AFA Försäkring Protects Against Lateral Movement with Illumio Core™

Going from VLANs and firewalls to a micro-segmentation solution saved time and effort.

AFA Forsaking Logo

Summary

Industry: Insurance

Environment: 600 workloads (Windows and Linux) across on-premises data centers

Challenge: Prevent lateral movement and protect critical applications and systems that hold data governed under GDPR

Solution: : Illumio Core™ for comprehensive visibility and micro-segmentation

Results: Unprecedented visibility; simplified means to write policies; increased operational efficiency and time saved

Customer Overview & Challenge

More than 4.8 million Swedish citizens – nearly half the population – rely on AFA Försäkring (AFA) for workrelated insurance. Providing health and life coverage for private and public sector employees, the company manages approximately 195 billion (4.8B USD) in assets. With a wealth of sensitive information and services at stake, insurers like AFA are prime targets for attack.

That’s where the need for better segmentation to effectively safeguard their systems and minimize the impact of a breach came in. Using VLANs and firewalls became too complex and time-consuming – and proved inadequate for stopping lateral movement. The need to adhere to regulations like GDPR only raised the stakes.

As Head of Department IT Infrastructure, Mikael Karlsson, explained: “We couldn’t keep up with the number of VLANs and firewall rules needed to properly segment our network. Finding a micro-segmentation solution was critical to address both lateral movement and increasing regulatory demands.”

Illumio Solution

It wasn’t long before AFA discovered and deployed Illumio Core™. After the initial demo, Mikael determined that it was the right solution and was keen to pursue a pilot. “I decided almost immediately that this is something we wanted to test,” said Mikael. “The simple yet powerful graphical map provided visibility that we never had before. I knew that it would be invaluable to easily understand and control what’s happening inside our network.”

Making up for time spent trying to segment with VLANs and firewalls, within two short months, the team identified their high-value applications, set their strategy, and installed Illumio Core. For a small core team with a big mission, the real-time application dependency map, Illumination, has been invaluable. They can now easily monitor East-West traffic between workloads and applications in their data centers, which is key to GDPR requirements for visualization and an understanding of connectivity.

For Network Security Engineer, Stefan Löfqvist, who bears the responsibility for firewall operations and Illumio Core, time is of the essence, so the efficiencies gained from the product are essential.

“Gaining live visibility into flows between workloads down to the paths of protocols provided immediate value. The ability to use the map to easily allowlist traffic and achieve the level of segmentation needed will be a tremendous time-saver over manually programming firewall rules.”

The map also allows AFA to test segmentation policies before they go into enforcement. They can now execute their segmentation strategy confidently, whether separating production from non-production environments or ringfencing applications, knowing that they won’t face downtime or risk business disruption.

Customer Benefits

Ongoing visibility

The team can derive actionable insights from Illumio Core’s always-on, comprehensive map of application components, communications, and dependencies.

Sustainable, simplified operations

The intuitive interface makes Stefan’s life easier and enables him to work on micro-segmentation initiatives much more efficiently than he could with VLANs and firewalls.

quote

Gaining live visibility into flows between workloads down to the paths of protocols provided immediate value. The ability to use the map to easily allowlist traffic and achieve the level of segmentation needed will be a tremendous time-saver over manually programming firewall rules.

Mikael Karlsson, Head of Department IT Infrastructure