Global Insurance Company

How a global insurance services provider protects its Microsoft 365 users from advanced phishing threats

Throughout its successful 150-year history, the confidential subject of this case study has always been committed to finding better ways to serve families and businesses who rely on them for financial peace of mind.

In an example of its commitment to innovation and growth and to modernize its business process, the company successfully implemented a hybrid architecture with both cloud and on-premises mailboxes.

However, as technological advancement and industry continues to evolve, so does the increased risk of cyber attacks, leading to the risk of significant costs and damages. As a Fortune 50 global insurance provider that serves customers worldwide, a successful attack could inflict major damage, including operational downtime.

Challenge

Recognizing that their most significant cyber risk comes from email phishing threats, the security team wanted to better protect the company’s inboxes, particularly in their hybrid environment.

Although the firm relied on content and reputation-based email and web security technology to protect it from phishing, the team still found itself frequently combating missed threats that escaped secure email gateway (SEG) detections. Furthermore, the team realized that traditional email security solutions built for on-premise mailboxes are ineffective in a hybrid IT environment.

Solution

The company chose Cloudflare email security to prevent phishing attacks, including adding the Cloudflare PhishGuard service for managed email security. Cloudflare's email security solution is a cloud-native email security platform that preemptively and proactively crawls the web, discovering phishing campaigns and infrastructure vulnerabilities before targeted attacks such as Business Email Compromise (BEC) can reach inboxes. The resulting early insight and threat information from Cloudflare's anti-phishing service supplements their Microsoft 365 security and traditional SEG to better detect and block missed threats.

PhishGuard is an additional layer of security and automates fraud protection by providing dedicated resources for end-to-end phish and targeted attack management and response. PhishGuard provides customized notification, tailored threat hunting and personalized responses for fraud and insider threats.

“The Cloudflare PhishGuard service is a great way to augment standard email security controls. Threat hunting across our email environment and the extended Cloudflare customer base has led to the identification of some extremely well-crafted phishing attacks,” says the global insurer’s Messaging Manager.

With Cloudflare email security, the company was able to move beyond content and reputation-based detection, prevent missed threats by supplementing traditional SEG’s with advanced phishing detection, and protect both cloud-based and on-premise mailboxes from attacks.

Results

Cloudflare email security is now operational company-wide, protecting the global insurance provider from email- and web-based phishing attacks. For example, in just one month, the Cloudflare service:

  • Stopped over 14,000 threats from reaching the organization’s email inboxes
  • Supported the messaging team with critical security metrics and reports to share with internal stakeholders
  • Provided a seamless integration with the firm's existing email infrastructure with no maintenance issues

In fact, the PhishGuard service was instrumental in saving the company from significant potential BEC-related financial losses totaling more than $1 million in 2021.

Cloudflare's preemptive, comprehensive, targeted phishing protection helped improve productivity and reduced cybersecurity risk.

Global Insurance Company
Related Products
Key Results
  • Over 14,000 threats stopped from reaching inboxes within a month
  • Seamless and simple one-step integration with existing email infrastructure with no maintenance issues
  • Messaging team empowered to easily provide critical security metrics and reports with Cloudflare dashboard insights

The Cloudflare email security service is a great way to augment standard email security controls. Threat hunting across our email environment and the extended Cloudflare customer base has led to the identification of some extremely well-crafted phishing attacks.


If you’re looking for advanced email phishing protection, go for Cloudflare. Traditional email security gateways are limited. You need advanced detection techniques to counteract cyberattacks.