A CISO's Guide to Cyber Liability Insurance

Editor's Notes

1. Not a single destination, but a journey. Security leaders need to continually reevaluate org’s strengths, weakness and goals while aligning security measures appropriately to foster business growth
2. http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ Data breaches have reached epidemic proportions globally. 781 publicly reported data breaches in 2015 Over a billion+ identities compromised Hacking and Phising is the #1 cause at 36%.
3. A robust cyber insurance policy can help businesses weather the storm more effectively when a data breach or network security failure has occurred.
4. Or device fingerprint. Not to be mistaken with a biometric fingerprint Device fingerprinting is typically a two-stage process on first time authentication we register an endpoint, and on subsequent authentications we validate an endpoint against the stored device fingerprint  The actual device fingerprint, uses and relies on certain characteristics about that endpoint. Such as;   web browser configuration language installed fonts browser plugins device IP address screen resolution browser cookies settings Time zone
5. We can take IP reputation data, e.g. IP addresses that are on black lists and deny the authentication based upon that. For example, if the IP address of the machine from which the user is trying to authentication is part of a Tor network, a known bonnet, or an IP known to be associated with known bad actors. 
6. The ability to use geo-location and login history to determine whether an improbable travel event has occurred:
7. Analyzing some measurable behavior that can be used to identify a person. Leading up to the auth, gathering certain characteristics about the way that the user is interacting with the device, such as; Keystroke dynamics Mouse movements Gesture, and touch Motion patterns
8. The Problems: User name and password alone are simply not enough to protect you from a breach. Up to 60+% of attacks involve the use of valid, yet compromised/stolen, credentials. Even multi-factor authentication methods are being compromised. Additional security measures are needed to protect against today’s advanced cyber threats (Adaptive Auth) Authentication traffic is plentiful and hard to determine between legitimate employees, partners, and customers and attackers trying to infiltrate your network and resources for a variety of bad reasons (military and economic advantage, financial gain, or to deface and cause social and political unrest) Simple IP reputation services don’t provide depth or additional information with context for rapid, effective incident response and can flood SOCs with too much information to quickly digest and act  Some threat services do not have deep and wide experience globally to provide blanket coverage against all threat types, leaving buyers with a false sense of security   The Solution: Combination of multiple threat intelligence, information, and blacklisted IP addresses for the best-of-breed protection from todays threats including APT, Cyber Crime, Hacktivism as well as anonymous proxies and anonymity networks, such as Tor. Beyond just one threat service, the SecureAuth Threat Service combines multiple threat feeds to provide unprecedented coverage and protection. Not only does the SecureAuth Threat Service make customers aware of advanced threats and can deny or require MFA to access, we also provide valuable time saving intelligence and information to accelerate investigation and remediation among your SoC staff and incident responders. SecureAuth Threat Service Value/Benefits: Early warning system – able to detect when a user is attempting to authenticate from an anonymous proxy or anonymity network – a bad actor trying to conceal their true identity (Huge help when identifying bad actors who are using compromised, yet valid, credentials.) Threat intelligence & information – beyond simply providing that the IP Address is “bad”, this service provide context around the IP Address - e.g. actor type, malware family, etc. Answers burning questions - ‘Does a threat against identity exist?’, ‘Who is behind an attack?’, and ‘Why did they target us?’ 
 Identify attackers already in - Help detect bad actors that are moving laterally within your network Reduce Response Time - Customers can use this threat intelligence and information to cut through the noise and aid Security Operations Center (SoC) staff and incident responders alike, so they know what to focus on during an investigation. More is better than one - Best because it combines multiple threat services (FireEye, Neustar, Blacklists/Whitelist) and the feeds available will only increase over time to also cover threats specific to certain industry verticals. Experience Matters (FireEye) - 10 years of experience battling the world’s most advanced cyber threats, global network of 11 million advanced threat sensors. Leverage a mathematical graph database with more than 115 million nodes that dynamically models the relationships between the tools and tactics cyber threat groups use, the operations they conduct, and the sponsors who back them. Layered Approach provides greatest security - SecureAuth Threat Service used in conjunction with SecureAuth Adaptive Authentication, provide an intricate web of risk checks that make it nearly impossible for attackers to penetrate.