Quickly Meet Cyber Security Insurance Requirements with Agilicus AnyX
Accelerate cyber readiness and reduce risk by adopting a network access and security strategy that meets compliance criteria while bolstering cyber defences organisation wide.
Cyber Insurance Eligibility in the Modern Threat Environment
The number of cyber attacks being perpetrated on a daily basis is reaching new heights and it is no surprise that cyber security has become a top of mind priority for business leaders everywhere. Each successfully executed attack on an organisation can have a devastating impact from loss of revenue or compromised company data, to public safety risks and economic ramifications. That is where a strong commercial cyber insurance policy can help protect organisations when a security or data breach happens.
In this new era of heightened cyber risk, zero day exploits, and an uprising of sophisticated and state-sponsored malicious actors, limiting the blast radius of a cyber attack has never been more important. To combat this new threat environment, cyber security insurance providers are tightening the terms of their policies and requiring organisations adopt and apply modern security policies across their entire organisation.
A key component of compliance for cyber insurance is adopting and enforcing security policies and tools organisation-wide, such as multi-factor authentication, detailed auditing, and role-based access controls. When organisations take a proactive approach to security they can not only comply with cyber insurance requirements, they benefit from a matured cyber posture as well as the opportunity for more comprehensive coverage and protection from cyber risks and liabilities.
About Agilicus
At Agilicus we are helping our customers transform their network access and security strategy through a Zero Trust Architecture to become more agile, efficient, and secure. We deliver a dependable security solution without sacrificing the end-user experience. The result, better protection against cyber threats, simply and affordably.
The Agilicus AnyX platform equips organisations with a cloud-native, enterprise-grade Zero Trust Architecture that delivers simple, secure access for any authorised user, on any device, anywhere in the world. Zero Trust shifts network access from the perimeter to an identity-based access boundary and has become the new, internationally recommended network and security standard for securing organisation resources and data.
Top Cyber Security Insurance Requirements
Cyber security insurance providers all have specific requirements for their commercial policy holders. However, there are several common requirements that every organisation could implement to help meet cyber insurance compliance requirements, become eligible, reduce risk, and significantly improve cyber resilience.
Multi-factor Authentication – A strong Multi-Factor Authentication policy helps secure your organisation against attacks that stem from compromised credentials. That makes it a necessary component of obtaining or renewing commercial cyber insurance and could be required on everything from emails and web applications to operational technology.
Data Hygiene and Encryption – As stewards of customer data, personally identifiable information, and confidential corporate information, every organisation needs a strong data security and encryption policy. Data hygiene policies are important for limiting the blast radius and severity of an attack and are often a key consideration for cyber insurance eligibility.
Privileged Access Management – Privileged Access Management, or PAM, is a common network security policy that helps organisations manage user access privileges and access rights. Access privileges, user restrictions, and user management are central to a strong cyber posture and can also affect your eligibility for cyber insurance.
Auditing – A mechanism to perform detailed security analysis and user activity auditing has become increasingly important for cyber security insurance. Detailed auditing means in the event of a breach or an incident organisations can evaluate the extent of compromise, identify affected resources, and fix problem areas for the future.
Agilicus AnyX
A secure alternative to perimeter-based network access, the Agilicus AnyX platform provides a clear view of who is doing what, when, and for how long with an easy to access web-based portal for managing policies, roles, and access privileges. The entire platform can be deployed in a single afternoon without the need for VPNs, gateways, appliances, or end-user clients.
With the Agilicus AnyX platform, end-to-end security, multi-factor authentication, role-based access controls, and fine-grained auditing can be applied to any user and resource. Meanwhile, end-users benefit from a friction free experience while accessing only the resources they need to do their job.
Enhanced Security Policies
Whether it’s to access remote files or a remote desktop hosting a Legacy Application or SCADA System, easily enable Multi-Factor Authentication for every user, no matter the device.
Role-Based Access Controls
Enable secure, permission-based access policies for any user, user groups or application with Role-Based Access Controls to manage user, resource privileges.
Identity Aware Web Application Firewall
Enable web application access with an Identity-Based Web Application Firewall (WAF) that enhances cybersecurity and control, offering DDOS and ransomware protection.
Detailed Auditing
Improve Risk and Security Analysis with per user, per application auditing capability. Get visibility with accurate information on who accessed what, when, and for how long.
Data Security and Encryption
With Agilicus there is no requirement for new passwords and credentials. All traffic that happens through Agilicus is end-to-end encrypted.
Centralised Authorisation Management
An automated access request workflow means no more micromanaging access and making modifications to individual applications.
Customer Story – Secure Remote Access at a Water Treatment Facility
Summary
Our customer is the IT organization for a municipal government and is responsible for supporting key services at the city including critical infrastructure such as the SCADA system at their water treatment facilities.
Problem
Multiple user groups needed secure online access to the SCADA systems at remote water treatment facilities. Limited by the physical locations, our customer installed a remotely accessible machine that can monitor operations, control the system, and transmit data back to the town hall. This machine can never turn off or receive security patches and updates.
Because the users who needed access to the system included external, non-employees, adding client software (VPNs) and dictating new workflows, practices and protocols was not a feasible solution. With so many different user groups needing access and the inability to implement traditional security mechanisms was creating immense cyber risk.
It was critical for our customer to solve these problems securely to maintain their cyber security insurance eligibility.
Solution
The Agilicus AnyX platform allowed our customer to deliver third party access, maintain continuous connectivity to transmit data to the town hall, and enable secure remote access to their broad user groups and third party partners.
To avoid disruption, the Agilicus AnyX platform was deployed in parallel and integrated with the municipalities native active directory and that of their partner organisations to institute single sign-on and enforce multi-factor authentication for access.
Our customer is using the AnyX platform to:
- Secure access to the SCADA system web application interface.
- Block all inbound and outbound traffic to the host machine unless authorised.
- Disable the use of peripheral devices on the host machine.
- Enact strict, least privilege and role-based access controls.
- Maintain a granular audit trail of user activity.
Outcome
Cyber insurance is mandatory for municipalities but difficult to obtain when it comes to operational technology and SCADA systems, a challenge our customer was able to overcome by implementing the AnyX platform.
AnyX is used to allow remote access for authorised personnel to securely manage the SCADA systems, harden cyber defences at the water treatment facility, and drastically improve workflow for the end user operators.
Onboarded all internal users and 14 third parties
Deployed in a Single Afternoon
Parallel Implementation for Seamless Migration
No Network Changes, Appliances, or New Licences
Friction-Free User Experience
How Agilicus AnyX Works
Agilicus AnyX is uniquely capable of federating identity to integrate with an organisation’s native active directory and that of partner organisations to enable single sign-on. Users can easily onboard while administrators and IT teams are outfitted with fine-grained authorisation management and role-based access controls. The entire Agilicus AnyX platform can be deployed at your own pace without a VPN, client, or configuration.
The Results?
- Any application, any desktop, any share or other resource can be securely accessed from anywhere without being exposed to the public internet.
- All authorised users must authenticate by providing a second factor in order to gain access to specified resources.
- East-West connections are eliminated, reducing the possibility of lateral network traversal.
- All users, resources, and privileges are micro-segmented
- Access is no longer a function of network permission, but bound to a users electronic identity
- Access can be securely extended to employees, non-employees, partners, third parties, contractors, and vendors.
Get in Touch
Harden your cyber posture and meet your cyber insurance compliance requirements quickly and affordably.