Visibility across endpoints and network logs is essential to detecting attacks
Ransomware, business email compromise, and data theft are all consequences of system weaknesses, which a cyber criminal can leverage to gain access to cloud-based tools or virtual private network (VPN) solutions as a means to enter an organisation’s networks. Broader visibility across different data sources can help organisations detect vulnerabilities and attacks and respond to them.
Two years ago, multi-factor authentication (MFA) bypass incidents were sophisticated attacks that only targeted large organisations, but we are now seeing MFA bypass targeting organisations of all sizes, including smaller ones. Because MXDR goes beyond just looking at endpoints and monitoring authentication to applications or emails, it offers the best chance to detect this activity early and quarantine affected systems fast.
People often falsely assume that because they are paying for a service in the cloud, it is protected. However, this is not always the case. MXDR helps discover gaps in monitoring or detection services in the cloud, increasing security coordination and risk visibility.
The benefits of MXDR: an example
An employee of a European organisation was tricked via a phishing attack into visiting a fake Office 365 login page created by a cyber criminal. When the employee entered their username and password, the cyber criminal entered those on the actual Office 365 site to trigger a push notification. When the user entered the push notification code on the fake webpage, the cyber criminal copied it to the real site, at which point both the user and the hacker had access to the same connection.
Once connected to email and Teams, the hacker had access to password information that the user, who worked in IT, was sharing on Teams with their colleagues. This allowed the hacker to fully compromise the organisation’s IT environment. The loss, which amounted to more than US$10M, could have been avoided with an MXDR tool monitoring the use of authentication tokens and MFA bypass attempts.
Visibility across technologies and environments is critical to an effective cyber defense. MXDR solutions provide the ability to aggregate and normalize multiple data sources, allowing security teams to identify and take action on threats. The best of these solutions make adding integrations easy – providing the organisation better security in a service with an understandable, predictable cost structure.”
Data presented in this communication is derived from global incidents reported to Beazley between 2021 and 2024.
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.
Visibility across technologies and environments is critical to an effective cyber defense. MXDR solutions provide the ability to aggregate and normalize multiple data sources, allowing security teams to identify and take action on threats. The best of these solutions make adding integrations easy – providing the organisation better security in a service with an understandable, predictable cost structure.”
