How Insurer Zurich Shields Against Cybercrime

The Log4J vulnerability is the cybersecurity threat that keeps IT security officers up at night. When it first emerged, it was undetectable and prone to self-seeding as the vulnerability buried itself in open-source logging libraries that exist in every system and application.

Zurich Insurance Group’s Global Chief Security Officer Paige Adams asked his team what they had in their arsenal to stop it. The answer was Tanium. “Within hours of the news, we were able to spin up a detection capability, assess the environment, and start the remediation process. It is exactly why we need Tanium.”

Hear more from Adams in this Q&A interview. 

Zurich has been in business for 150 years with a global presence in 210 countries and territories and well-known brands like Farmers Insurance. It provides property and casualty (P&C) and life insurance products and services to individuals, small and midsize businesses, and multinational corporations.

With its broad reach, it needs to secure 100,000 digital endpoints in a geographically distributed and highly heterogeneous environment.

“We’re fighting cyber bad guys on an everyday basis,” Paige says. “Our key measure for success is: Are we protecting Zurich, our customers, and our customer data? It’s a simple yes-or-no question.”

Zurich uses Tanium to:

• Bridge the gap between security and IT operations teams and resolve issues like internal misconfigurations or to spin up a response effort to handle a severe IT incident.
• Power the new Enterprise Command Center, an IT Ops unit that manages incidents, analyzes performance and monitoring. The ECC works together with the Cyber Fusion Center to provide a more robust and cross-functional approach.
• Enrich the high-fidelity alert system within the company’s SIM platform.

“Our Head of Detection Engineering and Automation says Tanium provides the richest set of data sources out of all of the tools and sensing capabilities we have,” Paige says. “Tanium Signals helped us avoid what could have been newsworthy events. And staying out of the news is always one of our first objectives.”

Finding a dual-purpose solution

Paige first learned about Tanium eight years ago when he joined Zurich as the North American incident response leader. His new team had already vetted the product, so Paige began meeting with Tanium customers. They helped him understand its real-world capabilities, benefits, and, in particular, the role of Tanium solutions in security and operations. He quickly saw that, for the first time, the team would have complete visibility into their endpoints and a centralized dashboard and set of tools.

Just like Paige was intrigued by Tanium’s potential when he first joined Zurich, his counterparts in IT ops quickly wanted to learn more. “It’s always a nice sweet spot when you can find a set of capabilities that multiple teams find of value. We’ve gotten good saturation of Tanium usage, both on the cyber side of the house and on the IT operations side of the house. It is a set of capabilities that everybody loves.’’

“It provided us with capabilities you don’t have with other tool sets,” Paige says. “In that regard. Tanium was a game-changer.”

It’s also helping the company save time. Paige estimates that the automated patching capability built on top of Tanium’s patching tool saves about 100 resource hours a month.

Ultimately, Tanium is helping Zurich become cyber resilient.

“The cyber environment is always changing. It’s always dynamic. It’s getting tougher every day, which is great because it’s a good challenge for us to stay on top of,” Paige says. “I think it’s fulfilling and rewarding because it feels like we’re doing good in the world. We’re fighting cyber bad guys every day, and who wouldn’t want to do something like that?”

---

Read the full case study to learn more about how Zurich fights cybercrime with Tanium.