The volume, sophistication, and costs associated with today’s cyberattacks, particularly ransomware, are forcing rapid changes in the risk assessment process that insurance carriers undertake to determine a policyholder’s overall cyber risk and insurability.
What used to be just a couple of pages of basic questions about cyber hygiene is now an extensive underwriting process that demands detailed information on security controls, including endpoint detection and response, behavioral detection, next-generation anti-virus, and incident response capabilities.
The largest, most influential insurers are now referring to these and other security controls as “minimum requirements,” according to a recent report by leading insurance broker Marsh. “The adoption of certain controls has now become a minimum requirement of insurers, with organizations’ potential insurability on the line,” the report states.
Let’s take a look at seven of these new minimum security requirements and how AI-driven Cybereason XDR not only maps to each but can help your organization predict, detect and respond to cyberattacks at planetary scale and across the entire enterprise, including endpoints, networks, identities, cloud and application workspaces.
The New Minimum Requirements
#1 - Endpoint Visibility
Insurers want to see an Endpoint Detection and Response (EDR) capability that provides real-time visibility into malicious activities, even as attackers attempt to breach your environment and stop them immediately.
Cybereason is mapped tightly to the MITRE ATT&CK framework, which maps adversarial tactics, techniques, and procedures (TTPs) and is the gold standard for both Endpoint Security vendors and security practitioners. This year, Cybereason achieved the best results in the history of the MITRE ATT&CK Enterprise Evaluation, with 100% visibility into ATT&CK TTPs.
The MalOp Detection Engine is the core of how Cybereason provides this level of visibility to our customers, and in this round, we demonstrate the complete picture of the threat. Cybereason was the only vendor to deliver a perfect visibility score.
#2 - Telemetry Collection
Insurers are increasingly looking for security platforms that collect a significant amount of telemetry from endpoints, so it can be mined for signs of attack with a variety of analytic techniques.
Last year, Cybereason and Google Cloud unveiled Cybereason XDR powered by Google Cloud, the first AI-driven XDR platform capable of ingesting and analyzing threat data from across the entire IT environment. AI-driven Cybereason XDR combines the Cybereason MalOp™, which analyzes more than 23 trillion security events per week to deliver instant detection and incident response, with Google Cloud's unrivaled ability to ingest and normalize petabytes of data from the entire IT environment for planetary-scale protection.
Cybereason delivers 100% real-time detection by leveraging all your data. While other solutions filter valuable event data, Cybereason uses more than 30 sources of telemetry to correlate all relevant data in real-time.
#3 - Behavioral Detection
Major insurance providers have become more sophisticated in their assessments of EDR solutions and are now looking for platforms capable of detecting indicators of behavior (IOBs), the more subtle signs of network compromise.
Security researchers can’t solely rely upon Indicators of Compromise (IOCs) to detect sophisticated attackers. Advanced threat actors compile their code so that it doesn’t match other known file hashes or malware signatures, rendering IOCs ineffective for detection. Advanced attackers also commonly inject false artifacts into IOC databases in order to ratchet up the noise and thereby complicate organizations’ response efforts. They do this all while using Living off the Land (LotL) techniques along with fileless malware in an attempt to leave as few traces of malicious activity behind as possible.
Out-of-the-box, Cybereason XDR provides Predictive Ransomware Protection and automatically blocks malicious executions and activity. Cybereason recognizes the seemingly innocuous chains of behaviors and detects and blocks those behaviors before encryption takes place. This combined with our award-winning NGAV, AV, script-based, and file-based protection ensures that both known and never before seen ransomware never gets through.
Cybereason also identifies and stops malicious behaviors resulting from nefarious macros in Excel sheets or other documents—regardless of if a signature exists for these malicious files. Fileless Protection discovers and blocks memory-based attacks or other fileless techniques based on the activity the systems exhibit.
#4 - Integrated Threat Intelligence
Another critical part of today’s cyber insurance risk assessment process is evaluating the degree to which threat intelligence is integrated into a company’s security platform.
Proprietary and third-party threat intelligence is continuously aggregated and injected into the Cybereason XDR Platform in real-time. Cybereason analyzes 9.8PB of threat intelligence weekly to reveal the full attack story from the root cause across every affected endpoint and user.
The Cybereason Nocturnus Team has brought the world’s brightest threat intelligence analysts and malware reverse engineers who work around the clock from our Global SOCs in the U.S., Israel, and Japan to uncover emerging threats and ensure the delivery of actionable threat intelligence to defend the endpoint, the enterprise, and everywhere the battle is being waged by defenders.
#5 - Real-Time Alerting and Automated Response
Cyber insurance risk assessors want to see solutions that operate in real-time, provide accurate alerting, and automate threat response. This requires detection engines that produce minimal false positives and the ability to set automated response policies.
In this year’s MITRE ATT&CK Enterprise Evaluation, Cybereason achieved 100% real-time detection, and 100% threat detection across all 19 attack steps exhibited by Wizard Spider and Sandworm threat groups, who use Ryuk and other forms of advanced ransomware.
With Cybereason XDR, analysts can execute a full suite of remediation actions from machine isolation and process killing to removing persistence mechanisms, all from within an intuitive point and click interface.
#6 - Cloud-Based EDR
Many cyber insurers want to see a cloud-based EDR solution that integrates smoothly with current systems and provides intuitive remote access to controls.
Organizations today operate in a complex world with data and workloads on-premises, in the public cloud, at the edge, and in hybrid configurations. With native integrations into Azure, AWS, and Google Cloud, Cybereason XDR monitors for signs of account takeover and data exfiltration and can protect cloud workloads against emerging threats like exploitation of undisclosed vulnerabilities and zero-day attacks.
Many organizations struggle to manage multiple tools for tasks that should be combined into a single user interface. The administrative overhead to implement device controls, personal firewalls, and review full-disk encryption for a large endpoint infrastructure can be daunting when you have to juggle multiple administrative screens.
With Cybereason Endpoint Controls, you can log in to a single administrative screen or a complete, easy-to-scan view of device controls, personal firewalls, and disk encryption across each of your endpoints. Each of these management capabilities comes as part of the same agent used for Cybereason NGAV and EDR, so you can keep performance high and IT complexity low.
#7 - Logging and Monitoring
Cyber insurance providers are demanding clients have effective logging capabilities and the appropriate tools to collect, correlate, and alert in case of an incident. According to Marsh, logs should be accessible for at least the last three months and backed up for a minimum of one year.
Infosec teams today are facing burnout and overload from low-context alerts, of which more than half are typically false positives. As organizations expand and add assets and data sources, log management and SIEM solutions struggle to scale and become increasingly cost-prohibitive.
Cybereason XDR provides a unified investigation and response experience that links together the diverse ways we work: on remote endpoints, mobile devices, cloud platforms, and email to prevent, end, and predict malicious operations. Cybereason XDR also integrates with leading firewall and NDR vendors to consolidate alerts and correlate network context with user and asset activity.
The Cybereason MalOp Detection Engine is the power behind this operation-centric approach. Instead of being alerted about individual events, analysts can instantly understand the entire attack progression across every device, user identity, application, and cloud deployment to end them immediately. The Cybereason MalOp provides automated and guided response actions to reduce human error, upskill analysts and achieve a 10x faster time to response than competing solutions.
Cybereason is dedicated to teaming with Defenders to end cyber attacks from endpoints to the enterprise to everywhere - including modern RansomOps attacks. Learn more about ransomware defense here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
