Elavon is the fourth-largest payment processing company in the world. They process more than 3 billion transactions annually, worth more than $300 billion. Elavon has more than a million customers and is a leading payment solutions provider for airlines and a top five provider for hospitality, healthcare, and retail.

With a globally distributed network that handles highly valuable data, Elavon places a high priority on securing and monitoring their environment. To help achieve this, they rely on Cisco Stealthwatch for network visibility, continuous threat detection, and quicker response times.

Stealthwatch has helped Elavon achieve the following:

Network visibility

A top priority of Elavon’s was gaining an understanding of traffic patterns on the company network, including the ability to monitor traffic in real-time and to investigate past network activity. This allows the company to quickly identify anomalous and malicious behavior that could help identify and mitigate an attack before damage is done.

Stealthwatch utilizes Elavon’s existing Cisco network for data by collecting NetFlow, a context-rich and common source of network traffic metadata, from infrastructure devices such as routers, switches, and firewalls. For every transaction, Stealthwatch allows them to see:

  • Sender and receiver IP address
  • Sender and receiver port number
  • Time
  • Duration
  • Bytes transferred

In addition, Elavon uses Cisco Identity Services Engine (ISE), which has a long-standing integration with Stealthwatch. ISE attaches user and device identity information to each transaction, providing a greater depth of visibility.

Threat detection and response

Elavon uses Stealthwatch as an early warning system for threat activity. According to Phil Agcaoili, Chief Information Security Officer at Elavon, one of the top benefits of Stealthwatch is its ability to monitor the network and detect threat activity when security personnel can’t.

As Stealthwatch collects NetFlow, it builds a baseline of normal network behavior. When a host displays behavior that exceeds thresholds of expected behavior, Stealthwatch alerts security operators to the anomalous traffic. For instance, when a host in marketing normally accesses only a few megabytes of network resources a day but suddenly collects gigabytes of data from a sensitive engineering database, it could be a sign of data hoarding in preparation for exfiltration. Detecting this behavior early allows security personnel to respond and mitigate the threat before damage is done.

Stealthwatch also helps facilitate faster response to security incidents. Stealthwatch’s historical and real-time traffic data allows investigators to quickly grasp what is happening and trace it back to a source. Integration with Cisco ISE further speeds the process by attributing the traffic to a specific user and device.

Elavon’s network operations team also uses Stealthwatch to help diagnose network performance problems. For example, Stealthwatch can quickly identify spikes in network traffic, which could the result of a security issue or network performance problem. Elavon can then quickly investigate to determine the source and respond to the problem.

Stealthwatch helps secures Elavon’s global network

The cybersecurity organization at Elavon has aspired to be world-class, and ensuring the safety of their customers and their data is a top priority. To help achieve this goal, they rely on the network visibility, real-time situational awareness, and threat detection of Stealthwatch. Cisco has been a critical partner in bringing Elavon’s security vision to reality.

For more information on how Stealthwatch can help you protect your network, click here.


Jody Ma Kissling

Security Marketing Executive, Stealthwatch