<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

A Visibility Plane Can Lower Cyber Insurance Costs

February 23, 2015

Today, cyber insurance is very much like liability insurance but focused on covering the liabilities of a cyber breach.


Right now, these plans are based on financial and cyber threat evaluation and not on the company’s: 

  • A written and tested CISO plan for recognition capability (Visibility Plane)
  • Corporate security policies and procedures enforcement
  • Amount of security devices and other tools
  • Advanced security efforts
  • Prevention and avoidance plans and efforts
    • Mitigation
    • Recovery from an attack
  • A real Visibility Plane for recognition of attacks to view active attacks and APT (Advance Persistent Threats) left after initial attacks
  • Compliance with all industry standards of protection
    • PCI, ISO, HIPPA, FISMA, CALEA, SOX, GLBA
    • Audit and review efforts

Why should a company that has spent the time and effort to build a visibility plane and a comprehensive security plan be rated the same as a like sized financial company that has made little or no efforts to protect the data of their customers and clients?

However, insurance companies will soon begin to rate insurance on the corporation’s ability to stop, recognize and mitigate attacks along with real plans for compliance and auditing. I recently spoke with a high level insurance executive that said that soon insurance companies will have to quit issuing cyber insurance or start recognizing and rating companies based on the efforts and investment in security protection and compliance.

What Your Network Is Missing 7 Tools To TAP

The Importance of Risk Assessment

A post from InfoSec Institute said:

As the Stroz Friedberg’s managing director Bryan Rose takes it, the fact that cyber insurers do not undertake rigorous assessment before creating cyber policies in writing means that they fail to identify the high-risk clients. Consequently, “[t]here’s a real risk that insurance companies are not appropriately pricing the risk,” Rose concludes.

The biggest factor in 2014 was that the average breach recognition time was over 170 days! The reason was that most corporations do not even have the fundamental ability to see that a breach has occurred, nor that it is still going on! Why? Companies for years have ignored building a real visibility plane and instead they have relied on active and hackable network devices that do not show a real time and full view of the network.

Even new network technologies like SDN, IPv6 and VFN do not have a real visibility plane and every network should have one or suffer the pains of not knowing what is going on in your network.

Do not wait until you have a serious problem or security issue! Remember today's breaches are costing an average of over $3.5M. Do not lose your company millions and ruin your reputation for a few thousand dollars!


This is a guest post by Tim O'Neill, Senior Technology Consultant & Chief Editor at LoveMyTool.

Want to learn more about the many network tools that help you manage your network? Download What Your Network Is Missing: 7 Tools To TAP

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES