Cyber Insurance Coverage Checklist: 5 Security Items

Carriers who require EDR as a security control should accept XDR as a solution. And with the main objective being to improve security maturity, organizations should be looking to enhance detection and response capabilities beyond EDR with XDR.

XDR is simply an extension of EDR. Whereas EDR only detects at the endpoint level, XDR can collect and correlate threat activity data across endpoints plus servers, cloud, networks, and email. Done well, XDR can help to contextualize threat data, providing only critical alerts instead of bogging down security teams with false positives.

With a graphical, attack-centric timeline view, SOCs can better understand how the user got infected, the first point of entry, how the threat spread, and a host of other helpful data to limit the scope of an attack.

As previously mentioned, carriers want to see if an organization has implemented the necessary security tools to stop ransomware. When XDR is combined with ZTNA, you have a better chance at combating costly ransomware attacks.

How does this work? First, ZTNA hardens the infrastructure against malicious attacks by establishing a source of truth to authenticate, authorize, and continuously monitor access against. Additionally, segmenting the network will slow down an attack by reducing lateral movement within the organization.

Then, XDR brings together information about possible attack elements like indicators of compromise (IoCs), network traffic logs, suspicious endpoint behavior, SaaS service requests, and server events for analysis. This forms the basis for an effective response, should any risky behavior be detected from XDR analysis.

With this approach, your security posture is enhanced, and you can effectively demonstrate how to stop ransomware attacks to cyber insurers.

In the event of a zero- or n-day event, lost revenue from business downtime as well as repair, PR, and legal associated costs are usually covered under cyber insurance. Thus, underwriters want to see if an organization has an effective patch management strategy in place before providing a quote.

The days of patching everything are gone. The time to attack is shrinking as exploits to vulnerable systems occur in just minutes, not days. For example, it only took the hacking group Hafnium five minutes to start scanning for vulnerabilities after Microsoft announced a zero-day vulnerability found in Microsoft Exchange Server. And while cybercriminals are quick to strike, it can take days for the vendor to release a patch, leaving your system unprotected and your business operations at risk.

The key to a strong patch management is prioritization. To achieve this, organizations need to focus on bugs that are relevant to their specific application systems. From there, security teams can identify which of those bugs have been actively exploited and if they are part of the business’ critical infrastructure.



Source link