Insurance provider fortifies defenses against cyberattacks

• Cybersecurity & Privacy - Endpoint Security
• Cybersecurity & Privacy - Network Security
• Cybersecurity & Privacy - Security Compliance

• Business Operation

• System Integration
• Training

We don’t have to look far for news about high-profile data breaches. Almost weekly, governments, companies, political organizations and other entities are compromised in cyberattacks. As a provider of health insurance to federal government employees, GEHA must be vigilant about safeguarding protected health information (PHI) under United States law. Cybercriminals work hard to steal personal data about federal employees, particularly those with security clearances. Theft of such data could result in significant financial penalties and reputation harm for the company. Prior to Bitdefender, GEHA used Microsoft System Center Endpoint Protection (SCEP) and Trend Micro Deep Security. As attack vectors became more sophisticated, ransomware and other threats began bypassing the solutions. In fact, one attack locked out 80 percent of employees from accessing their files for 13 hours. To address growing security concerns, the IT team evaluated Cylance, Trend Micro OfficeScan, and Bitdefender GravityZone. In addition to reviewing industry security research studies from Gartner Group, AV-TEST, AV-Comparatives, and NSS Labs, IT tested how the security solutions detected and stopped hundreds of malware samples that mimicked zero-day signature-less threats.

Government Employees Health Association (GEHA) is a self-insured, not-for-profit association providing medical and dental plans to federal employees and retirees and their families through the Federal Employees Health Benefits Program (FEHBP) and the Federal Employees Dental and Vision Insurance Program (FEDVIP). GEHA is headquartered in Lee’s Summit, Missouri, USA, and employs around 1,500 people, including an IT staff of 18. As a provider of health insurance to federal government employees, GEHA must be vigilant about safeguarding protected health information (PHI) under United States law. Cybercriminals work hard to steal personal data about federal employees, particularly those with security clearances. Theft of such data could result in significant financial penalties and reputation harm for the company.

GEHA recently upgraded to GravityZone Elite after successfully using GravityZone Enterprise Security for 12 months. GravityZone Elite incorporates Sandbox Analyzer, an endpoint-integrated sandbox to analyze suspicious files, detonate payloads, and report malicious intent to administrators, and HyperDetect, a next-generation security layer that provides tunable machine learning with advanced heuristics and advanced anti-exploit techniques. GravityZone Elite protects GEHA’s 1,900 virtual and physical servers, workstations, and virtual desktops across two data centers. The environment comprises primarily Microsoft Windows and VMware, and smaller Citrix XenDesktop, Linux, Apple, and Nutanix environments. GEHA is rolling out Microsoft Azure infrastructure as a service (IaaS), which also is protected by GravityZone. Bitdefender Professional Services assisted the insurance provider with setting up the GravityZone server and policies. GEHA also uses Bitdefender Gold Support.

• Security management has been a breeze with GravityZone. One advantage is seamless integration between GravityZone and VMware vCenter server management software.
• GEHA reduced security administration staffing from one full-time equivalent (FTE) to one-quarter FTE since adopting Bitdefender.
• GravityZone also has proven exceptional at keeping out threats. One feature is that GravityZone complies with NIST 800-53 regulatory requirements for device control, which prevents employees from infecting workstations with external devices.

• Achieved 100 percent success rate in blocking malware.
• Reduced security administration resources from one FTE to one-quarter FTE.
• Consolidated 41 virtual appliances to four central scanning servers, reducing server costs.