The cyber insurance checklist
The cyber insurance checklist
Cyber insurance has become a common component in organizations’ cybersecurity strategies to mitigate the financial damage of successful attacks. However, the consistent increase in ransomware attacks has led insurance carriers to harden the requirements from customers who wish to purchase or renew a cyber policy.
As of August 2021, organizations are required to have an EDR solution on their endpoints as well as MFA protection covering a range of organizational resource access. While the first requirement can be easily met, complying with the MFA checklist is a much harder challenge since it explicitly requires the deployment of MFA on resources and access interfaces that are, by design, beyond the scope of traditional MFA solutions.
The new requirements aim to increase the resilience of two key attack surfaces: Endpoint and User Identity.
Endpoint Requirement: Endpoint Detection and Response (EDR)
Traditionally, insurance carriers were content with the protection signature-based anti-virus (AV) has delivered against malware attacks. However, the gradual evolution of fileless-malware, weaponized macros, exploits and malicious script, as well as the light-speed pace at which new malware is created, has materially reduced the effectiveness of this protection. EDR, which is based on behavioral analysis rather than fixed signatures, provides significantly higher prevention, detection and response capabilities.
User Identity Requirement: Multi-Factor Authentication (MFA)
User accounts are the key to accessing company resources – SaaS applications, on-prem servers and workstations, cloud workloads and many others. As a result, attackers are continuously striving to compromise the credentials of these accounts, with more than 15B credentials circulating on the dark web for sale. MFA is the most effective protection against this attack scenario, reducing by 99% the likelihood of utilizing compromised credentials for actual malicious access.
Insurance carriers state that they require additional security measures of EDR and MFA to increase resilience to ransomware attacks. EDR products address this objective by preventing the delivery, execution of ransomware payloads. MFA addresses the less known but extremely harmful stage of ransomware propagation.
Ransomware propagation relies on logging into additional machines with user credentials, enforcing MFA on these logins can mitigate this threat completely. Any attempted login with compromised user credentials would trigger an MFA notification for the actual user, which would deny the request access and block the propagation altogether.
Complying with EDR requirements is straightforward – simply choose one of the many EDR solutions in the market. Jarviss supports SentinelOne & Palo Alto Networks in this matter. However, complying with the MFA requirement is far more challenging:
- How to cover cloud based email?
- How to protect remote network access (contractors, 3rd party service providers, …)?
- How to protect admin access (directory services, backup systems, infrastructure systems, …)?
Your options to comply to the MFA requirements:
- Use multiple MFA solutions: Protecting email and remote network access with their native MFA and tailoring an additional MFA solution to the admin access. This approach entails operational complexity in managing multiple solutions in parallel as well as a lack of coverage for admin access.
- Multiple MFA Solutions + Privileged Access Management: Protecting email and remote network access with their native MFA and implementing a PAM solution for the admin access. This approach will prove impractical for most organizations due to the lengthy deployment processes and management overhead that PAM solutions require.
- Silverfort Unified Identity Protection Platform MFA: MFA protection for all required access types: email, remote network access and admin access in a single solution.
Silverfort utilizes agentless and proxyless technology to extend MFA to any resource and access interface across the on-prem and multi-cloud enterprise environment. This includes assets that could never have been protected with MFA before, such as legacy and homegrown applications, command line access tools, industrial and healthcare systems, file shares, databases and more.
This makes Silverfort an ideal solution for the new cyber insurance MFA checklist.
Jarviss has extensive experience with EDR & MFA. Feel free to reach out for further information or take a look at the Ziekenhuis Oost Limburg reference case: