Loader

The cyber insurance checklist

The cyber insurance checklist

Cyber insurance has become a common component in organizations’  cybersecurity strategies to mitigate the financial damage of successful  attacks. However, the consistent increase in ransomware attacks has  led insurance carriers to harden the requirements from customers who  wish to purchase or renew a cyber policy.

As of August 2021, organizations are required to have an EDR solution  on their endpoints as well as MFA protection covering a range of  organizational resource access. While the first requirement can be easily  met, complying with the MFA checklist is a much harder challenge since it explicitly requires the deployment of MFA on resources and access  interfaces that are, by design, beyond the scope of traditional MFA  solutions.

The new requirements aim to increase the resilience of two key attack surfaces: Endpoint and User Identity.

 

Endpoint Requirement: Endpoint Detection and Response (EDR)

Traditionally, insurance carriers were content with the protection signature-based anti-virus (AV) has  delivered against malware attacks. However, the gradual evolution of fileless-malware, weaponized  macros, exploits and malicious script, as well as the light-speed pace at which new malware is  created, has materially reduced the effectiveness of this protection. EDR, which is based on behavioral  analysis rather than fixed signatures, provides significantly higher prevention, detection and response  capabilities.

User Identity Requirement: Multi-Factor Authentication (MFA)

User accounts are the key to accessing company resources – SaaS applications, on-prem  servers and workstations, cloud workloads and many others. As a result, attackers are  continuously striving to compromise the credentials of these accounts, with more than 15B  credentials circulating on the dark web for sale. MFA is the most effective protection against  this attack scenario, reducing by 99% the likelihood of utilizing compromised credentials for  actual malicious access.

 

Insurance carriers state that they require additional security measures of EDR and MFA to increase  resilience to ransomware attacks. EDR products address this objective by preventing the delivery,  execution of ransomware payloads. MFA addresses the less known but extremely harmful stage of  ransomware propagation.

Ransomware propagation  relies on logging into additional  machines with user credentials,  enforcing MFA on these logins can  mitigate this threat completely. Any  attempted login with compromised  user credentials would trigger an  MFA notification for the actual user,  which would deny the request access  and block the propagation altogether.

 

Complying with EDR requirements is straightforward – simply choose one of the many EDR solutions in  the market. Jarviss supports SentinelOne & Palo Alto Networks in this matter. However, complying with the MFA  requirement is far more challenging:

  • How to cover cloud based email?
  • How to protect remote network access (contractors, 3rd party service providers, …)?
  • How to protect admin access (directory services, backup systems, infrastructure systems, …)?

 

Your options to comply to the MFA requirements:

  1. Use multiple MFA solutions: Protecting email and remote network access with their native MFA and tailoring an additional MFA solution to the  admin access. This approach entails operational complexity  in managing multiple solutions in parallel as well as a lack of  coverage for admin access.
  2. Multiple MFA Solutions + Privileged Access Management: Protecting email and remote network access with their native MFA and  implementing a PAM solution for the admin access. This approach will  prove impractical for most organizations due to the lengthy deployment  processes and management overhead that PAM solutions require.
  3. Silverfort Unified Identity Protection Platform MFA: MFA protection for all required access types: email, remote network access and admin access in a single solution.

 

Silverfort utilizes agentless and proxyless technology  to extend MFA to any resource and access interface  across the on-prem and multi-cloud enterprise  environment. This includes assets that could never  have been protected with MFA before, such as legacy  and homegrown applications, command line access  tools, industrial and healthcare systems, file shares,  databases and more.

 

This makes Silverfort an ideal solution for  the new cyber insurance MFA checklist.

 

Jarviss has extensive experience with EDR & MFA. Feel free to reach out for further information or take a look at the Ziekenhuis Oost Limburg reference case:

Ziekenhuis Oost Limburg testimonial: how to protect all AD authentications using Silverfort