Our mission
Coalition is the leading provider of cyber insurance and security, combining comprehensive insurance and proactive cybersecurity tools to help businesses manage and mitigate cyber risk. We believe every organization should be resilient to cyber attacks and technology failures.
Search
Categories
Claims
Underwriting
Brokers
Policyholders
Cyber Insurance
Tech E&O
News
Tips
Events
Engineering Jobs
See all engineering jobs
Active Monitoring and Alerting: How We Do It at Coalition

Active Monitoring and Alerting: How We Do It at Coalition

We have more technology in play than ever before. From home to work to on-the-go, we’re rarely free from the use of technology.
Just as you’d make sure the doors and windows in your home are locked up before you leave, do you know if all the openings of your business’ network of devices are closed off to threat actors?
Combining the power of a distributed global network of security scanners, real-time data analysis, together with an industry leading incident response team, Coalition’s Active Insurance method continuously monitors and alerts insureds of cyber risks they may be vulnerable to.
Here’s how it works. Coalition’s security professionals actively monitor the cyber threat landscape with the goal of identifying potential threats to stop breaches before they happen. Insureds are alerted when a threat is detected so they can take the proper steps to ensure that all their network “doors” are locked.

Active Insurance in action: RDP and Forgotten Exchange Server

Coalition neutralized the potentially damaging effects of two recent cyber threats: exposed Remote Desktop Protocol (RDP)and the Forgotten Exchange Server.
While the RDP is a convenient way to connect to your workstation remotely, similar to Teamviewer, it’s a risky technology commonly exploited by ransomware threat actors. They scan the web for open RDP. Once they detect one, they attempt to gain unauthorized access via technical exploit, or credential stuffing attacks.
If successful, they are then in a position to move laterally through an insured’s network, with the goal of deploying ransomware. For this reason, we encourage all insureds to not only close their RDP, but to completely remove it from their platform. Coalition monitors their entire book of insureds with Active Insurance scans to both detect and alert when open RDP is seen to keep our insureds safe.
The recent Forgotten Exchange Server actually originated from a vulnerability in Microsoft Exchange itself. Once Microsoft identified the problem, the company began working on a fix, but in the interim, it became a race against time to protect anyone who had an on-premises Exchange server.
Utilizing our scanning technology, we can quickly alert our insured clients with Microsoft Exchange on premises and direct them to update their server to avoid a ransomware attack. Whereas many businesses suffered the effects of this attack, Coalition insureds largely dodged the attack due to our Active Insurance platform. Taking a proactive approach allowed us to protect our insureds, stopping ransomware gangs in their tracks.

6 best practices to limit a business’ cyber exposure

In addition to Active Insurance, here are six best practices to reduce your business’ cyber risk.
  • Reduce attack surfaces. The more internet facing servers on your network, the greater the potential that windows and doors might be open to cyber attackers. By restricting the number of devices your attack surface is smaller, thereby decreasing your vulnerability to risk.
  • Backup your data offline. If something bad does happen, the best protection is to routinely backup your data offline. The difference between a company that has to pay the ransom and those that don’t is having a good offline backup plan in place. Make sure you can actually employ the backup if your network gets encrypted.
  • Engage Endpoint Detection Response (EDR). Depending on the revenue band and industry, Coalition may require the installation of EDR software, designed to stop ransomware. Though this software can be expensive, it is a smaller relative cost in comparison to a potential $2 million ransom. Like an antivirus software, but with next-gen detection and response capabilities, you install EDR on all of your servers and endpoints. It not only actively responds to threats, but also proactively identifies if the behavior of the user/endpoint is out of the ordinary.
  • Update all servers. Keeping your servers updated gives you the best chance when protecting against cyber intruders.
  • Implement Multi-Factor Authentication (MFA). MFA is not only important to safeguard against ransomware, but also against Funds Transfer Fraud (FTF) and Business Email Compromise (BEC). If an MFA is enforced on all critical access points, including emails, as well as remote access devices, it becomes more difficult for cyber criminals to launch an FTF or ransomware attack.
  • Segment your network. In situations where a cyber perpetrator enters through a door, the damage will be limited to one computer if all other doors are locked and separated. Network segregation is an effective damage control strategy to limit exposure spreading to the entire network. Learn more about Coalition’s Active Insurance strategy now.