Why is endpoint detection and response (EDR) considered non-negotiable for companies seeking catastrophic coverage for cyber incidents like ransomware?
Every cyber insurer agrees on one thing – a set of controls to protect endpoints is a non-negotiable requirement for insurability. Without a demonstrably solid set of endpoint management and protection measures in place and operational 100% of the time, organizations that have cyber insurance will lose it, according to cyber insurance brokers like Marsh and Aon.
Analysts, particularly Gartner analysts, are also making it clear that cyber insurance requires an integrated mesh of controls – called a cybersecurity mesh architecture. These need to be integrated so contextualized enforcement decisions are made fast enough to meet business needs. EDR works better because it detects malicious behavior of the software and doesn’t rely on a known list of previously detected exploits. Insurance companies prefer EDR as it reduces your risk compared to traditional antivirus.
Increasingly, companies are unable to qualify for cyber insurance because they don’t have the basic controls, like EDR, in place. According to insurers and brokers, there are thirteen essential security technologies that must be in place, continuously operational, and demonstrated to be effective for cyber insurance coverage. The baseline is a combination of people with the skills to implement these controls, technical controls, and the processes to implement, test, verify and sustain them:
- Multifactor Authentication (MFA) for remote access and admin/privileged accounts
- Endpoint Detection and Response (EDR)
- Secured, encrypted, and tested backups
- Privileged access management (PAM)
- Email filtering and web security
- Patch management and vulnerability management
- Cyber incident response planning and testing
- Cybersecurity awareness training and phishing training/testing
- Hardening techniques including RDP mitigation
- Logging and monitoring network protection
- EOL systems replaced or protected
- Vendor/digital supply chain management
- M&A Due Diligence and Integration
VMware is uniquely positioned to assist customers who require cyber insurance because of our end-to-end cybersecurity mesh architecture (Gartner’s term). With EDR, NGAV, AppControl, and the security intelligence of VMware Contexa combined, Carbon Black customers can confidently implement controls that will meet cyber insurance requirements, not just for EDR but for patch and vulnerability management. The Contexa security intelligence data lake provides advanced visibility and context that surpasses the log collection, storage, and correlation of SIEMs. With networking features like SASE, WAF, distributed firewalls, and ATP, NSX exceeds the logging and monitoring network protection. Combined with workloads running on vSphere and protected by Carbon Black, our customers will be implementing forward-thinking, cloud-smart security along the lines of recommendations from industry analysts, and able to demonstrate the technical controls cyber insurers require.
In today’s market, it is a grave oversight to assume that cyber risk will be mitigated by reliance on a cyber insurance policy. In a recent presentation in Santa Monica sponsored by the Los Angeles (LA) Information Systems Security Association (ISSA), Bryan Hurd of Stroz-Frieberg (a division of Aon) made it very clear: your chances of preventing ransomware without having basic controls like Endpoint Detection and Response (EDR) in place are very slim. In addition, the insurance qualifications are done before placement, so the lack of basic controls (MFA, good backups, network segmentation, EDR, Incident plans, etc) will lead to a declined policy and a lack of insurance.