Taking Control with Real-Time Process Monitoring

By David Strom

(Back to article)

In these dark economic times, an emerging product category is one bright ray of hope, particularly if you are looking for ways to quickly improve customer service or beef up your compliance or security. The category is a relatively new field: real-time business process monitoring. Think of it as a "sniffer for business events" as Radware's CEO Roy Zisapel calls it.


The key is you don't have to go back to your programmers to rewrite your applications, and you can delivery some solid benefits with short implementation and without a lot of integration work. Real-time process monitoring (RTPM) is part Web analytics, part log management and security information management tools, and part compliance and data leak prevention. There are several solutions in this space including

Radware's Inflight, InsightETE based in Columbus, Ohio, Nice.com's Actimize Analytics.


Unlike typical applications performance monitoring tools from vendors such as Keynote and Mercury Interactive that measure latency or screen response time, these tools look at things such as customer logins or delve into particular database transactions or other business-specific information. "A lot of products come up from a network focus and give you information about the health of the network, rather than start with how the applications are actually structured," said RC Wheeless, the CEO of InsightETE.


These new tools have three distinguishing characteristics. First, they can be easily set up without much, if any, programming and customization. That's because the tools rely on network traffic for collecting data. A lot of other analytic tools require changes to the applications or special instructions to be added to webpages, for example.


"We use the fact that information on the network is structured, so we can understand and look for transactions," said Zisapel. InsightETE's tool can be setup in a few hours, with most of that time used to understand how particular applications work and what particular data flows the tool needs to look for across the network.


Say a bank wants to monitor their automated teller machine transactions and determine whether they need to add or subtract ATMs in particular locations to handle changes in their business. This is exactly what InsightETE did for JP Morgan Chase. The company instrumented JP's 11,000 worldwide ATM network by adding probes to the bank's two data centers to collect information on more than five million daily transactions.


"Our servers are also in their data centers, so no information leaves their premises for security reasons. This gives us the ability to answer questions such as how long it takes customers to withdraw their cash, any excessive PIN entry problems, and other business issues," said Wheeless. "We tune our application to notify someone when a particular threshold is crossed, so the trick is in figuring out that threshold."


Second, the tools operate in real-time (or as close to it as possible). Many analytic engines or log analysis tools require batch processing or can only be run on an hourly or daily basis, rather than reporting on up to the second results.


"We can see how much business is conducted by each ATM at each hour of the day in each location, and this is tremendously helpful for Chase," said Wheeless. Real-time is critical so IT can figure out potential application problems before they impact customers and fix broken business processes quickly. This overlaps somewhat with the growing arena of data leak prevention products, but again the real-time focus is key.

"A lot of data leaks aren't criminal acts, but long-forgotten processes that were created by someone who has left the company or who doesn't understand that something is broken," said Nick Selby, an analyst with the 451 Group. "In our surveys, we found 74% of the IT managers haven't done any work on understanding their internal communication pathways and don't really know how data moves around their networks."

Third, the tools have the flexibility to work with a wide variety of applications, programming interfaces, and existing tools. These products come with a variety of templates and connectors that can handle applications such as syslog servers, Web analytic engines, Java messaging services, and databases, among others.


"Since we are using standard interfaces, we can integrate with a lot of different applications," said Zisapel. "There are a great variety of event sources, they aren't just security and server logs but other things that will provide insight into the processes that aren't working inside the corporation," said Selby. "These tools can answer questions such as if your HR people are inadvertently sending internal emails with confidential information."


Radware provides this example, also from the banking world: "We can look for money laundering situations for a bank, and see when customers transferred more than a certain amount of money from one account to another," said Zisapel. "We can collect these transactions and send them to an anti-fraud system." But they are also used by gambling sites, to prevent users from doing massive screen scraping of their webpages to improve their odds and game the system.


The downside? With starting six-figure price tags, these tools aren't cheap.


"Business intelligence is expensive, and just about anything that you are going to do is going to require that kind of investment," said Selby.