Jun 13 2025
Security

Cisco Live 2025: How Wintrust Financial Gained Better Visibility Into Their Data

With help from Cisco ThousandEyes, Splunk and CDW, this midwestern bank achieved greater visibility and faster remediation of threats.
Lily Lopate bio
by

Lily is a Senior Editor at BizTech Magazine. She follows tech trends, thought leadership and data analytics. 

Right now, 58% of artificial intelligence budgets target data modernization, according to a 2025 HFS Research report. But poor data quality makes it harder to see the benefits of AI, particularly as banks “wrestle with inconsistent customer data across credit cards, mortgages and wealth management platforms,” a global finance report notes

Add to the mix a slew of strict compliance and privacy regulations that are unique to financial services. “Regulatory bodies are on us all the time for an internal audit, external audit. We just finished our cybersecurity and insurance filing” said Jermaine Mason, vice president of network infrastructure at Wintrust Financial in a session at Cisco Live this week.

To tackle these challenges, Wintrust leveraged a comprehensive observability stack — including Cisco ThousandEyes, Splunk and CDW’s observability service — to gain deep visibility, accelerate threat detection and streamline incident response.

Here are a few ways IT leaders can achieve cyber resilience in banking.

Click the banner below to apply insights from Cisco Live to your observability IT environment.

bt-q225-cisco-insider-desktop bt-q225-cisco-insider-mobile

 

Identify Blind Spots in a Crowded IT Environment

Wintrust, one of the fastest-growing financial institutions in the Midwest, had ambitious digital transformation goals. But first, it had some big challenges to solve.

According to Mason, the bank’s hybrid IT footprint spanned cloud-native apps, on-prem systems, Software as a Service platforms and branch offices. This fragmentation created network and application performance silos and a lack of correlation across different data domains. The bank also needed to improve incident response times.

“We weren’t lacking in data, we were drowning in it,” said Mason. “What we needed was context and correlation.”

“This magnitude of data it makes everything so complex to manage and hard to see. That’s why observability is so valuable,” said CDW’s Stephanie Hagopian, vice president of physical and cybersecurity solutions.

RELATED: How CDW can help financial services meet compliance regulations.

“I’ve been working with CDW for 20 years, so I knew I’d come to them for this,” Mason said.

It didn’t take long for Wintrust to buy into observability services and tools from Splunk and Cisco ThousandEyes. IT leaders report an annual return on observability solutions that’s 2.67 times their spend, according to a Splunk report.

“If businesses don’t do any of this, this is really going to impact their service greatly,” CDW’s senior solutions architect, Davandra Panchal told BizTech magazine.

Jesse Nixon
We’re really helping our customers bring data in from all of these different points and correlate them together, so enterprises can make decisions and set policy based on what is going on versus reacting to an issue downstream.”

Jesse Nixon Senior Manager of Cisco’s Sales and Solutions, CDW

Monitor the IT Environment From End to End

Once Wintrust implemented ThousandEyes across multiple entry points (branch offices, VPN gateways and mobile apps), Mason and his team were able to monitor the cloud and network.

“ThousandEyes gave us a window into networks we don’t own but still rely on every day,” Mason said. “We were able to proactively escalate the issue before customers felt the pain.”

In one instance, the team caught poor performance in a mission-critical payment gateway and thought the issue stemmed from an internal system. But ThousandEyes’ synthetic tests revealed latency spikes at a third-party API provider.

“We’re really helping our customers understand what they have in their network, and how they can bring data in from all of these different points and correlate them together, so enterprises can make decisions and set policy based on what is going on versus reacting to an issue downstream,” said CDW’s Jesse Nixon, senior manager of Cisco’s sales and solutions.

RELATED: Banks search for the right combination of cybersecurity tools.

Reviewing Logs and Detecting Threats at Scale

Once visibility was established, the next step was to make sense of the data and detect security threats across the organization. That’s where Splunk entered the picture.

CDW helped Wintrust implement Splunk Enterprise Security and design customized dashboards that could aggregate data from firewall and endpoint logs, cloud trail logs, ThousandEyes alerts, and identity and access management systems.

“Teams need to know what those logs are really saying, getting that ingest and being able to quickly determine what’s going on in the environments, whether they’re internal or external, so that we can get to the root cause very quickly,” said Hagopian.

In one case, Splunk helped correlate anomalous login behavior with DNS tunneling activity, pointing to an attempted exfiltration event from a compromised endpoint. The incident was quickly contained. Mason noticed that his team had shifted from reactive alert triage to proactive threat hunting

Next, Wintrust incorporated Splunk’s real-time correlation engine into its compliance workflows, including automated audit reports for requirements related to The Gramm-Leach-Bliley Act, the Payment Card Industry Data Security Standard and the Sarbanes-Oxley Act.

Creating a Unified Observability Ecosystem

While ThousandEyes and Splunk provided the tools, it was CDW’s managed services that brought everything together as a unified observability ecosystem.

CDW’s engineers helped design and deploy the ThousandEyes and Splunk architecture; build out integrations with existing security systems, configure the management database, establish data workflows, dashboard templates; and provide 24/7 support.

“CDW helped us shift from monitoring silos to a true observability posture,” said Mason. “We now have eyes on everything that matters.”

23%

The percentage of BFS enterprises that have mature AI governance and risk management practices in place

Source: 2025 HFS Research report

Setting Clear Governance Policies for Ongoing Maintenance

For Hagopian, the real test of success comes down to data governance. “We’ve set up a policy around how we allow AI to be used in this environment,” Mason said. Now, it’s a question of whether teams can uphold it.

“Data governance and data protection is really hard. It takes time for businesses to really understand where unstructured and structured data lives or the crown jewels. It requires data classification, identification, tagging, lifecycle management and then applying those principles to your data privacy controls,” said Hagopian.

“Just 23% of BFS enterprises have mature AI governance and risk management practices, which impacts the ability to tackle key data quality and security and privacy challenges,” notes the HFS report.

Data governance is ongoing but with these changes, Wintrust has noted a 35% faster mean time to detect across the network, a 40% reduction in security incident investigation time, improved uptime and enhanced audit readiness with automated reporting.

“We are not just watching the dashboards. We are acting with intent, and that’s what digital resilience looks like,” said Mason.

Keep this page bookmarked for articles from the event, follow us on the social platform X @BizTechMagazine and join the event conversation at #CiscoLive.

bt-ciscolive2025-static-2025-follow-desktop bt-ciscolive2025-static-2025-follow-mobile
Photo courtesy of Cisco Live

More On

Related Articles

Close

Unlock IT Success for Your Small Business

Click here to sign up for our newsletter and get the latest expert insights.

Click Here to Sign Up Now