Thought Machine protects the systems of banking clients with Elastic, shielding the business and its clients from external threats.
Thought Machine achieved compliance with ISO 27001 and SOC 2 Type 1 in less than a year with Elastic, helping to build trust and acquire new clients.
Thought Machine is a young UK-headquartered fintech company, with offices in London, Singapore, New York and Australia. Its cloud native core banking system, Vault, has been integrated into some of the best-known names in banking — including Lloyds Bank, SEB, Standard Chartered and more recent market entrants including Curve and Atom bank. Vault enables banks to take advantage of cloud computing capabilities and provide a highly-configurable platform to better serve customers. This platform is the foundation layer that enables banks to build any type of bank on-top, whether a replication of the existing bank or something entirely new.
Matt Wilkins, CIO at Thought Machine, believes the COVID-19 pandemic, huge e-commerce events such as Singles Day in Asia, and even the move to working from home, are driving businesses to the cloud so that they can compete and better serve customers.
"Forward-thinking industries are largely running entirely on the cloud. Entertainment, education, government services, and more. The cloud provides benefits of cost efficiency, scalability, and agility. Banks are no exception to this ongoing cloud migration." Wilkins says.
Vault provides a single software solution that banks can configure to provide any product, user experience, operating model, or data analysis capability. Vault is deployed as an identical platform to clients, with customization capabilities.
The Vault platform is entirely cloud-native and can be delivered as software-as-a-service (SaaS) or hosted on a bank's choice of cloud provider. All data in Vault is encrypted in transit and at rest. Customer data is shielded by a sophisticated permissions system that blocks unauthorized access.
Although Thought Machine offers high levels of security, they wanted to further strengthen data protection and achieve better observability of inconsistent system behavior and potential threats.
"Banks are open to the advantages of migration to the cloud, but one of the first questions they ask is how they can achieve the same levels of protection as their existing systems," said Wilkins. This is the reason why Thought Machine put Elastic at the heart of their security infrastructure: to protect their own enterprise; secure the service it offers to customers; and to use Elastic to monitor and fix issues.
Two additional stand-out factors attracted Thought Machine to Elastic. First, Elastic is cloud native. "We could deploy Elastic into our own environments in the same way as all the other cloud native systems that we build," says Wilkins. Second, Elastic can also easily be run as a Kubernetes deployment. "We're heavily invested in Kubernetes, so it was important to be able to deploy Elastic exactly as we do with all our other engineering software." Elastic now underpins Thought Machine's own security incident response system, pulling in data from all over the business using Beats data shippers. "We have Beats in the cloud, on our laptops and workstations, and on our servers," says Feroz Salam, Tech Lead Manager at Thought Machine. "Data gets pulled into our centralized monitoring system that automatically notifies us of security anomalies and other issues so that we can tackle them immediately."
Thought Machine also uses Elastic to offer security incident response to clients who deploy the SaaS version of Vault. "Each client has their own SaaS Kubernetes cluster, and we collect and analyse security and audit logging for all the operations that happen in each cluster," says Salam. Beats again plays a central role gathering the data, which is then pushed into a Logstash data processing pipeline that feeds into Elastic.
Elastic enables Thought Machine to manage massive volumes of data. This includes ingesting 500GB a day across all of Thought Machine's production clusters, 275GB per day across Vault SaaS security monitoring clusters, and 60GB of endpoint data in Filebeats per day.
In both the corporate deployment and SaaS scenarios, Elastic greatly streamlines the security incident detection process, enabling the bank to prioritize and resolve issues while saving time and making optimum use of resources. "The responding engineer doesn't need to look outside Elasticsearch to investigate a security event affecting a company asset," says Salam. "Using our centralized cloud infrastructure audit logs, internal authentication logs, cloud inventory logs, and endpoint logs, the engineer can work backwards from within Elasticsearch to get a complete view of the lifetime of a cloud resource and follow up as necessary."
Salam gives the example of the "Sudo" vulnerability in the Linux operating system that was exploited by hackers to gain root access privileges in unprotected systems. "You need to act fast to shield your systems from vulnerabilities such as these," says Salam. "Using the continuous data provided to us by Auditbeat agents on endpoints, we were able to identify the machines in our fleet that were vulnerable to the attack right away without waiting on vulnerability scanners to update their signatures and complete their scheduled scans," he says.
With Elastic, Thought Machine was also able to search for and visualize the deployment of the updated packages across the fleet in a matter of minutes. "In cases such as this, where critical vulnerabilities or zero-days are announced, Elasticsearch will be a key tool in understanding their impact," says Salam.
The decision to select Elastic was also driven by Thought Machine's goal of achieving compliance with the latest security standards. These include ISO 27001, a series of standard best practices for information security management, and SOC 2 Type 1, a report that confirms whether a vendor, such as Thought Machine, can meet critical trust and security principles. "The security features included in the Elastic Stack gave us a lot of what we needed to achieve ISO 27001 compliance." This includes fine-grained access control that enables Thought Machine to define indices or subsets of indices that employees can then use to maintain security. "With Elastic we significantly reduced the cost and time of achieving ISO and SOC 2 Type 1 compliance, enabling us to attract more clients and enhance the security of existing ones," says Wilkins.
Data backup is another important feature of ISO 27001 and here Elastic also plays an important role. "We have to show that we have data retention for the period defined according to our policies. Elastic helps us to achieve that through its support for backup to the cloud," says Wilkins.
Within a year we were compliant with both ISO 27001 as well as other standards such as SOC 2 Type 1. Elastic played a huge role in this achievement.
Wilkins adds, "To stay ahead in our sector you need to innovate and react at lightning speed to customer feedback and requests for new functionality."
"Elastic is at the heart of our observability operations," says Wilkins. "It means our developers can look at the logs coming from the containers that they run, see immediately if there are any issues with their code, and fix them."
Harnessing Elastic Cloud on Kubernetes means that the development team can quickly get new apps and functionality up and running. "We have all of our Elastic configuration as code, which makes it really easy for us to spin up new environments. At the press of a button, we can set up a new Elasticsearch cluster pulling in logs from our Vault environments."
Going forward, Wilkins is confident that Elastic will continue to play a role in growing the Thought Machine business. In terms of continuing to evolve its security offer, the company is closely evaluating security information and event management (SIEM) and endpoint security capabilities of Elastic Security as potential new tools to add to its stack for automated, real-time threat response.