Overview

Tower uses Imperva Cloud WAF to ensure the continuity of digital business operations. Security teams get complete real-time visibility into web activity, separate legitimate from malicious website traffic, and protect against attacks at the application layer.

About Tower

Born and bred in New Zealand, Tower has been supporting Kiwis when they need it most for 150 years. In that time, we’ve grown to operate across New Zealand and the Pacific Islands, providing our customers with cover for their houses, cars, contents, businesses and more.

While our heritage is important to us, we’ve also set our sights on the future. Our goal is to meet the 21st century head-on with customer focused, digital-first insurance solutions for Kiwis and their communities.

Challenges

Seeking to continue and improve support granularity and flexibility

Insurance companies, like many other organisations, are vulnerable to web application attacks because of the high volume of sensitive data that passes back and forth between stakeholders.

Tower’s previous service for monitoring website traffic was to a certain extent, a black box for the security team and the company. “People in the organization had visibility of real-time security events being generated by web traffic but not at the granular level we wanted”, stated Darren Beattie, Security Lead at Tower.

Due to the fast-paced rollout of Tower’s digital first insurance services across multiple geographies, additional requirements for Tower’s future WAF capability were identified to include:

  • Real-time visibility of web traffic (good and bad)
  • Advanced protection capabilities (e.g. Bot and DDoS protection)
  • Self-service capabilities for non-security teams
  • SIEM Integration patterns for logging and alerting
  • Straightforward Pricing models for modular capabilities
  • Ease of configuration & implementation
  • A credible delivery partner and locally based product expertise

With these additional requirements, Tower took the opportunity to look at alternative solutions to monitor website traffic, stop attacks, and ensure uninterrupted business operations.

Deployment

Imperva Cloud WAF: Easy to use, fast to deploy, and affordable

In 2020, while working on cybersecurity enhancements with Advantage, an Imperva silver partner and one of New Zealand’s oldest comprehensive IT support organizations, Tower was introduced to Imperva as a cloud WAF replacement solution.

Imperva Cloud WAF provides always-on protection of assets against any type of application layer attack. With minimal set up time, it monitors website traffic, blocking bad traffic and allowing legitimate traffic to pass through, with near-zero false positives. After reviewing the various Cloud WAF product features and benefits, the team quickly determined ease of setup was an attractive feature and realized they would gain much greater visibility into their website traffic very quickly. Other solution providers required much more time and effort to set up protection on their websites.

The Tower team ran a cloud WAF proof of concept with Advantage and Imperva in November and December of 2020. “The proof of concept showed we got dramatically increased capability relative to the cost. From that point on, this was easy for Darren’s team to sell internally”, stated Eli Hirschauge, Tower’s Head of Strategy and Governance.

Imperva also offered the advantage of being a global enterprise solution, which gives it more resilience than services local providers offer. “This was important as some New Zealand companies had experienced a significant increase in disruptive cyber-attacks during 2020 ranging from DDoS to ransomware so geographic resilience was a key focus”, Beattie recalled.

With assistance from Advantage, the Tower team completed the multi-website migration to Imperva Cloud WAF in under six weeks. Beattie’s team worked with the Tower digital team on post-implementation testing. Tower received real-time feedback, and when it needed to re-configure to account for new activity, there was a real-time response. Immediately, Tower saw the seamless self-service needed to gain increased visibility into its website traffic.

“The immediate benefits we got completely overcame any potential change resistance to Imperva Cloud WAF, ” Beattie stated. “We also got great support in the deployment process from Imperva Quick Start and Advantage.”

Conclusion

Tower has not only benefited from enhanced application protection and visibility, but also greater operational efficiency through Imperva’s vast array of application delivery capabilities.

Since implementation, feedback about Imperva Cloud WAF has been exceptionally positive, and the Tower team has found it simple to use. “It’s quite a straightforward GUI. The digital teams have the ability to quickly and easily set up or activate a maintenance page, turn things on and off as required in terms of maintenance and releases which, from a process perspective, has been very good for everyone”, stated Beattie.

In addition, Beattie underscored that “at one point, we were performing a migration of several of our legacy websites to the engine. The Imperva Cloud WAF enabled us to rapidly self-serve and self-deliver, with increased visibility, without delays or added costs.”

The team in Tower looks to the future. “Do we want to do more? Yes. We look forward to working with Imperva and Advantage to leverage all the features of Cloud WAF. As everyone says, this is a journey. Our next big thing is to utilize Imperva Advanced Bot Protection to its full capability while continuing to provide the best digital experience to our customers”, stated Hirschauge.