GetInsured bolsters security with an easy-to-use feature-rich solution.

GetInsured is a health insurance ecommerce platform for consumers, employers, states and insurers. GetInsured provides comprehensive ecommerce solutions for insurers to reduce administrative costs and scale membership, and they also work with employers to reduce healthcare costs while still connecting employees with the health insurance coverage they deserve. Their private exchange solutions simplify today’s health insurance enrollment complexities and personalize the shopping experience for consumers, enabling them to make more informed decisions.

GetInsured’s Challenge: Streamlining Technical Compatibility, While Bolstering Security

GetInsured continually works to optimize and simplify its outward facing platform, while also working behind the scenes to make sure the sensitive information passing through their systems is as safe and secure as possible. “Defense-in-depth is one of the core tenets for securing our applications and is necessary for our business to function,” explained Atul Arora, Security Architect at GetInsured. “Our previous firewall was not performing very well. We were having tremendous challenges with getting it online and maintaining stability. In addition, managing multiple SSL certificates for our production and QA environments across different products and customers was a challenge for us, especially as our user base kept growing. We wanted something that would just work right out-of-the-box that was scalable, user-friendly and secure.”

GetInsured’s Solution: An All-in-One Solution That Works Out of the Box

“We started using Cloudflare just for their WAF, but we really enjoyed how everything just worked so we looked into the other features of the network,” said Allwyn Lobo, CIO at GetInsured. “We now use Cloudflare’s WAF, Page Rules and DDoS mitigation features to augment and strengthen our defenses.”


These added security features proved formidable to attackers: “Since using Cloudflare we have seen a lot fewer DoS or DDoS attacks reported by our firewall,” explained Lobo. This reduction is due to the fact that Cloudflare’s DDoS protection is best-in-class and has stopped the largest attacks seen on the Internet ensuring that attacks aimed at GetInsured are futile. Plus, Cloudflare’s WAF works by analyzing every packet aimed at GetInsured’s infrastructure and automatically blocks malicious requests or requests from blocklisted IP addresses. GetInsured also leverages the country blocking feature of the WAF to minimize the surface area for attacks and ensure an even higher level of security. “Before using Cloudflare we had to respond to and review tickets to add rules to block IPs,” related Lobo. “Now blocking countries efficiently keeps the bad actors away, and our IT and InfoSec teams have time to focus on other pressing issues.”

In addition to the bolstered security, GetInsured enjoys the ease-of-use and overall value they get from Cloudflare. “The Cloudflare product is easy to use,” noted Lobo. “It has smart system defaults, a modern web-based application, and rich and informative dashboards. “

Lobo concluded, “It’s difficult to find a single, easy-to-use product this rich in features and functionality.”

Key Results

DDoS mitigation keeps infrastructure safe and secure

WAF serves to protect infrastructure and minimize attack surface area

Whenever we bring an application online (whether it be production, QA or Dev), we make sure we set it up with Cloudflare. It provides us the peace of mind in terms of protecting the application for a number of external threats.

Allwyn 'Olly' Lobo