Cyber Insurance Antivirus Requirements

More and more Insurance Companies are splitting off Cyber Insurance from the regular policy. This new-age coverage is designed to protect your company in the event of an internal or external attack. Purchasing Cyber Insurance is crucial these days based on the number of sophisticated methods cyber criminals have at their disposal. From online scams, viruses and spoofed emails, employees are still taking the bait and falling into traps.

Below is a list of Cyber Insurance Antivirus Requirements.

• Enterprise Antivirus Software with EDR

• Advanced Threat Protection with Heuristic Capabilities

• Enterprise Antivirus with Behavioral-Detection

• Hardened Baseline Configuration

• Internal and External Group Monitoring

Enterprise Antivirus with EDR 

EDR stands for Endpoint Detection and Response. It is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. Not all antivirus software has this feature enabled. This is an add-on that comes with an additional monthly fee. With some Enterprise-class antivirus software, EDR cannot be enabled without first enabling ATR, which stands for Advanced Threat Security. ATR and EDR are both separate add-ons that have to be added to your antivirus solution.

Endpoint Detection and Response is responsible for the following.

Monitor and collect data from servers and computers that could indicate a possible threat.
Analyze information collected to identify threat patterns.
Automatic response and real-time notification to threats as they’re located.

The EDR service provides additional security related features to help you stay up to date with the overall health of your computer environment. The service collects data from your devices and looks at processes, activity, connections and data transfers. This information is stored and compared to discover differences.

Automated response rules help you to find threat abnormalities in real-time. Forensic tools help to you uncover information about attacks. Information collected can help you to better understand how your company is being targeted.

Advanced Threat Protection with Heuristic Capabilities

Heuristics are a form of proactive detection that closes the window during which computers are vulnerable. Rather than relying on signatures or binary or code fingerprints, heuristic detection relies on complex algorithms that specify actual patterns and behaviors, which may indicate that an application is malicious.

This works because malicious programs always attempt to perform actions in a context that legitimate applications don’t. Examples of suspicious behavior would include attempting to remove files or disguise processes or executing code in another process’s memory space. Because heuristic detection looks for behavioral characteristics rather than relying on pattern-matching, it can detect and block zero-day threats, for which a signature or fingerprint has yet to be released.

Enterprise Antivirus with Behavioral-Detection

To protect computers, most heuristic detection technologies temporarily delay applications from starting while the code is executed in a virtual environment that is completely isolated from the real computer. If no suspicious behavior is observed, the computer is instructed to start the application normally. On the other hand, if suspicious behavior is observed, the program is blocked from executing. The entire process happens in fractions of a second, so it has practically no impact on either the user experience or perceived performance.

Hardened Baseline Configuration

Hardened Baseline Configuration starts with implementing a robust level of security, while minimizing areas that could be vulnerable to attack. This starts with applying data access controls, eliminating nonessential computer systems and standardizing equipment.

The National Institute of Standards and Technology (NIST) defines system hardening as the process of strengthening a system’s vulnerabilities and “turning off nonessential services” to diminish its attack surface, or the points of a system that an attacker could breach most easily.

Internal and External Monitoring Group

When a possible security event occurs, your internal IT Department or hired IT Staff are usually the first to take action. The IT Staff and at least one other employee need to be alerted as issues occur. That employee should hold an authoritative role. Some actions may need a member of management to assist and coordinate in the efforts.