed environments to manage and secure. Furthermore, customers are increasingly accessing accounts across multiple channels, devices and touchpoints, creating a higher volume of incoming traffic that dramatically increased during the pandemic and online sales doubling during this period. With attacks becoming increasingly sophisticated and cyber criminals using modern encryption to hide threats and evade detection, it was critical for UTI AMC to heighten their security vigilance to secure and safeguard all of its applications and the data within them – especially since financial services data is amongst the most sought-after type of data by cyber criminals.

At the same time, the company had to ensure it stayed compliant with governance, risk and compliance standards to maintain customers’ trust in capital markets and its system. Facing evolving security risks and the complexities of digital transformation, UTI AMC had to align its application capabilities to support modern business. The company needed a security solution that ensured seamless customer experience, minimal downtime and minimum operational hazards.

“We knew that the migration to the cloud would increase our exposure to security vulnerabilities, thus we needed a solution which not only protected sensitive data, but one that also provided firewall capabilities."

The Solution 

UTI AMC selected F5 Silverline DDoS Protection and F5 Advanced WAF for the advanced security controls and additional capabilities required to stay ahead of the application threat landscape.

While moving application workloads to the cloud, UTI AMC faced challenges protecting enterprise data and keeping up to date with protective measures. Utilizing F5 Silverline DDoS Protection, UTI AMC can stop DDoS attacks before they reach its enterprise network and affect the business, using real-time DDoS attack detection and mitigation in the cloud – without any interruption of service for its customers. With multi-layered protection, including Layer 7 attack protection and L3-L4 DDoS protection, the solution automatically blocks some of the largest of volumetric DDoS attacks from reaching the network, ensuring that legitimate users, both agents and customers alike, can access the applications without trouble.

In addition, F5 Silverline DDoS Protection has advanced, built-in security protection and remote auditing capabilities that are compliant with industry security standards, including the Payment Card Industry Data Security Standard (PCI DSS), HIPAA, Basel II, and SOX. This ensures that UTI AMC enjoys ‘always on’ compliance for all its financial services, helping to streamline their next audit process.

The F5 Silverline customer portal provides transparent attack mitigation visibility and reporting before, during, and after an attack. Through the portal, attacks can be explored and analyzed, allowing the IT team to see the pattern of attacks over time and better formulate security strategies that reflects their business needs. Uptime of UTI AMC’s applications is maximized at 99.999%, providing stability and better user experience for agents and customers.

UTI AMC also enjoys sophisticated protection through F5 Advanced WAF. UTI AMC users primarily access the platform via web browsers or mobile phones, where the solution monitors and profiles traffic, independently differentiates between friendly and malicious behavior, and effectively blocks any suspicious traffic. Through machine learning and behavioral analytics, it proactively defends the company’s applications against human and automated attacks, helping to identify and mitigate attacks before they cause damage.

With the objective to maintain the highest level of security throughout its digital transformation, UTI AMC quickly implemented the right solutions to safeguard its network environments that were critical for the bottom-line. 

“After careful consideration, we decided to engage F5 as it offers complete Layer 3 and Layer 7 protection in our hybrid infrastructure. The F5 team did an excellent job; we were impressed by the smooth and user-friendly implementation process, and it only took 48 hours to set up.”

The Benefits

Heightened security and capacity of control

F5 Silverline DDoS Protection and F5 Advanced WAF integrate smoothly into UTI AMC’s overall IT ecosystem, providing tight control over data flow while reducing complexity. F5 Silverline DDoS Protection ensures no volumetric attack can impact UTI AMC’s applications in the hybrid infrastructure. F5 Advanced WAF protects their applications from sophisticated exploits, including Layer 7 DDoS, significantly increasing UTI AMC’s level of security.

In addition, access to the F5 Silverline customer portal provides transparency for possible attacks, centralized threat reports, and secure communication with F5 experts when necessary. The IT team receives notifications about changes, reporting and analytics, allowing them to focus on business-critical issues with F5 as an extension of their security infrastructure.

Ensured compliance and trust

With advanced, built-in security protection and remote auditing compliant with industry security standards, including the Payment Card Industry Data Security Standard (PCI DSS), HIPAA, Basel II, and SOX, UTI AMC enjoys ‘always on’ compliance for all financial services offered. This approach enables UTI AMC to stay within governance, risk and compliance standards, streamline their audit process, and focus on reaching critical business goals. In addition, customers can use their platform with the peace of mind of knowing that their confidential data and transactions are secured.

Around the clock access to expert service and support

F5 Silverline security experts are available 24x7, offering a 99.999% uptime SLA and response to DDoS attacks in minutes. This provides uninterrupted availability of all user applications, ensures that customer activity goes on per usual, and enhances the user experience for customers and agents.