As business breaches due to Ransomware, malware outbreak or unpatched server software keep increasing, cyber insurers need a way to control risk and reduce pay out losses. Traditional risk-control services such as helping customers through table-top exercises, offering risk advisory services and/or having a panel of security vendors, by themselves are no longer adequate. Cyber Insurers need a comprehensive risk control service platform that covers risk verification across all parts of insured or prospect business including security infrastructure, network, data exposure and human-related risk. In a highly competitive cyber insurance space such a comprehensive risk control services can not only create substantial but most importantly, help the policyholder improve cyber-readiness and subsequently reduce the pay-out risks.

The purpose-built, awards winning, cloud-based WhiteHaX risk-control service platform is the only solution in the market currently, that provides such comprehensive risk control verifications to insured and prospective businesses spanning across all aspects of the business operations. WhiteHaX is a patented platform (Patent # 11,258,818) that offers following major risk-control services from a single platform,

I: WhiteHaX Infrastructure Cyber-readiness measure from inside the firewall

WhiteHaX infrastructure readiness verification simulates cyber security breaches, exploits and attack scenarios to quickly assess the readiness of a) the deployed security infrastructure solutions (like Firewalls, Anti-malware, Anti-Phishing, Data leakage prevention etc.), b) up-keep of the OS and other software installed on their computers and c) user behavioral threats from Internet (such as drive-by web-sites, phishing/spoofing/spamming, ransomware and others) against such threats.

It then provides the Insured, a comprehensive report with complete analysis and identification of weakness areas and potential attack surfaces along with recommendations to help businesses fix identified threats quickly. All data is collected in the cloud for actuarial analysis and portfolio visibility.

II: WhiteHaX Cyber Readiness against Network Threats

Since Ransomware and Malware typically propagate through the business network, WhiteHaX platform also provides significant risk analysis of network based threats through three distinct network scans –

  • WiFi security scan to ensure business WiFi has strong password & encryption strength, the router or DNS are not compromised, that WiFi is not prone to eves-dropping or other cyber breaches
  • Business Firewall scan from the cloud to ensure the business firewall can not be compromised by an external attacker &
  • Network Scanwhich performs a full security scan of all connected computers and servers on the network against common network based attacks to ensure an attacker can not gain control of network assets by exploiting common vulnerabilities or malware cannot propagate easily across the network.

After each of the scans, WhiteHaX platform provides detailed analysis of discovered weaknesses and wherever possible, provide step-by-step remediation instructions.

III: WhiteHaX Phishing/Smishing/Vishing Employee Trainings, Simulations & Readiness Verification:

As Phishing has become the #1 reason for malware/ransomware outbreaks and business breaches, risk control for human-related risks is a key for businesses. Although there are number of solutions that provide Phishing trainings & simulations, due to cost it's impossible for cyber insurers to offer those as free risk control services.

The WhiteHaX platform includes a complete Phishing, Smishing, Vishing trainings, simulations and readiness verification service that scales from small business to 30,000 employees. Deep tracking & reporting of employee readiness, helps businesses assess phishing risks down to individual employees. With interactive games, quizzes and tutorials, it keeps employees motivated to track their own readiness through employee's own web-console or Android/iOS Apps

IV: WhiteHaX Data Exposure Risk (DER) Training & Verification -

IronSDN has developed the low-cost, purpose-built, cloud-based, multi-hosting WhiteHaX Data Exposure Risk Verification platform to help businesses train & verify their employees on risk of storing or keeping personal, business or other type of data. The DER part of the WhiteHaX platform has built in features, such as ;

  • Intuitive Regulation Compliance and DER Trainings:The platform includes several training methods to allow users to get clear & precise understanding of various types of regulation compliance requirements such as GDPR, CCPA, PCI, HIPAA and other regulations. Tutorials include how to identify various types of data as well as what to do if unprotected data is found on their local device etc. These tutorials can be used by IT admins to quickly train business employees on risk of unprotected local data and it’s potential impact on the business.
  • Interactive DER Quizzes and Games:Employees can take quizzes and play interactive games to self-verify their understanding of the data exposure risks and compliance with various regulations. Various DER interactive games and quizzes help increase DER fact retention 60% better than reading or video material.
  • DER Risk Verification across the business:WhiteHaX Platform has a built-in Data Scanner in form of a self-destructing exe (SDE) which allows employees to scan their local computers on demand to discover locally stored, unprotected PFI, PII, PHI and other business data. It admins can schedule automatic, periodic scans thru Group Policy or Active Directory controls to remotely scan all computers and servers. Upon completion of the scan, SDE uploads the list of files (names), types of records found in each file and how many. These details can then be rolled up to generate company wide reports for CISOs that show DER risk analysis across the entire business.
  • Employees’ own console :Like WhiteHaX PhishSim, WhiteHaX DER allows business employees to login to see data exposure risk of their own computers vs other employees. They can also gauge their own DER readiness with quiz and games scores vs. company average, which then helps drive the motivation for employees to get better in understanding and avoiding risks of DER. Multi-tenant WhiteHaX platform is designed to scale to support hundreds of businesses on a single instance of the platform with up to 30,000 employees per business. This allows cyber insurers the flexibility to offer WhiteHaX risk control services to SMEs as well as F500 types of businesses.

V: WhiteHaX WebApp & Web Database Server Exposure Verification -

This brand-new service allows businesses to verify webapp & web server connected database exposure risks by identifying database security issues and any unprotected data saved in database tables which can potentially pose data exposure & stealing risks for the business. It can scan business confidential info along with PII, PFI, PHI records stored in the database and provide a comprehensive report of database readiness.

  • Database Vulnerabilitiesto identify potential vulnerabilities and access control on the database server.
  • Unprotected Data Scan without accessverifies data that anyone who gains control of the server can extract without database user or admin credentials. &
  • Unprotected Data Scan with accessverifies what are unencrypted, unprotected data in the database that anyone with database credentials can extract such as an insider.

All scans are performed either remotely or locally from a company owned devices. The WhiteHaX Database scanner stores all database credentials and other company specific information locally and does not upload to the WhiteHaX platform. It allows up to 10 database servers to be scanned simultaneously. Once scans are completed, a consolidated report can be generated for IT admins and CISOs to determine how to enhance database server and data protection.