Loss Avoidance Intelligence Approach Fuels Company Growth & Cyber Insurance Market Evolution
Doing business in the 21st century requires navigation through numerous layers of infrastructural, digital, and DarkWeb domains merging and intercepting one with another across hundreds of corporate and public jurisdictions. In this chaotic environment, cyber threat analysis, business risk intelligence, and cyber resilience may become abstract terms that are hard to measure and assess.
This is why since June 2019, Advanced Intelligence, LLC has been designing a simple and integral cybersecurity model centered around one crucial component - visible, quantifiable, measurable and self-manifesting loss avoidance. Half a year later, we can attest that this model ultimately tailored to prevent quantifiable damage prevention have clearly justified the expectation of our customers, vendors, and partners.
Loss Avoidance is a Collective Task
Through the last half a year we have been continuously integrating our services into the existing ecosystem of cyber liability avoidance - the ecosystem of data breach response and cyber insurance panels. These panels are dynamically evolving networks of participants all acting together to prevent losses from cyber threats. Panels typically include insurance carriers, legal councils, per-breach and post-breach consultants, incident response and forensics providers, risk assessment specialists, and cybersecurity training providers. AdvIntel has succeeded in developing and offering services to each type of a breach panel participant, essentially increasing the efficiency of the entire network.
For the Cyber Insurance Carriers & Underwriters themselves we have developed an alerting platform that aggregates indicators of compromise (IOCs) for hundreds of entities weekly. This IOC intelligence comes from our unmatched visibility into the most sophisticated crimeware and credential-stealing malware, such as TrickBot and Emotet, as well as our visibility into over 10,000 DarkWeb unique sources and services. By delivering timely alerts, we are able to prevent breaches and eCrime and, thus prevent insurance liability payments before they happen. Moreover, this unmatched crimeware and DarkWeb intelligence are also delivered to Cyber Legal Councils who can timely notify the victims and, thus mitigate and prevent litigation and regulatory losses.
Our unmatched visibility into crimeware and ransomware syndicates is the foundation of our partnership with Forensics and Incident Response (IR) Providers. By providing investigative support for hundreds of incident response (IR) cases, remote desktop protocol (RDP) compromise identification, mapping the infections, and identifying “patient zero”, AdvIntel not only increases the speed and efficiency of the response but significantly decreases the time and cost of the investigation, minimizing the insurance carriers coverage expenses for a cyber incident. Similar threat intelligence support is provided to Pre-breach and Post-breach Consultants, building resilience which ensures that this loss-prevention model will keep saving our customer’s funds, even when no active cyber incident is occurring.
Finally, our work with Due Diligence and Risk Assessment equip our customers with unmatched risk awareness and innovative risk-mitigation technology to ensure that any possible threat emerging in the most well-concealed underground lacunes will be exposed, reported and disrupted. Simultaneously, we use our deep subject matter expertise shared in training sessions conducted through our Cyber Awareness Training partners to decrease the chance of breach and the scale of its damage.
Loss Avoidance Before, During & After the Incident
Loss Avoidance. Numbers
To quantify and calculate the success of our solutions in achieving damage prevention and mitigation, AdvIntel has focused on four of our key service lines.
1. Service Line: Proactive Botnet & Ransomware Monitoring utilizes our unmatched visibility into the most sophisticated botnets and ransomware families as well as RDP compromises. The main component of this service is our proprietary data collection technology. We rely on continuous monitoring of the threat ecosystem. Offensive and intrusive operations against malicious actors within the environment are excluded from the company’s collection process policy.
Loss Avoidance Model: By subscribing to this service our customers can avoid direct losses from crimeware compromises. What is even more important tracking credential-stealing malware enables the customer to take action before the data and especially, personally identifiable information (PII) is leaked, thus preventing regulatory, reputational, and legal losses related to data breach legal liability. Moreover, some of the tracked botnets such as TrickBot have a unique relationship with some of the monitored ransomware families, for instance, Ryuk. Therefore, by timely identifying a botnet activity in their systems, our clients can prevent tremendous losses from ransomware attacks.
One of the key elements of our model is tracking international criminal actors. This map demonstrates botnet compromises tracked by AdvIntel in 2019 over 170 foreign jurisdictions
2. Service Line: Incident Response Case Support is built around our early-warning infrastructure and platform based on Automated Tactical Monitoring Algorithms (ATMA) that uses machine learning and big data analysis to collect, sort, and visualize risk-relevant information. This information is then delivered to the customer’s Incident Response Team in a convenient visualized format and can be immediately utilized to advance the investigation or threat mitigation.
Loss Avoidance Model: IR case support enables the customer’s cyber investigation team to receive immediate information on the “patient zero”, the way the infection spread through the system, as well as the vulnerabilities which lead to the compromise. This way AdvIntel tremendously decreases the time and resources spent on the investigation, decreasing the insurance payoffs and coverage of the remediation effort.
3. Service Line: Threat Intelligence & Breach Insights are a direct notification service covering the high-profile breaches identified via AdvIntel targeted SIGINT and HUMINT operations. This service also includes ransomware negotiations and retainer services. These investigations are conducted in strict compliance with the legal, professional, and ethical requirements and standards set by both the government and private sectors and are often performed in coordination with US Law Enforcement.
Loss Avoidance Model: Direct Breach notification of insurance carriers, incident response services provides, legal counselors, and law enforcement allows them to minimize the damage and control the breach. At the same time, successful ransomware negotiations decrease the time of business interruption.
4. Service Line: DarkWeb Scan is a screening designed to identify the indicators of compromise from botnet-stolen credentials to discussions of an attack against an entity on the underground forums. The scan covers over 8,800 underground datasets with over 11 billion compromised credentials and other crucial data pieces. The sources include underground forums, account shops, and DarkWeb criminal services.
Loss Avoidance Model: the DarkWeb Scan ensures that the customer is aware of their data been compromised, processed, or utilized across the DarkWeb and thus ensures that appropriate remediation efforts will be taken to restore the data integrity. Additionally, the services establish visibility into the underground markets, increasing the customer’s capability of fraud prevention and eCrime prevention.