Cisco along with partners Apple, Aon and Allianz announced a new cyber-risk partnership on Feb. 5 that will bring cyber-security services and insurance to organizations.
The partnership effort includes a cyber-risk assessment service from Aon to help organizations understand and evaluate security posture. Cisco brings its security technologies to the partnership to help enforce and protect against threats, specifically ransomware attacks. By combining Aon's assessment with Cisco technology and hardware from Apple, insurance provider Allianz will provide organizations with cyber-insurance coverage policy options.
"We really want to help customers think a lot more holistically about security," David Ulevitch, senior vice president and general manager of Cisco's security business unit, told eWEEK. "We want to make sure that once companies have a more secure cyber-security posture that they are able to mitigate risk through cyber-insurance."
Thinking more holistically involves having an integrated security platform, as well as making use of more secure end-user hardware, which is where the Apple piece comes into play, Ulevitch said. At the Cisco Live event last June, Apple CEO Tim Cook and Cisco CEO Chuck Robbins publicly spoke about an effort to work together to help enable cyber-security insurance.
The initial phase of the new cyber-insurance program is getting a Cyber Resilience Evaluation (CRE) from Aon. CRE is an assessment service that gives organizations a sense of what their security posture is and where gaps might exist, Ulevitch said. CRE includes both technical and process elements, he said.
Cisco's Ransomware Defense platform plays a pivotal role in the new program, providing email and endpoint security as well as the Cisco Umbrella platform. Cisco Umbrella is a DNS-based service that helps filter out and block threats. In Ransomware Defense, multiple Cisco technologies work together to protect organizations, according to Ulevitch.
"Cisco's Ransomware Defense protects organizations against the major threat vectors, which are ransomware and emailed malicious links," he said.
Depending on the number of Apple devices that are deployed by an organization, the program provides additional cyber-insurance enhancements.
"Since Apple devices have a track record of being more secure, if an organization deploys a certain percentage of Apple devices, they will qualify for enhanced coverage," Ulevitch said.t
The cyber-insurance policies provided by the new program can differ, depending on what elements an organization has deployed. All organizations need to conduct the Cyber Resilience Evaluation, and if it deploys Cisco Ransomware Defense it will quality for one tier of cyber-insurance coverage. If organizations deploy Apple devices, they will quality for additional coverage enhancement, and for organizations that deploy both Cisco and Apple, they will can get complete coverage.
In the event of a security incident, the program also provides incident response services that are available from either Cisco or Aon.
"The two groups [Cisco and Aon) often work together today," Ulevitch said.
While ransomware isn't the only threat that organizations face today, it is one of the fastest growing and riskiest threats, which is why it is the focus for the new program. Ulevitch said that as part of the joint effort with Aon, Apple and Allianz, distributed denial-of-service (DDoS) attacks are currently not part of the overall mix.
"By deploying ransomware protection technology, you don't just get ransomware defense, you get really strong security for phishing, malware and a whole host of other threats," Ulevitch said. "We have focused on ransomware because we recognize that ransomware is something that has a direct cost for companies."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.