Aflac Drives Consolidation with the Falcon Platform, Eliminating 15 Point Security Tools in Three Years
Falcon Flex gives Aflac the flexibility to quickly deploy new protections as the threat landscape evolves
Aflac, one of the world’s largest supplemental insurance providers, is built on a promise: to support its customers in times of need. Whether it’s an accident, critical illness or mounting medical bills, Aflac delivers swift financial relief, allowing customers to focus on recovery.
“We’re selling a promise that we’ll be there in a time of need,” said DJ Goldworthy, VP of Security Operations at Aflac. “So our technology needs to enable us to do that.”
Aflac’s ability to protect its digital assets and maintain operational continuity is critical, especially as the cyber threat landscape continues to evolve.
“The threat landscape isn’t just evolving, it’s expanding rapidly through cloud, SaaS and distributed environments,” said Goldworthy. “As a security team, we need to keep up with that pace of change, which requires a new level of speed and innovation.”
Aflac used to rely on a wide variety of point security solutions to stay ahead of expanding threats. But in 2018, the insurer shifted its strategy to consolidate on CrowdStrike, gaining cybersecurity resilience with greater speed and flexibility to stop breaches.
Managed Endpoint and Identity Threat Protection
Aflac’s first challenge was securing its endpoints and identities, two areas where the company faced growing challenges. Initially, Aflac relied on a legacy managed security service provider (MSSP), but this approach eventually proved untenable, as alerts piled up — 99% were false positives — and Aflac’s SOC struggled to keep pace.
Things changed in 2019 when Aflac deployed the AI-native CrowdStrike Falcon® cybersecurity platform, starting with CrowdStrike Falcon® Insight for endpoint detection and response managed by CrowdStrike Falcon® Complete Next-Gen MDR. Today, the Falcon Complete team acts as a seamless extension of Aflac’s security team, delivering 24/7 expert monitoring, proactive threat hunting, integrated threat intelligence and full-cycle remediation delivered by CrowdStrike experts.
CrowdStrike’s managed detection and response (MDR) service transformed Aflac’s security operations, allowing it to transition from reactive, manual detections to risk-based, AI-driven alerting. With Falcon Complete Next-Gen MDR, Aflac’s SOC is leaner and more efficient, freeing up half the team to focus on more strategic projects, including engineering, vulnerability management, automation and AI.
Identity protection was another critical piece of the puzzle. For that, the insurer deployed CrowdStrike Falcon® Identity Protection with its existing Falcon sensor, gaining new protections with little effort. With Falcon Identity Protection, Aflac strengthened its Zero Trust architecture with new access restrictions and micro-segmentation capabilities, making it significantly harder for adversaries to gain unauthorized access.
“The auto-MFA feature with Falcon Identity Protection makes each stage of an attack much harder for adversaries,” said Goldworthy. “Plus, the integration with Zscaler allows us to continuously assess risk, shrink the blast radius of potential breaches and maintain real-time authorization across our infrastructure.”
Revolutionizing Cloud Security with Falcon ASPM
As Aflac modernized its tech stack, securing its cloud environments became a top priority. With frequent application updates and the ephemeral nature of cloud environments, Aflac needed a way to maintain deep visibility and control over its applications and cloud infrastructure.
CrowdStrike Falcon® Cloud Security provided the solution. “Falcon ASPM is a game changer for cloud security,” said Goldworthy. “It gives us real-time visibility into our applications, helping us identify risks before they become issues.”
With Falcon Application Security Posture Management (ASPM), Aflac gained a dynamic map of its application environments, enabling the security team to detect misconfigurations and vulnerabilities that were previously invisible.
Falcon ASPM also strengthened the security team’s interactions with Aflac’s development teams. “We now have context when we engage with dev teams,” said Goldworthy. “Instead of overwhelming them with a list of vulnerabilities, we bring them the most critical issues that attackers could actually exploit.”
By providing developers with more information and context about the application, Aflac’s security team can have informed discussions about architecture, threat modeling and where the risk and exposure lies for applications. This deep visibility has both elevated Aflac’s security posture and allowed the organization to improve its operational efficiency and cut costs.
“We can see things like services that are no longer being called but are still part of the stack. We’ve also been able to eliminate orphaned infrastructure and reduce our AWS bills by identifying unused resources,” said Goldworthy.
A Unified Approach to Cybersecurity
Before adopting CrowdStrike, Aflac had a fragmented security stack, which required significant effort to integrate and maintain various tools.
By consolidating on the Falcon platform, Aflac eliminated 15 point security tools in three years. “Going all-in on CrowdStrike has allowed us to consolidate vendors substantially. We no longer have to stitch together different solutions from different vendors. With CrowdStrike, all those pieces work together as a singular solution, allowing us to stop more attacks before they hit their payload, which is key,” said Goldworthy.
Flexible Licensing with Falcon Flex
Aflac’s commitment to consolidation is reflected in its use of Falcon Flex, which provides flexibility in deploying additional CrowdStrike solutions. With Falcon Flex, Aflac can maximize its security investment with a flexible licensing agreement customized to meet its needs.
Flex is designed to unlock greater economic value for a pre-negotiated commitment that can be drawn down over time and even applied to new releases. In this case, Aflac chose to license CrowdStrike® Charlotte AI™, CrowdStrike Falcon® for IT, CrowdStrike Falcon® Data Protection and CrowdStrike Counter Adversary Operations, gaining the speed and innovation it needs to futureproof its cybersecurity operations.
“Falcon Flex is important because it takes the lead time out of deploying new defenses,” noted Goldworthy. “Now, when the technology or threat landscape changes, we can quickly adjust our defenses to stay ahead of our adversaries.”
The Future: AI-Powered Security with Next-Gen SIEM and Charlotte AI
As Aflac looks to the future, speed and automation are critical. “Speed is always a challenge in cybersecurity. The faster adversaries exploit vulnerabilities, the faster we need to respond,” said McIntosh.
To address this, Aflac implemented CrowdStrike Falcon® Next-Gen SIEM, which McIntosh said is significantly faster and more efficient than its previous legacy SIEM.
Charlotte AI also plays a crucial role in Aflac’s future security strategy. The gen-AI security analyst accelerates incident detection and response, reducing the time it takes to detect and mitigate threats from hours to minutes — or even seconds.
“Our adversaries are coming at us with AI PhDs. We need AI at the same level, and Charlotte AI will help us identify and secure vulnerabilities in real time as our environment evolves." said Goldworthy.