If you’ve ever applied for cybersecurity insurance, you’ve probably received an Internet Scan report that details the robustness of your cybersecurity defences. Insurance companies use sophisticated tools that help them scan your company’s online presence to produce these reports, and in some instances, they uncover unknown assets, which can lead to a less than complimentary report, and therefore, higher insurance premiums, or worse – you may not be offered coverage at all.
These unknown assets are called ‘Shadow IT’.
Criminals use the same tools that the big insurance companies use, enabling them to identify your shadow IT assets and related vulnerabilities in your network to attack your company – often with a high probably of a breach.
Unfortunately, traditional penetration testing isn’t always enough. Don’t get us wrong – penetration testing is an essential part of your company’s cybersecurity protection plan. But penetration testing only tests what you think you own; and if you don’t know you have an asset facing the internet – that asset is not going to be assessed by the penetration testing team. Put differently, you can’t test an asset if you don’t know about it. The irony here is that the large insurance firms (and cyber criminals), will know about it.
Traditionally, the Internet vulnerability assessment tools used by the large insurance companies can be cost prohibitive for small to mid-size firms, and certainly not cost effective for your firm’s IT Managed Service Provider to procure. Fortunately, help is at hand.
BW Cyber’s External Attack Surface Monitoring (EASM) service provides continuous monitoring of your internet-facing environment. BW Cyber’s EASM service offers:
• Inventory monitoring – think registered domains, DNS records, and Internet-facing IP addresses, including ‘Shadow IT’ assets;
• Monitoring for deficiencies in unknown corporate resources accessible from the internet;
• Consultative remediation strategies to proactively manage your external security posture;
• Reports on where and how vulnerabilities are identified;
• Prescriptive direction on how to fix exposed weaknesses;
• Active management of any false positives to reduce potential reputational risk if similar discovery activities are performed by outside stakeholders (e.g., investors, regulators, insurance carriers, etc.)
Contact BW Cyber today to learn more about EASM, our industry-leading, white-glove, vulnerability and penetration testing service.
