To address this, Aflac implemented CrowdStrike Falcon® Next-Gen SIEM, which McIntosh said is significantly faster and more efficient than its previous legacy SIEM. As Aflac looks to the future, speed and automation are critical. “Speed is always a challenge in cybersecurity. The faster adversaries exploit vulnerabilities, the faster we need to respond,” said McIntosh.
“We used to buy best-of-breed cybersecurity solutions and spend significant time combining them all because no single vendor could do everything very well,” said Steve McIntosh, Director of Threat Management and Response at Aflac. “With CrowdStrike, that’s not the case anymore. CrowdStrike’s native integrations do a lot of that work for us, which saves us time.”
“We’re on the precipice of another major leap with [Falcon] Next-Gen SIEM. It’s at least ten times faster than what we had before. The performance improvements have been game-changing, allowing us to instantly ingest Falcon platform data and third-party data for the ultimate visibility and threat hunting. We’ve had a lot of success pulling our data together.”
Things changed in 2019 when Aflac deployed the AI-native CrowdStrike Falcon® cybersecurity platform, starting with CrowdStrike Falcon® Insight XDR for endpoint detection and response managed by CrowdStrike Falcon® Complete Next-Gen MDR. Today, the Falcon Complete team acts as a seamless extension of Aflac’s security team, delivering 24/7 expert monitoring, proactive threat hunting, integrated threat intelligence and full-cycle remediation.
Managed Endpoint and Identity Threat Protection
Aflac’s first challenge was securing its endpoints and identities, two areas where the company faced growing challenges. Initially, Aflac relied on a legacy managed security service provider (MSSP), but this approach eventually proved untenable, as alerts piled up — 99% were false positives — and Aflac’s SOC struggled to keep pace.
As Aflac modernized its tech stack, securing its cloud environments became a top priority. With frequent application updates and the ephemeral nature of cloud environments, Aflac needed a way to maintain deep visibility and control over its applications and cloud infrastructure.
“The auto-MFA feature with Falcon Identity Protection makes each stage of an attack much harder for adversaries,” said Goldworthy. “Plus, the integration with Zscaler allows us to continuously assess risk, shrink the blast radius of potential breaches and maintain real-time authorization across our infrastructure.”
By fully embracing the Falcon platform and CrowdStrike’s managed services, Aflac is building a future where its security posture not only defends against today’s threats but anticipates tomorrow’s. With a robust, consolidated defense strategy in place, Aflac can confidently continue to fulfill its mission: being there for its customers, whenever and wherever they need it.
Aflac used to rely on a wide variety of point security solutions to stay ahead of expanding threats. But in 2018, the insurer shifted its strategy to consolidate on CrowdStrike, gaining cybersecurity resilience with greater speed and flexibility to stop breaches.
“The visibility that Falcon ASPM gives us has fundamentally changed how we approach application security. Within our applications, especially those deployed to the cloud, we’ve been able to essentially eliminate our high-risk attack surface,” said Goldworthy. “It’s also helped us accelerate pen testing and incident response by providing a correct application reference architecture that builds a dynamic view of the application and the infrastructure it sits on — all the way down to the code level.”
Revolutionizing Cloud Security with Falcon ASPM
By consolidating on the Falcon platform, Aflac eliminated 15 point security tools in three years. “Going all-in on CrowdStrike has allowed us to consolidate vendors substantially. We no longer have to stitch together different solutions from different vendors. With CrowdStrike, all those pieces work together as a singular solution, allowing us to stop more attacks before they hit their payload, which is key,” said Goldworthy.
Before adopting CrowdStrike, Aflac had a fragmented security stack, which required significant effort to integrate and maintain various tools.
By providing developers with more information and context about the application, Aflac’s security team can have informed discussions about architecture, threat modeling and where the risk and exposure lie for applications. This deep visibility has both elevated Aflac’s security posture and allowed the organization to improve its operational efficiency and cut costs.
“Falcon Flex is important because it takes the lead time out of deploying new defenses,” noted Goldworthy. “Now, when the technology or threat landscape changes, we can quickly adjust our defenses to stay ahead of our adversaries.”
Identity protection was another critical piece of the puzzle. For that, the insurer deployed CrowdStrike Falcon® Identity Protection with its existing Falcon sensor, gaining new protections with little effort. With Falcon Identity Protection, Aflac strengthened its Zero Trust architecture with new access restrictions and micro-segmentation capabilities, making it significantly harder for adversaries to gain unauthorized access.
“When we started, we had a large SOC and built most of our detections ourselves,” said Goldworthy. “Since shifting to Falcon Complete Next-Gen MDR, alerts have dropped by 20x. It’s head-over-heels more mature and effective than what we had in the past.”
Aflac, one of the world’s largest supplemental insurance providers, is built on a promise: to support its customers in times of need. Whether it’s an accident, critical illness or mounting medical bills, Aflac delivers swift financial relief, allowing customers to focus on recovery.
A Unified Approach to Cybersecurity
CrowdStrike’s managed detection and response (MDR) service transformed Aflac’s security operations, allowing it to transition from reactive, manual detections to risk-based, AI-driven alerting. With Falcon Complete Next-Gen MDR, Aflac’s SOC is leaner and more efficient, freeing up half the team to focus on more strategic projects, including engineering, vulnerability management, automation and AI.
With Falcon Application Security Posture Management (ASPM), Aflac gained a dynamic map of its application environments, enabling the security team to detect misconfigurations and vulnerabilities that were previously invisible.
Aflac’s commitment to consolidation is reflected in its use of CrowdStrike Falcon® Flex, which provides flexibility in deploying additional CrowdStrike solutions. With Falcon Flex, Aflac can maximize its security investment with a flexible licensing agreement customized to meet its needs.
Flexible Licensing with Falcon Flex
Falcon ASPM also strengthened the security team’s interactions with Aflac’s development teams. “We now have context when we engage with dev teams,” said Goldworthy. “Instead of overwhelming them with a list of vulnerabilities, we bring them the most critical issues that attackers could actually exploit.”
Falcon Flex is designed to unlock greater economic value for a pre-negotiated commitment that can be drawn down over time and even applied to new releases. In this case, Aflac chose to license CrowdStrike® Charlotte AI™, CrowdStrike Falcon® for IT, CrowdStrike Falcon® Data Protection and CrowdStrike Counter Adversary Operations, gaining the speed and innovation it needs to futureproof its cybersecurity operations.
“Our adversaries are coming at us with AI PhDs. We need AI at the same level, and Charlotte AI will help us identify and secure vulnerabilities in real time as our environment evolves,” said Goldworthy.
The Future: AI-Powered Security with Next-Gen SIEM and Charlotte AI
Charlotte AI also plays a crucial role in Aflac’s future security strategy. This gen-AI security analyst accelerates incident detection and response, reducing the time it takes to detect and mitigate threats from hours to minutes — or even seconds.
“We can see things like services that are no longer being called but are still part of the stack. We’ve also been able to eliminate orphaned infrastructure and reduce our AWS bills by identifying unused resources,” said Goldworthy.
Aflac’s ability to protect its digital assets and maintain operational continuity is critical, especially as the cyber threat landscape continues to evolve.
“The threat landscape isn’t just evolving, it’s expanding rapidly through cloud, SaaS and distributed environments,” said Goldworthy. “As a security team, we need to keep up with that pace of change, which requires a new level of speed and innovation.”
CrowdStrike Falcon® Cloud Security provided the solution. “Falcon ASPM is a game changer for cloud security,” said Goldworthy. “It gives us real-time visibility into our applications, helping us identify risks before they become issues.”
Enabling the Mission
“We’re selling a promise that we’ll be there in a time of need,” said DJ Goldworthy, VP of Security Operations at Aflac. “So our technology needs to enable us to do that.”