Unum Group — Infrastructure Technology Matrix

unum.com  |  NYSE: UNM  |  Employee Benefits / Disability & Life Insurance  |  Analysis Date: July 5, 2026

Secure Gap Partial ℹ Info CF Opportunity
At-a-Glance — Who Runs What ⏰ F5 DISTRIBUTED CLOUD — CONTRACT TIMING UNKNOWN
DNS
AWS Route 53
4 NS · est. since ~2018
CDN
F5 Distributed Cloud
Volterra · ~30 PoPs · since ~2020
WAF
F5 Distributed Cloud
volt-adc · wes-sea PoP
Bot Management
F5 XC (Binary)
Allow/block only — no scoring
API Security
None Detected
api.unum.com on bare IP
Network DDoS
None
15 prefixes, direct transit
Email Security
Proofpoint
+ Agari/Fortra DMARC analytics
Identity / SSO
Okta + Google Cloud
Replaced ADFS · dual SSO paths
APM / Monitoring
Dynatrace
RUM active on login.unum.com
AI Platform
Anthropic (Claude)
Domain-verified on unum.com + coloniallife.com
CMS
Sitecore v10
Delivered via F5 XC
Cloud / CRM
AWS + Salesforce
CloudFront (portal) · SFDC (my.unum)
Core Infrastructure
AWS Route 53Managed DNS
Category
Managed DNS
Nameservers
4 AWS NS
ns-498.awsdns-62.com
ns-754.awsdns-30.net
ns-1424.awsdns-50.org
ns-1613.awsdns-09.co.uk
DNSSEC
Not Enabled
CAA Records
None Published — any CA can issue certs
IPv6 (AAAA)
None — entire estate is IPv4-only
Wildcard
Yes → 11.9.0.1 (sinkhole catch-all)
Est. Activation
~2018   High
CF Opportunity: 1-click DNSSEC, CAA mgmt, native IPv6, DNS analytics, DDoS-resilient anycast
F5 Distributed CloudCDN (Volterra)
Category
Content Delivery Network
Coverage
www.unum.com, coloniallife.com, unumgroup.com
+ Sitecore CMS delivery
PoPs
~30 global PoPs (vs CF 300+)
Location Header
x-volterra-location: wes-sea (Seattle)
Gaps
portal (CloudFront), my (SFDC), login (bare nginx) — NO F5 CDN
HSTS
1yr, no preload (login has 2yr + preload)
Est. Activation
~2020–2021   Medium
CF Opportunity: 300+ PoPs — 10x F5 XC coverage. Unified CDN across ALL properties
F5 Distributed CloudWAF (volt-adc)
Category
Web Application Firewall
XSS Test
HTTP 403 — blocked or bot detection
SQLi Test
HTTP 403 — blocked or bot detection
Assessment
Cannot distinguish WAF blocks from bot blocks — aggressive 403 to all non-browser agents
Coverage
Main sites only — portal, login, api unprotected
Missing Headers
No CSP, X-Frame-Options, X-Content-Type-Options on www
Est. Activation
~2020–2021   Medium
CF Opportunity: Managed WAF rulesets, Transform Rules for missing headers, ALL-domain coverage
F5 XC (Binary)Bot Management
Category
Bot Management
Status
Active but basic
Approach
Binary allow/block — returns 403 to all non-browser agents
JS Challenge
None observed — no graduated scoring
Risk
Credential stuffing on login/SSO, claims fraud, scraping
Comparison
Binary vs CF's ML-based 1-99 scoring
Confidence
High
CF Opportunity: CF Bot Mgmt — ML scoring (1-99), JS challenge, Turnstile CAPTCHA
None DetectedAPI Security / Gateway
Category
API Security
API Gateway
None detected
api.unum.com
Bare IP (192.136.182.127) — no WAF/gateway
CSP Header (www)
Missing
X-Frame-Options (www)
Missing
X-Content-Type-Options (www)
Missing
Confidence
High
CF Opportunity: API Shield (schema validation, mTLS, rate limiting), Transform Rules
Cloud, Hosting & Network
Unum GroupOn-Prem (AS29888)
Category
Self-Managed Network
ASN
AS29888 (UNUMGROUP-AS)
IP Blocks
192.136.176.0/22
192.136.180.0/22
204.10.44.0/23
+ 12 more prefixes
(~5,632 total IPs)
Transit
Lumen (AS3356), BT (AS2856), + 4 others
DDoS
None — direct transit only
IPv6
Not deployed anywhere
Est. Activation
Pre-2010   High
CF Opportunity: Magic Transit for DDoS on 15 announced /24 blocks + Spectrum for non-HTTP
Amazon AWSCloudFront + Route 53
Category
Cloud Services
Services
Route 53 (DNS), CloudFront (portal CDN), SES (email)
Portal
portal.unum.com → d1yo0so699pivn.cloudfront.net
Portal WAF
No WAF on portal — CloudFront alone
Portal Headers
No CSP, X-Frame-Options, X-Content-Type-Options
Confidence
High
CF Opportunity: CF in front of CloudFront — WAF + headers + caching + bot mgmt
CSC / Corporation Service Co.SSL Certificates + DNS (partial)
Category
Certificate Authority + DNS
Edge Cert
CSC RSA OV SSL CA 2
CN: sitecore.unum.com
Validity
6-month cert (May–Nov 2026)
SANs
50+ SANs incl. temp.* and v10pub.*
SAN Leak
Staging (temp.*) + CMS version (v10pub.*) in production cert
Split DNS
CSC DNS on dental/vision domains — not Route 53
Confidence
High
CF Opportunity: Universal SSL (auto-renew), Advanced Certificate Manager, consolidate DNS
F5 BigIP (Legacy)On-Prem Load Balancer
Category
Load Balancer (Legacy)
Active On
careers.unum.com → server: BigIP
Behavior
302 redirect to unumgroup.com/careers
Status
Legacy — F5 XC migration incomplete
Note
Unum migrated from BigIP to F5 XC cloud; this is a remnant
Confidence
High
Sitecore v10Content Management System
Category
CMS
Delivery
sitecore.unum.com → ves-io-*.ac.vh.ves.io (F5 XC)
Version
v10 exposed via v10pub.* in cert SANs
Brands
sitecore.unum.com, sitecore.coloniallife.com, sitecore.unumgroup.com
Staging
temp.* subdomains in prod SSL cert
Est. Activation
~2020   Medium
CF Opportunity: CF works with Sitecore via standard origin pull — no CMS changes needed
Email, Identity & Security
ProofpointEmail Security Gateway
Category
Email Security
MX
mxa/mxb-004bf101.gslb.pphosted.com (pri 10)
DMARC
p=reject (strongest)
SPF
Soft fail (~all) — should be -all
DKIM
M365 + SendGrid + Mailchimp selectors
DMARC Analytics
Agari/Fortra (rua/ruf → unum@r*.agari.com)
Est. Activation
~2020   High
CF Opportunity: CF Email Security — complement or replace Proofpoint. SPF ~all is a conversation starter
Microsoft 365Email & Collaboration
Category
Email & Collaboration
Tenant
unum.onmicrosoft.com
Verification
MS=ms23553980
DKIM
selector1/selector2 active
Autodiscover
autodiscover.unum.com → email.unum.com (204.10.45.10)
Confidence
High
Okta + Google CloudSSO / Identity Provider
Category
Identity & Access
Okta Tenant
unum.okta.com Active (x-okta-request-id confirmed)
Google SSO
sso.unum.com — via: 1.1 google header
Former IdP
ℹ Microsoft ADFS — adfs/sts/idp/fs all sinkholed
Zero Trust
In progress — VPN/Citrix/remote sinkholed, Okta active
Est. Activation
~2022   Medium
CF Opportunity: Cloudflare One (ZTNA) — unify Okta + Google SSO under one policy engine
Twilio SendGridTransactional Email
Category
Transactional Email
Account
u27078921.wl172.sendgrid.net
DKIM
s1/s2 selectors active
Purpose
Policy notifications, claims updates, benefits alerts
Confidence
High
MailchimpMarketing Email
Category
Marketing Email
DKIM
k1 selector (dkim.mcsv.net)
Purpose
Marketing campaigns, newsletters, open enrollment comms
Confidence
High
AI Platforms, SaaS & Third-Party Services
AnthropicClaude AI
Evidence
anthropic-domain-verification TXT on unum.com AND coloniallife.com
Use Cases
Likely: claims processing, customer service, internal productivity
Confidence
Confirmed
CF: AI Gateway — observability, caching, rate limiting, model fallback
DynatraceAPM / Real User Monitoring
Evidence
dynatrace-site-verification TXT + X-OneAgent-JS-Injection header on login.unum.com
Purpose
Application Performance Monitoring, RUM, synthetic monitoring
Confidence
Confirmed
SalesforceCustomer Community Portal
Evidence
my.unum.com → *.live.siteforce.com (sfdcedge server)
Purpose
Policyholder self-service, benefits portal
Confidence
Confirmed
JamfApple Device Management
Evidence
jamf-site-verification TXT record
Purpose
MDM — Apple device fleet management
Confidence
Confirmed
MongoDB AtlasCloud Database
Evidence
mongodb-site-verification TXT record
Purpose
Cloud database services
Confidence
Confirmed
Other SaaSCollaboration & Tools
Verified
Foxit · Adobe Sign · Canva x2 · Miro · Smartsheet · VMware Cloud · Zywave · Meltwater · Validity · Amazon SES x2 · Apple x2 · Google x3
Note
20+ SaaS vendors domain-verified
Confidence
Confirmed
Subsidiaries & Sister Domains
coloniallife.comPrimary Sister Brand
DNS
AWS Route 53
WAF/CDN
F5 Distributed Cloud (volt-adc)
Email
Same Proofpoint setup
DMARC
p=reject
AI
ℹ Also has Anthropic domain verification
Confidence
High
unumgroup.comCorporate Domain
DNS
AWS Route 53
WAF/CDN
F5 Distributed Cloud (volt-adc)
Purpose
Investor relations, careers, corporate comms
Careers
careers.unum.com → 302 → unumgroup.com/careers (BigIP)
Confidence
High
Dental & Vision Domains Split DNS Provider
Domains
unumdentalcare.com
unumvisioncare.com
coloniallifedental.com
DNS
CSC DNS (dns1.cscdns.net) — NOT Route 53
Hosting
192.136.182.239 (same Unum IP)
Risk
GOVERNANCE — different DNS mgmt from core brands
Confidence
High
CF Opportunity: Consolidate ALL domains under one DNS platform
benefitslearningcenter.comBenefits Education
DNS
AWS Route 53
IP
192.136.182.238 — different IP from main (.239)
WAF/CDN
Connection timeout — may be firewalled or down
Risk
Separate IP, unclear protection
Confidence
Medium
Legacy Brand DomainsMixed Status
colonial-paulrevere.com
Route 53 · resolves to main IP · legacy brand
ftp.unum.com
204.10.44.188 — NOT sinkholed (legacy FTP)
temp.* in SSL SAN
Staging hostnames in production cert
v10pub.* in SSL SAN
Sitecore version exposed in cert metadata
Confidence
High
CF Opportunity: CF Registrar for domain consolidation + cert hygiene
Legacy Infrastructure & Shadow IT
Microsoft ADFS / Citrix / VPN Properly Decommissioned
Sinkholed
adfs · sts · idp · fs · vpn · citrix · remote · owa · webmail · exchange — all → 11.9.0.1
Meaning
Unum migrated from on-prem ADFS + Citrix + VPN to Okta + Google SSO + Zero Trust
Risk
LOW — properly decommissioned via DNS sinkhole
Note
25+ subdomains sinkholed — strong hygiene discipline
ftp.unum.com Legacy FTP — NOT Sinkholed
Finding
ftp.unum.com → 204.10.44.188 (live IP, not sinkholed like others)
Risk
HIGH — FTP is insecure protocol, publicly resolvable
Status
Connection timeout — likely firewalled, but DNS record should be removed
Fix
Sinkhole to 11.9.0.1 or delete A record entirely
Security Header Inconsistency Config Drift
login.unum.com
Strong — CSP, HSTS preload, X-XSS, X-Content-Type, nosniff
www.unum.com
Weak — HSTS only. No CSP, XFO, XCTO
portal.unum.com
Weak — HSTS only. No CSP, XFO, XCTO
Risk
MEDIUM — inconsistent posture across endpoints
DNS Governance Gaps Multiple Issues
DNSSEC
Not enabled — DNS spoofing risk
CAA
Not published — any CA can issue certs
IPv6
Not deployed — compliance risk increasing
SPF
Soft fail (~all) — should be hard fail (-all)
Split DNS Management GOVERNANCE
Route 53
unum.com, coloniallife.com, unumgroup.com, benefitslearningcenter.com, colonial-paulrevere.com
CSC DNS
unumdentalcare.com, unumvisioncare.com, coloniallifedental.com
Risk
MEDIUM — config drift, inconsistent security policy
Fix
Migrate all to single DNS platform with RBAC
Competitive Landscape — Big Players (Employee Benefits / Life & Disability Insurance)
MetLifemetlife.com
DNS
Self-managed (ns2.metlife.com)
CDN/WAF
None detected
Server
Apache
Cloudflare
No
Prudentialprudential.com
DNS
Imperva (impervasecuredns.net)
CDN/WAF
Imperva / Incapsula
Bot Mgmt
Imperva
Cloudflare
No
Aflacaflac.com
DNS
MarkMonitor
CDN/WAF
Akamai
Bot Mgmt
Akamai
Cloudflare
No
Sun Lifesunlife.com
DNS
Akamai (akam.net)
CDN/WAF
Akamai
Bot Mgmt
Akamai
Cloudflare
No
Guardian Lifeguardianlife.com
DNS
UltraDNS
CDN/WAF
Imperva / Incapsula
Bot Mgmt
Imperva
Cloudflare
No
Competitive Landscape — Aligned Competitors (Unum's Direct Market Segment)
Reliance Standardreliancestandard.com — ON CLOUDFLARE
DNS
Self-managed (ns1.rsli.com)
CDN/WAF
Cloudflare (104.18.x IPs)
Status
Full Cloudflare CDN + WAF
Talking Point
"Your direct competitor already chose Cloudflare."
Voya Financialvoya.com — CLOUDFLARE DNS
DNS
Cloudflare (will.ns.cloudflare.com)
CDN
Fastly
Status
Cloudflare DNS with Fastly CDN
Talking Point
"Voya trusts Cloudflare for DNS. You still use Route 53."
Lincoln Financiallincolnfinancial.com
DNS
Self-managed (ns2.lfg.com)
CDN/WAF
None detected
Server
F5 BigIP
Cloudflare
No
Mutual of Omahamutualofomaha.com
DNS
Self-managed
CDN/WAF
None detected
Server
Apache
Cloudflare
No
Anthem (Elevance)anthem.com
DNS
Akamai (akam.net)
CDN/WAF
Akamai
Server
Custom
Cloudflare
No
Top 5 Cloudflare Sales Entry Points
#1 — Competitors Are HereCompetitive Proof Point
Finding
Reliance Standard runs full Cloudflare CDN/WAF. Voya Financial uses Cloudflare DNS. Zero of the top 10 big players use CF — greenfield industry.
Talk Track
"Your direct competitors already chose Cloudflare. You'd be joining, not pioneering."
Products
DNS CDN WAF Bot Mgmt
Confidence
High — verified via DNS/IP
#2 — Security Header GapInconsistent Posture
Finding
login.unum.com has excellent security headers (CSP, HSTS preload, X-XSS, nosniff). But www.unum.com is missing CSP, X-Frame-Options, and X-Content-Type-Options entirely.
Talk Track
"Your login page is locked down, but your main site is wide open to clickjacking. Cloudflare fixes this in one rule — no code changes."
Products
Transform Rules WAF API Shield
Confidence
High — verified via HTTP headers
#3 — 10x Network AdvantagePerformance & Reach
Finding
F5 Distributed Cloud has ~30 global PoPs. Cloudflare has 300+. For a company serving policyholders in all 50 states, latency matters.
Talk Track
"Your policyholder in rural Tennessee hits a Seattle PoP. With Cloudflare, they hit one within 50 miles."
Products
CDN WAF Argo Smart Routing
Confidence
High — x-volterra-location confirmed
#4 — Unprotected APIAPI Security Gap
Finding
api.unum.com resolves to a bare IP (192.136.182.127) within Unum's ASN — no WAF, no API gateway, no rate limiting, no schema validation detected.
Talk Track
"Your API sits on a bare IP with no gateway. For an insurance company handling PII, that's a conversation worth having."
Products
API Shield mTLS Rate Limiting
Confidence
High — verified via DNS + timeout
#5 — AI + Zero TrustPlatform Modernization
Finding
Anthropic domain verification on BOTH unum.com and coloniallife.com confirms AI evaluation. VPN/Citrix/ADFS all sinkholed — Zero Trust transition underway.
Talk Track
"You're already betting on AI and Zero Trust. Cloudflare AI Gateway + ZTNA is purpose-built for where you're headed."
Products
AI Gateway Cloudflare One Access
Confidence
High — Anthropic TXT + sinkholed VPN/ADFS
Confidence Summary