Stopping or limiting cybercriminals’ time in your system helps prevent losses
MXDR can also correlate logs from different systems to automatically detect and rapidly block data exfiltration, malware installation attempts, or abuse of administrative tools. And having all logs in one place can help to quickly identify whether data was accessed or exfiltrated in the event of a breach.
By offering a wider range of visibility and the ability to retain activity logs for an extended time, MXDR enables extensive threat hunting to identify security risks and trace any intrusions back to their original source. This allows organisations to identify attacks and understand how the incident originated, what data or systems were compromised, and what the hacker’s motivations may have been.
A law firm had an EDR solution and a security operation centre (SOC), but both were configured to monitor for issues, not to respond to them. Malware execution was detected, but the EDR’s detection-only configuration did not allow for automatic blocking of the threat. The SOC saw the issue but did not have authority to isolate servers without IT approval.
The threat was identified at 9pm, and the client’s IT team was contacted by the SOC at 9:05pm, but there was no response until 8am. By then, everything was encrypted, the data had been exfiltrated, and the firm ended up paying a ransom of over US$2M. Whereas if the client had a managed service like MXDR in place it would have provided a prompt response and could have disabled the attack in 2 minutes. The lack of an integrated approach cost the client dearly.
Organisations shouldn’t just check the box when it comes to cybersecurity – they need to implement a security programme that cohesively integrates multiple security measures. MXDR can do the heavy lifting to facilitate this coordination. While not a completely failsafe solution, it helps simplify the steps that need to be taken and provides a new level of fast threat detection.”Joël DuquenneAssistant Cyber Services Manager - Cyber Services
Data presented in this communication is derived from global incidents reported to Beazley between 2021 and 2024.
The information set forth in this communication is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Although reasonable care has been taken in preparing the information set forth in this communication, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. Non-insurance products and services are provided by non-insurance company Beazley affiliates and independent third parties. Separate terms and conditions may apply.