Skip to content

Cyber insurance has become a common component in organizations’ cybersecurity strategies to mitigate the financial damage of successful attacks.

However, the consistent increase in ransomware attacks has led insurance carriers to harden the requirements from customers who wish to purchase or renew a cyber policy.

As of August 2021, organizations are required to have an Endpoint Detection and Response (EDR) solution on their endpoints as well as Multi-factor Authentication (MFA) protection covering a range of organizational resource access.

While the first requirement can be easily met, complying with the MFA checklist is a much harder challenge since it explicitly requires the deployment of MFA on resources and access  interfaces that are, by design, beyond the scope of traditional MFA solutions.

The new requirements aim to increase the resilience of two key attack surfaces: Endpoint and User Identity.

In the next sections, we will guide you through the best practices for EDR and MFA. So make sure to bookmark this page as your Cyber Insurance Checklist.

 

Endpoint Requirement: Endpoint Detection and Response (EDR)

Traditionally, insurance carriers were content with the protection signature-based anti-virus (AV) has delivered against malware attacks. However, the gradual evolution of

  • fileless malware,
  • weaponized macros,
  • exploits and malicious script, and
  • the light-speed pace at which new malware is created,

has materially reduced the effectiveness of this protection.

EDR, which is based on behavioral analysis rather than fixed signatures, provides significantly higher prevention, detection and response capabilities.

 

User Identity Requirement: Multi-Factor Authentication (MFA)

User accounts are the key to accessing company resources, for instance, SaaS applications, on-premises servers and workstations, cloud workloads and many others.

As a result, attackers are continuously striving to compromise the credentials of these accounts, with more than 15B credentials circulating on the dark web for sale. MFA is the most effective protection against this attack scenario, reducing the likelihood of utilizing compromised credentials for actual malicious access by 99%.

Insurance carriers state that they require additional security measures of EDR and MFA to increase resilience to ransomware attacks.

  • EDR addresses this objective, preventing the delivery, execution of ransomware payloads.
  • MFA addresses the less known but extremely harmful stage of ransomware propagation.

Ransomware propagation relies on logging into additional machines with user credentials. By enforcing MFA on these logins, you can mitigate this threat completely.

Any attempted login with compromised user credentials would trigger an MFA notification for the actual user, which would deny the request access and block the propagation altogether.

Complying with EDR requirements is straightforward – simply choose one of the many EDR solutions in the market.

Jarviss supports SentinelOne & Palo Alto Networks in this matter. However, complying with the MFA requirement is far more challenging:

  • How to cover cloud-based email?
  • How to protect remote network access (contractors, 3rd party service providers, …)?
  • How to protect admin access (directory services, backup systems, infrastructure systems, …)?

3 Options to Comply with Multi-Factor Authentication (MFA)

Option 1: Use multiple MFA solutions

This option involves 1) protecting email and remote network access with their native MFA and 2) tailoring an additional MFA solution to the admin access.

Do keep in mind that following this approach could add operational complexity due to the management of multiple solutions in parallel and the lack of coverage for admin access.

Option 2: Multiple MFA Solutions & Privileged Access Management (PAM)

This approach entails 1) protecting email and remote network access with their native MFA and 2) implementing a PAM solution for the admin access.

For most organizations, this option could potentially prove impractical due to the lengthy deployment processes and management overhead that PAM solutions require.

Option 3: Silverfort Unified Identity Protection Platform MFA

Lastly, this option includes MFA protection for all required access types: email, remote network access and admin access in a single solution.

Silverfort utilizes agentless and proxyless technology to extend MFA to any resource and access interface across the on-prem and multi-cloud enterprise environment. This includes assets that could never have been protected with MFA before, for instance,

  • legacy and homegrown applications,
  • command line access tools,
  • industrial and healthcare systems,
  • file shares,
  • databases and more.

This makes Silverfort an ideal solution for the new cyber insurance MFA checklist.

 

Jarviss has extensive experience with EDR & MFA. Recently, we helped Ziekenhuis Oost Limburg protect all AD authentications using Silverfort. Read the full case study below. If you would like to discuss  your EDR and MFA challenges, send us an email at info@jarviss.nl or give us a call at +31 20 764 0807.

https://jarviss.nl/ziekenhuis-oost-limburg-testimonial-how-to-protect-all-ad-authenthications-using-silverfort/