In 2016, Aflac noticed a rapid increase in security threats targeting its employees – more than 15,000 worldwide. The company had to take action, says SVP and global chief security officer Tim Callahan, but there was a problem – it didn’t have the sophisticated analytics tools to understand the threats against it.
“We were increasing our intake of threat intelligence type information,” Callahan explains. “But we didn't have good strong correlation ability."
Aflac leverages about 20 different data sources that give the insurer cyberthreat information. The supplemental insurer was a customer of Splunk’s Enterprise platform, which collects and runs rudimentary analytics on threat information. In order to get more value out of that data, the company added additional products from Splunk. Those included Enterprise Security, a security information and event management platform; and Splunk User Behavior Analytics, a more advanced analytics platform that allows it to identify internal threats and investigate fraud and compliance.
Now, Aflac’s threat intelligence system is automated to a high level, with the Splunk platforms colleting, analyzing and acting on threats quickly.
“The fact that we have so much of it automated, it doesn’t take a room full of people anymore,” says Callahan. “It gives us an offensive threat now instead of a defensive posture.”
The CISO also says that that Splunk has tremendous accuracy when dealing with security threats. The platform has been used in more than two million cases, with only 12 false positives.
“You could never do that manually. It’s just too much information,” Callahan asserts.
According to Callahan, Splunk’s implementation is “one of those things that’ll never be finished” because Aflac continues to find uses for it and the platform will continue to improve.
“What’s unique about Splunk is that it’s really inexpensive and easy to start,” Callahan concludes. “It is so easy to implement that we got use out of it almost immediately.”
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access