Star Health Enhanced Digital Resilience

Star Health, India’s largest stand-alone health insurance provider, delivers affordable, comprehensive coverage to citizens across all life stages. As it modernized its systems — shifting to a microservices architecture and integrating AI into its digital workflows — the organization faced a rapidly evolving threat landscape and growing API complexity. To maintain customer trust, protect sensitive health data, and ensure seamless experiences across mobile and web channels, Star Health partnered with Akamai to deploy enterprise-grade protections across web applications, APIs, and user accounts. The solutions provided deep visibility into threats, enabled rapid response to AI-driven attacks, and strengthened governance without disrupting service.

Star Health’s core business — underwriting and claims management — touches sensitive customer data at every step, making security paramount. “We have to maintain our customers’ trust and comply with regulatory requirements. Security cannot take a backseat because every customer transaction is sensitive,” Shivanath Somanathan, Star Health’s CISO, explained.

The insurer’s digital transformation delivered agility but also introduced API sprawl. “With the industry moving toward open, API-based frameworks, we had to evolve as well. Our microservices architecture enables us to quickly launch and integrate valuable services for our customers,” Somanathan said.

At the same time, AI-driven attacks and sophisticated bot threats challenged traditional security measures. “These threats are dynamic and nearly limitless in their possibilities. We needed a solution that wasn’t purely rule-based to detect and deter AI-driven attacks,” he continued.

To address these challenges, Star Health sought enterprise-grade web and API protection that could defend against both known and unknown threats, give visibility into shadow APIs, and integrate seamlessly with its existing digital channels.

To strengthen its defense-in-depth strategy, Star Health evaluated multiple web and API protection suites. “Akamai consistently received high ratings from peers and within our industry,” Somanathan said.

The team conducted a proof of concept to confirm that Akamai could deliver top-tier protection without disrupting customer experiences. “Akamai strikes a perfect balance,” he added.

Akamai solutions deployed:

• App & API Protector: Defends web applications and APIs against DDoS, bots, and application-layer attacks, using behavioral and heuristic models for adaptive protection.
• API Security: Maps API traffic, detects anomalies, uncovers shadow and rogue APIs, and enforces governance in real time.
• Account Protector: Safeguards user accounts from takeover, account-opening abuse, and credential compromise.

Star Health now considers Akamai App & API Protector its first line of defense across all customer-facing channels. The solution protects web applications and APIs from DDoS, bot, and application-layer attacks, providing continuous monitoring of critical services.

Unlike typical rule-based engines, App & API Protector relies on behavioral and heuristic-based models. “We feel very confident that Akamai is protecting our critical assets,” said Somanathan. “Plus, Akamai helps keep us aware of our exposure on the public internet and how that impacts our attack surface.”

AI-driven attacks, which can evade traditional defenses, are detected and mitigated in real time. “App & API Protector enables us to handle unknown threats seamlessly,” Somanathan continued. “It continually enhances its ability to detect and filter anomalies related to AI interactions.”

With its shift to microservices, Star Health faced significant API sprawl. Protecting every API became critical for maintaining secure, seamless service. Akamai API Security gave Star Health deep visibility and control over all API traffic and vulnerabilities.

According to Somanathan, before using API Security, Star Health’s security team was only aware of about 33% of the APIs in its environment. “With the solution, we discovered shadow APIs and incorporated them into our inventory and governance processes. By integrating API Security into our pre-release process, we also ensure no critical vulnerabilities get released into production.”

API Security maps each API journey, detects anomalies, and blocks malicious calls in real time. Continuous discovery helps Star Health maintain an accurate, risk-based view of its entire API landscape. As Somanathan said, “You can’t protect what you don’t know, and API Security gives us the visibility we need.”

The solution also supports DevSecOps practices. “We can assign ownership of all APIs, classify them, and maintain them according to our risk-based approach,” Somanathan explained. Star Health now benefits from real-time visibility, anomaly detection, and adaptive threat intelligence. “We can proactively contain threats and make course corrections that improve our operations,” he noted.

Identity is also a growing perimeter for attacks. “We saw many attempted account takeovers and compromises of genuine customer credentials. These vectors could allow perpetrators to exfiltrate data or take down services,” Somanathan said.

Akamai Account Protector now safeguards accounts across their lifecycle, detecting and blocking account abuse before it can affect customers. Combined with App & API Protector, this helps ensure Star Health’s web applications and APIs are continuously monitored and protected from both known and unknown threats.

Beyond technology, Star Health values Akamai’s dedicated support. “Akamai stands out for supporting us throughout the lifecycle of using its services,” Somanathan said. “We can count on its experts to help address our business needs — notably, maintaining uptime and resilience.”

The global threat intelligence delivered by Akamai further strengthens the insurer’s security posture. “This intelligence provides our teams with actionable insights that help us stay ahead of threats,” he explained.

Star Health now has end-to-end protection across its digital ecosystem:

• Detected AI-driven threats in real time
• Secured all API traffic and reduced exposure from shadow APIs
• Protected user accounts from takeover and abuse

“Akamai enhanced our security posture and gave us confidence to stay ahead of the latest threats. Now we can continue growing digitally while maintaining customer trust, regulatory compliance, and operational resilience,” Somanathan concluded.