Ageas | Insurance

Ageas Insurance meets PCI compliance with LogRhythm’s Security Intelligence Platform

Holding a vast amount of sensitive information, Ageas Insurance required a solution that would ensure it met stringent regulatory compliance, such as PCI DSS. It selected LogRhythm’s Security Intelligence Platform, which correlates network activity so that the company can quickly and easily identify and mitigate potential threats.

Since the initial deployment in 2009, the organisation has expanded its use of LogRhythm’s platform beyond its original scope and has plans to roll it out across additional UK operating companies.

Ageas Case Study UK

The Organisation

Ageas is an international insurance group, ranked among the top 20 insurance companies in Europe. With key markets in Europe and Asia, the company was originally founded in 1990 as part of Fortis Holding, but was renamed in 2010 to form Ageas. The company now employs around 6,000 people in the UK.

The company offers a broad range of personal and commercial insurance solutions to over 8 million customers. In the UK alone, it is the third-largest provider of private vehicle cover and the fourth largest provider of travel insurance.

The Challenge

The organisation handles large volumes of confidential customer information and is subject to numerous European compliance regulations, including PCI DSS. Safeguarding its customers’ data is subsequently a key priority for Ageas.

“Meeting new standards and compliance regulations is a fundamental part of our business,” said Peter Burge, UK information security officer at Ageas (UK Limited). “Previously, we monitored all network activity ourselves, however, as the company grew and we began managing larger volumes of data, it became clear that this was soon going to become much more difficult. We needed a solution that we could rely on to identify any anomalous network activity for us.”

The Solution

Keen to ensure it remained compliant with PCI DSS, Ageas undertook a review of the market in order to establish which product would best meet its requirements. After ruling out a number of different vendors, the company decided LogRhythm’s platform was the most comprehensive, cost-effective and user-friendly solution.

“We quickly realised the benefits of LogRhythm’s solution for the PCI environment; we have better visibility of what’s happening across our network and are notified straightaway if any activity needs to be fixed or looked at,” continued Burge. “Furthermore, while we initially purchased the product to meet compliance requirements, we soon realised that it had other business benefits. By automating a lot of menial tasks, it freed up a lot of time and allowed our security team to spend their time on other important security issues.”

“Over the years, we’ve realised that network monitoring can no longer be done manually—there’s just too much at stake if something was to be missed. LogRhythm’s Security Intelligence Platform does this job for us, and it does it very well. We’ve subsequently been able to stick to a small security team, saving the company from spending additional money building a larger team of security experts.”

Since the original implementation, Ageas has extended LogRhythm’s services to four additional offices and has plans to roll it out to a further three offices later this year.