Secure
Gap
Partial
ℹ Info
CF Opportunity
At-a-Glance — Who Runs What
NO INCUMBENT WAF/CDN — GREENFIELD OPPORTUNITY
DNS
MarkMonitor
Clarivate · Brand protection registrar
CDN
Vercel (basic)
Edge only for www · No true CDN
WAF
None
Vercel bot challenge ≠ WAF
Bot Management
None
Basic rate-limiting only
API Security
None
No API gateway detected
Network DDoS
None
2 dormant ASNs · No scrubbing
Email Security
Valimail + M365 EOP
DMARC reject · No dedicated SEG
Identity / SSO
Okta (×4 tenants)
+ Legacy ADFS on old domain
Cloud Security
Wiz
CSPM · OneTrust for privacy
AI Platform
Anthropic (Claude)
Domain-verified on both domains
Cloud / Hosting
Azure + AWS + Vercel
Multi-cloud · 7+ providers
CF Footprint
Already Present
wtwglobal.com on CF DNS · events via Cvent
Core Infrastructure
MarkMonitorManaged DNS (Clarivate)
Nameservers
4 MarkMonitor NS
ha1–ha4.markmonitor.zone
CAA Records
4 CAs authorized
amazonaws, digicert, globalsign, letsencrypt
Wildcard
Yes → 11.9.0.1 (sinkhole)
Est. Activation
~2010 (pre-merger) Medium
CF Opportunity: 1-click DNSSEC, native IPv6, DNS analytics, sub-5ms resolution
VercelWeb Hosting / Edge (www)
Category
CDN / Web Hosting
Coverage
www.wtwco.com only
CNAME → vercel-dns-013.com
SSL
Let's Encrypt R12 (DV, single-domain)
Bot Protection
Vercel challenge (rate-limit only)
Gaps
careers, media, benefits, events — different CDNs
Server Header
server: Vercel (disclosed)
Est. Activation
~2022 (rebrand) Medium
CF Opportunity: Unified CDN across ALL properties, Vercel origin-pull compatible
None DetectedWeb Application Firewall
Category
Web Application Firewall
XSS Test
HTTP 429 — Vercel rate-limit, NOT WAF
SQLi Test
HTTP 000 — connection dropped, NOT WAF
Path Traversal
HTTP 429 — same rate-limit, NOT path-aware
Assessment
NO WAF — $10B financial services company
Exception
careers.wtwco.com has AWS WAF (only subdomain)
CF Opportunity: CRITICAL — Managed WAF rulesets, immediate protection for main site
None DetectedBot Management
Status
No enterprise bot mgmt
JS Challenge
None — Vercel challenge is rate-based
Bot Headers
None (x-vercel-mitigated only)
Risk
Content scraping, credential stuffing, brand impersonation
Note
Financial services firms are high-value bot targets
CF Opportunity: Cloudflare Bot Mgmt — financial services-grade protection
None DetectedAPI Security / Gateway
API Gateway
None detected
CSP Header
Missing on www
X-Frame-Options
Missing on www
Referrer-Policy
Missing on www
CF Opportunity: API Shield, Transform Rules for headers, API Gateway
Cloud, Hosting & Network
Microsoft AzurePrimary Cloud
Category
Cloud Hosting (Primary)
Services
Azure Front Door (UAT), VMs (dev/test), Traffic Manager (auth/ADFS)
IPs
40.75.116.156 (dev)
52.252.49.214 (test)
Public Exposure
dev + test publicly resolvable on internet
Auth Infrastructure
ADFS + auth + access all on Azure via legacy domain
Est. Activation
~2016 (merger) High
CF Opportunity: Cloudflare Access for dev/test; CF in front of Azure origins
Amazon AWSSecondary Cloud
Category
Cloud Hosting (Secondary)
Services
CloudFront (careers), Global Accelerator (benefits, UK sites)
IPs
careers → d1npvk2p6yfyn6.cloudfront.net
benefits → 15.197.173.102 (GA)
UK → 3.33.139.32 (GA)
WAF
AWS WAF on careers only
Note
Different cloud from main site — separate teams
CF Opportunity: Multi-cloud proxy — fronts Azure + AWS seamlessly
WTW NetworkASNs (Dormant)
Category
Self-Managed Network
ASNs
AS21872 (WILLIS TOWERS WATSON)
AS54653 (WILLIS TOWERS WATSON)
Announced Prefixes
ZERO — both ASNs completely dormant
Transit
None — all traffic via provider networks (AWS AS16509, Azure AS8075)
DDoS
None — no dedicated scrubbing
Est. Registration
~2015 High (RIPE confirmed)
CF Opportunity: BYOIP + Magic Transit if ASNs reactivated
GlobalSign / Let's Encrypt / ACMSSL/TLS Certificates
Category
Certificate Management
Enterprise Cert
GlobalSign RSA OV wildcard
13+ domains, 6 countries in SAN
Vercel Cert
Let's Encrypt R12 (DV)
www.wtwco.com only
Careers Cert
Amazon ACM (DV)
careers.wtwco.com
CF Opportunity: Auto cert management, 1-click DNSSEC, Universal SSL
ImageEngine / CventSpecialized CDNs
Category
Specialized Content Delivery
ImageEngine
media.wtwco.com → imgeng.in
Varnish server · Image optimization CDN
Cvent
events.wtwco.com → pld.na1.cventcustom.com
Served via Cloudflare (cf-ray confirmed)
Exponential-E
cd.wtwco.com → 31.221.113.78 (UK ISP, AS25180)
Unknown purpose
Fragmentation
5+ CDN providers across subdomains
CF Opportunity: Consolidate all CDN providers under one Cloudflare dashboard
Email, Identity & Security
Valimail + M365 EOPEmail Security
MX
willistowerswatson-com.mail.protection.outlook.com (pri 10)
DMARC
p=reject (strongest)
SPF
Soft fail (~all) — macro-based via Valimail
DKIM
M365 + SendGrid + Mailchimp
Dedicated SEG
No Proofpoint / Mimecast
Est. Activation
M365 ~2015 · Valimail ~2019 High
CF Opportunity: CF Email Security — pre-delivery phishing protection on top of EOP
OktaSSO / Identity Provider (×4)
Category
Identity & Access
Tenants
wtw.okta.com
wtwco.okta.com
willistowerswatson.okta.com
willis.okta.com
Identity Sprawl
4 active Okta tenants = merger debt
Zero Trust
Not a full ZT architecture
Est. Activation
~2018 Medium
CF Opportunity: Cloudflare One (ZTNA + SASE) — unify 4 tenants, replace legacy ADFS
MicrosoftADFS / Entra ID (Legacy)
Category
Legacy Authentication
ADFS
adfs.willistowerswatson.com → wtwcorpadfs.trafficmanager.net
Auth Gateway
auth.willistowerswatson.com → Azure Front Door
Access Portal
access.willistowerswatson.com → accesswtw.trafficmanager.net
Risk
All auth on legacy pre-rebrand domain
Status
Likely being phased out for Okta
CF Opportunity: CF Access replaces ADFS — no VPN, identity-aware proxy
SendGrid / MailchimpTransactional & Marketing Email
SendGrid
DKIM selectors s1/s2
Active
Mailchimp
DKIM selector k2
Active
Purpose
Transactional notifications (SendGrid)
Marketing campaigns (Mailchimp)
SPF Macro
Valimail macro covers all senders
Wiz / OneTrust / HashiCorpCloud & Privacy Security
Category
Cloud Security & Compliance
Wiz
CSPM — cloud security posture
Domain-verified
OneTrust
Privacy/consent (4 verifications)
Heavy deployment
HashiCorp
HCP — Vault/Consul/Terraform
Domain-verified
Note
Strong cloud security posture but no edge security
CF Opportunity: CASB visibility across 20+ SaaS vendors
AI Platforms, SaaS & Third-Party Services
AnthropicClaude AI
Evidence
anthropic-domain-verification on BOTH wtwco.com and willistowerswatson.com
Use Cases
Enterprise AI assistants, risk analysis, actuarial modeling
CF: AI Gateway for rate limiting, caching, audit logging
SalesforceCRM (×2 Instances)
Evidence
2 org IDs verified:
00Db0000000YzaP
00Db0000000HZir
Note
2 instances = likely merger inheritance
AtlassianJira / Confluence
Evidence
2 atlassian-domain-verification TXT records
Purpose
Project mgmt, wiki, collaboration
DocuSign / FoxitDocument Management
Evidence
docusign + foxit TXT verifications
Purpose
E-signatures (DocuSign), PDF mgmt (Foxit)
Miro / Airtable / SmartsheetCollaboration
Evidence
miro (×2), airtable (×2), smartsheet TXT records
Purpose
Visual collaboration, low-code DB, project tracking
Cisco Webex / Pexip / MongoDBCommunications & Data
Evidence
webexdomainverification, pexip, mongodb TXT records
Purpose
Video (Webex/Pexip), Document DB (MongoDB)
Subsidiaries & Sister Domains
willistowerswatson.comLegacy Primary Domain
Hosting
Vercel (same as wtwco.com)
Auth Services
ADFS, auth, access, SSO all still here
Email
Same M365 + Valimail · DMARC reject
SSL
GlobalSign OV wildcard (13+ domain SAN)
Note: ALL authentication infra remains on this pre-rebrand domain — significant tech debt
wtwglobal.com ON CLOUDFLARE DNS
DNS
Cloudflare NS
dahlia / james.ns.cloudflare.com
Hosting
GoDaddy parking page (184.168.119.238)
Status
Parked but CF account exists
Implication
Someone at WTW has a Cloudflare dashboard
Action
Identify the account owner — foot in the door
CF Opportunity: Existing CF account is proof of trust — expand to full portfolio
wtw.com NOT OWNED BY WTW
DNS
flygt.com NS (Xylem Inc.)
Email
Proofpoint (Xylem's infrastructure)
Owner
Xylem Inc. (water technology, formerly WTW GmbH)
Risk
HIGH — brand confusion for a company named "WTW"
Action
WTW rebranded to "WTW" but doesn't own wtw.com
Note: Mention in meeting — brand risk talking point
wtwbenefits.com Separate Infrastructure
DNS
Linode (giantpanda.com NS) — NOT MarkMonitor
Hosting
Linode — multiple IPs
Risk
HIGH — no central governance
Note
Benefits division on completely separate infra stack
Security
Unknown security posture
CF Opportunity: Consolidate under Cloudflare with rest of portfolio
Other Brand DomainsMixed Status
willis.com
MarkMonitor · Vercel · pre-merger redirect
towerswatson.com
MarkMonitor · Vercel · pre-merger redirect
wtwco.co.uk
MarkMonitor · AWS Global Accelerator (UK)
gras-savoye.com
CSC DNS — acquired French broker, different registrar
wtw-group.com
HiChina (Alibaba) — China defensive reg
willisgroup.com
DnsOwl — parked defensive registration
CF Opportunity: DNS consolidation across 11+ domains, 3+ registrars
Legacy Infrastructure & Shadow IT
dev / test Environments Publicly Resolvable
Endpoints
dev.wtwco.com → 40.75.116.156 (Azure)
test.wtwco.com → 52.252.49.214 (Azure)
Risk
HIGH — pre-production on public DNS
Exposure
IP addresses visible to any scanner
Fix
Move behind Cloudflare Access or remove from public DNS
CF Opportunity: IMMEDIATE — Cloudflare Access, no VPN needed, afternoon deploy
Legacy ADFS Auth on Old Domain
Finding
adfs.willistowerswatson.com → Azure Traffic Manager
Risk
HIGH — legacy Windows auth = known attack vector
Also
auth + access + SSO endpoints on legacy domain
Fix
Modernize to Entra ID or Cloudflare Access
CF Opportunity: CF Access replaces ADFS — identity-aware reverse proxy
cd.wtwco.com Unknown UK Service
Finding
cd.wtwco.com → 31.221.113.78 (Exponential-E, UK ISP)
ASN
AS25180 — small UK ISP, not enterprise-grade
Risk
MEDIUM — possible orphaned CI/CD endpoint
Fix
Identify purpose; decommission or consolidate
Sitecore / Old Provider Remnants Stale Records
Sitecore
sitecore-site-verification TXT still present
(likely replaced by Vercel)
Autodiscover
autodiscover.wtwco.com → willistowerswatson.com (legacy ref)
Cert SAN Leaks
grassavoye.be/com/fr, willisre.com, wtwco.cn in GlobalSign cert
Risk
MEDIUM — info disclosure
Dormant ASNs Governance Risk
ASNs
AS21872 — Willis Towers Watson
AS54653 — Willis Towers Watson
Status
Zero prefixes announced — fully dormant
Risk
Governance — orphaned network assets still registered
Fix
Deregister or activate under BYOIP program
CF Opportunity: BYOIP + Magic Transit for any reactivated space
Competitive Landscape — Who Uses What
Aon~$15B Revenue · Direct Rival
DNS
Cloudflare gabe/jacqueline.ns.cloudflare.com
CDN/WAF
Cloudflare FULL STACK
Cloudflare?
FULL STACK — best peer reference for WTW
Marsh McLennan~$23B Revenue · #1 Broker
DNS
Self-managed (ns01–05.mmc.com)
CDN
AWS CloudFront · Apache
Gallagher~$11B Revenue · #4 Broker
CDN/WAF
Imperva / Incapsula (incapdns.net)
Lockton / Brown & BrownMid-Market Brokers
Lockton DNS
Cloudflare barbara/sam.ns.cloudflare.com
B&B DNS
Cloudflare betty/hans.ns.cloudflare.com
Cloudflare?
FULL STACK — both on CF DNS + CDN + WAF
Hub Int'l / USI InsuranceSpecialty Brokers
Hub DNS
CSC DNS · Cloudflare CDN
USI DNS
GoDaddy · Cloudflare CDN
Cloudflare?
CDN LAYER — cdn.cloudflare.net confirmed
Peer Scorecard — WTW vs. Industry
Top 5 Cloudflare Sales Entry Points
#1 — WAF + Bot MgmtMain Site Unprotected
~$10B financial services company with zero WAF on main site. Vercel bot challenge is rate-limiting only. Competitor Aon runs full Cloudflare stack. 5 of 7 peers already on CF.
Urgency
IMMEDIATE — GREENFIELD
#2 — Zero Trust / SASECloudflare One
4 Okta tenants + legacy ADFS on pre-rebrand domain. dev/test publicly resolvable. CF Access protects internal apps without VPN, deployable in an afternoon.
Urgency
HIGH — dev/test exposure
#3 — AI GatewayAI Gateway + API Shield
Confirmed Anthropic Claude deployment (domain-verified on both domains). No API governance. CF AI Gateway: rate limiting, caching, cost control, audit logging.
#4 — Email SecurityCF Email Security
No dedicated SEG — only M365 EOP. SPF soft-fail (~all) despite DMARC reject. CF Email Security adds pre-delivery phishing protection on top of existing M365.
#5 — CASB + DLPSaaS Visibility
20+ SaaS vendors verified via TXT records (Salesforce×2, Atlassian, MongoDB, Anthropic, Miro, Box, Airtable…). No CASB detected. CF CASB provides shadow IT governance.
Conversation Starters for AE
Peer Pressure
"Your direct competitor Aon runs their entire stack on Cloudflare. Your main site has no WAF. Five of your seven peers already use us."
Quick Win
"Your dev and test environments are publicly resolvable on Azure. Cloudflare Access can fix that in an afternoon — no VPN needed."
Existing Footprint
"You already have Cloudflare through Cvent and wtwglobal.com. Extending to your main properties is a natural next step."
AI-Native
"You're deploying Anthropic's Claude at enterprise scale. Cloudflare AI Gateway gives you rate limiting, cost control, and audit logging."
Identity Debt
"Four Okta tenants and legacy ADFS on a domain you rebranded from years ago — that's a lot of identity debt to carry."