November 30, 2023 • 13 mins
As the world of remote work continues to explode, so does the need for robust cybersecurity solutions. In our latest episode, we're joined by Chris Zepeda, an Associate Broker with CRC Group’s Boca Raton, FL office, and Alexandra Kish, an Associate Broker with our Dallas, TX office. They are going to enlighten us on the often misunderstood, yet increasingly critical, world of end point detection and response (EDR). We’re going to delve into how EDR works, the key benefits of utilizing this technology, and why every business, regardless of size, should be taking note.
We're not just talking tech here; we're unraveling the future of business protection. Chris and Alexandra help us understand the interplay between EDR, machine learning and artificial intelligence in detecting suspicious behaviors and threats. They also share insights on how insurers perceive EDR – is it an optional add-on or a necessity? You might be surprised at the answer. This conversation is a deep dive into the heart of cybersecurity that you won't want to miss. So, buckle up and join us!
Visit REDYIndex.com for critical pricing analysis and a snapshot of the marketplace.
Do you want to take your career to the next level? Join #TeamCRC to get access to best-in-class tools, data, exclusive programs, and more! Send your resume to resumes@crcgroup.com today!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Hello everyone.
Today, Scott and I are joinedby Chris Zepeda, an associate
broker with CRC Group's BocaRaton Florida office, and
Alexandra Kish, an associatebroker with our Dallas, Texas
office.
They're going to fill us in onthe value of end point detection
and response for protectingyour business.
This is the Placing you Firstpodcast from CRC Group.
Speaker 2 (00:22):
This podcast features news and insights from a vast
knowledge base of over 5,100associates who write more than
35 billion in premium annually.
Speaker 1 (00:32):
Plus, we give you the latest information on what's
happening at CRC.
This is the Placing you Firstpodcast, and now the hosts of
the podcast, amanda Knight andScott Gordon.
Welcome to the podcast.
Speaker 4 (00:45):
Thanks for having us.
Speaker 3 (00:46):
Thank you so much for having us.
I'm looking forward to speakingwith you all.
Speaker 2 (00:50):
Well, let's start off with an easy question For those
of us that may not know what isend point detection and
response, also known as EDR, andhow does using it help and
ensure it?
Speaker 3 (01:00):
So EDR is a cybersecurity solution that
records behavior on end points,detect suspicious behavioral
patterns using data analytics,blocks threats and helps
security analysts remediate andrestore the compromised systems.
So companies that utilize EDRtechnology benefit from
(01:23):
leveraging machine learning andartificial intelligence to
continuously build knowledgearound user behaviors, which
makes it easier to detect when auser engages in suspicious
activity.
That would be such as trying toaccess restricted information.
One might ask what is EDRcollecting specifically?
(01:43):
A few ways are through networkconnections, process executions
and currently running processes.
So yeah, that's what I have tosay I like it.
Speaker 1 (01:56):
You got anything to add, Chris?
Speaker 4 (01:58):
I would say no.
Edr is a fundamental piece to acompetent cybersecurity
solution.
It takes a job of scanningthousands, potentially, of end
points, which is impossible forthe average IT department to do
manually, and flags potentialrisk or threats that could pop
(02:24):
up in a business environment.
Speaker 1 (02:27):
I'm assuming that in our current world, where more
people than ever work remotelyor work from home, that the
number of end points would begrowing pretty quickly.
So it seems like this wouldmaybe be a no-brainer right Like
you need this, and when I hearyou explain it, alexander, like
what it does and what it is, itseems like something whether you
(02:49):
have five end points or 5,000,it seems like sort of a
no-brainer something you shouldhave.
Do you find that many insurerslike on it, they have this in
place, or is this stillsomething that insurers tend to
think of as an optional add-onif they've already got something
like MFA in place, do they feellike this is an extra that they
(03:12):
can take or leave as an option?
Or are we seeing this becomelike we understand we really
need this?
Speaker 3 (03:19):
Yeah, so right now, what I'm experiencing is MFA is
a requirement, as you said.
I am seeing EDR as more of anextra or a bonus, but as the
environment changes, I think itis becoming a preferred control
by our underwriters.
I'm not finding it arequirement, though, at least
(03:42):
not yet.
But, chris, what are you seeing?
Speaker 4 (03:45):
I see a lot of.
Traditionally, a lot ofcompanies have seen NextGen
Antivirus as enough of aprotection.
But as time has progressed andespecially companies more in the
middle market space arestarting to adopt EDR on a
(04:05):
larger scale, as they've seennot only the benefits of it, but
also on a cybersecurity side,but also from a risk management
side, as it's.
You know, while not impossibleto get terms about it, there is
benefits to a lot of middlemarkets.
I still think that there is agreater need of adoption on
smaller businesses at this time.
(04:26):
Maybe they're just not aware ofthe benefits of having it.
Speaker 3 (04:29):
Yeah, and something.
A great example of this anunderwriter told me would be how
MFA has gone kind of from youknow a bonus, you know you can
add this if you want to more ofa requirement.
In recent years theapplications would say do you
implement MFA?
But as of recent, the questionnow asks do you enforce MFA?
(04:54):
Because they've noticed justbecause it ensured might
implement MFA, and that theyhave MFA does not mean they
actually use it and have it inplace.
So once a cyber attack happened, they realized the application
just it wasn't narrow enough anddidn't give the full picture.
Speaker 1 (05:12):
Why would you have it and not use it?
Is that a dumb question?
Speaker 3 (05:15):
I know you can surprise it.
It's a thing.
Speaker 1 (05:18):
From an underwriting perspective, then why is EDR
important?
Speaker 4 (05:24):
I mean I think it helps prevent a frequency of
cyber claims, especially onlarger insureds, like we've
spoke about briefly.
When you have thousands ofendpoints, that it becomes a
huge advantage in detectingearly bad actors or possible
(05:44):
intruders to the network andfreezing the action as soon as
technology be possible, becausea human couldn't act as quickly
as these solutions.
So from an underwritingperspective, it makes the
insured a overall moreholistically sound risk.
One thing I will also say isthat in insured have a cyber
(06:08):
incident, edr can really helpaid analysis of the attack.
There has logs in place thatcan show in-depth who has been
where and if a bad actor hasbeen somewhere they're not
supposed to be.
It can definitely help whenspeed means everything and in a
(06:28):
cyber incident it can helpanalyze and assess OK, what's
going on, whether we need tofocus on what's the issue, and
stuff like that.
It can be a major tool forcyber forensic teams to stop the
bleeding and get you back towhere you need to be.
Speaker 3 (06:43):
Exactly, and sometimes these are not things
that the insured can see.
There is something called asilent failure, and this is
where attackers are free to movearound in the insured's
environment, often creating backdoors that allow the attackers
to return as they please, and sohaving EDR is able to catch
(07:03):
these kinds of things that youcan't see with naked eye.
Speaker 1 (07:07):
That's terrifying, yeah, yikes.
Speaker 2 (07:11):
Silent failure.
That's what my father called me.
Now, if a company employs EDR,what are the advantages
associated with it when it comesto cyber coverage?
Speaker 3 (07:23):
The biggest advantage is protecting your company.
This cyber control can impacttheir premium or coverages
offered and can even limit thenumber of carriers willing to
provide a quote if you don'thave EDR so I mean if you're not
wanting sublimits I would sayEDR is very important to have
(07:44):
100%, I would say.
Speaker 4 (07:46):
companies that are certain size also are subject to
credit or debits on theiroverall premium, depending if
they implement EDR or not.
Every carrier is different butis definitely a factor in
eligibility and premium.
Speaker 1 (08:05):
Well, and I think I mean when I think about how this
is, it's good to have.
Not everyone has it.
If you're a company that has it, I think that says a lot about
your cybersecurity posture rightto your potential underwriter.
Hey, I'm on this.
You don't make me have this,but I already have it.
You know that you are reallyengaged with trying to protect
(08:27):
yourself and Tim.
I'm not an underwriter, butthat seems like a positive to me
also.
Speaker 3 (08:32):
It is.
And something I have comeacross with carriers one or two
is that if the insurer does nothave EDR in place at the start
of the effective, at the startof the policy, they're going to
sublimit.
And even if the insuredimplements EDR midterm, I've had
(08:55):
carriers say we're still goingto keep this sublimitted until
renewal.
So I think it's reallyimportant to have off the bat,
because I think it just it givesyou more options with the
markets and like who you canchoose from.
Speaker 1 (09:08):
And while we don't, you know, support any specific
solution or product, in thewritten companion piece that
goes with this podcast, we dolist some options of places that
you can start looking, you know, for EDR.
If you already have a cybercarrier, do those companies
sometimes also help point you inthe right direction?
Is it something that yourcompany wants to implement?
(09:30):
Can they help you find theright EDR solution if you're not
sure where to turn?
Speaker 4 (09:34):
Yes, most carriers have preferred vendors,
including for EDR.
They usually have two or threethat they can recommend to a
risk manager if they don'talready have a solution in place
.
Speaker 1 (09:47):
Well, one thing is certain, and that is that the
world of cyber is complex.
Working with brokers that knowwhat they're doing when it comes
to cyber should definitely be apriority for every retail agent
.
How does partnering with a CRCgroup broker make a difference
for your retail partners?
Speaker 4 (10:07):
We have a quarterly ready cyber index that goes out
that shows how the market trendson cyber pricing and increases
or decreases on overall premiums.
I think it's very helpful justto show a state of the market
from a macro view my macroperspective.
Like you mentioned, we haveover 100 brokers on the
(10:32):
professional division of CRCthat love to collaborate,
especially on more complex,nuanced topics or incidents that
give us a broad reach ofknowledge that we can tap into.
Speaker 3 (10:49):
Yes, I agree with Chris on that one.
I would say we specialize inthis because we see it every day
, with the experience andsituations we've learned from
and the claims we've handled.
Speaker 2 (11:03):
The evolution of cyber coverage has been faster
than anything else we've everseen.
It's just amazing.
Every time we cover it it'ssomething completely different.
Speaker 4 (11:15):
Yes, it's still evolving, even today.
As the world changes, new riskscome to light exponentially
faster than more traditionallines like property and general
liability, and such Underwritersand policies are adapting to
new risk, emerging risks thatare going on because of world
events constantly.
Speaker 2 (11:38):
Well now, this is the fun part of the podcast that we
like to call Rapid Fire.
We just throw these out thereand you guys just it's just like
a party game.
Okay, and the first questionjust jump in what food can you
not live without Pizza?
Speaker 3 (11:53):
Sushi.
Speaker 2 (11:54):
What was the last thing that you binge watched?
Speaker 3 (11:57):
Friday Night Lights.
Speaker 4 (11:59):
The blacklist.
Speaker 1 (12:00):
I have never seen Friday Night Lights, me neither.
Speaker 4 (12:02):
I have seen the blacklist.
Speaker 1 (12:04):
I just started.
Is it worth it?
Should I give it a shot?
Speaker 3 (12:07):
Oh yeah, Friday Night Lights is sweet.
Speaker 2 (12:10):
I thought it was a prequel to Saturday Night Fever,
friday Night Lights, but I waswrong, way, way wrong.
Speaker 1 (12:18):
Well, thank you both for joining us today, Alexandra
and Chris.
It's been so good talking withyou.
If you're a listener, thanksfor joining us.
Providing current insights intothe marketplace is just one
more way CRC Group is placingyou first.
We'll see you next time.
Hello everyone.
Today, Scott and I are joinedby Chris Zepeda, an associate
broker with CRC Group's BocaRaton Florida office, and
Alexandra Kish, an associatebroker with our Dallas, Texas
office.
They're going to fill us in onthe value of end point detection
and response for protectingyour business.
This is the Placing you Firstpodcast from CRC Group.
Speaker 2 (00:22):
This podcast features news and insights from a vast
knowledge base of over 5,100associates who write more than
35 billion in premium annually.
Speaker 1 (00:32):
Plus, we give you the latest information on what's
happening at CRC.
This is the Placing you Firstpodcast, and now the hosts of
the podcast, amanda Knight andScott Gordon.
Welcome to the podcast.
Speaker 4 (00:45):
Thanks for having us.
Speaker 3 (00:46):
Thank you so much for having us.
I'm looking forward to speakingwith you all.
Speaker 2 (00:50):
Well, let's start off with an easy question For those
of us that may not know what isend point detection and
response, also known as EDR, andhow does using it help and
ensure it?
Speaker 3 (01:00):
So EDR is a cybersecurity solution that
records behavior on end points,detect suspicious behavioral
patterns using data analytics,blocks threats and helps
security analysts remediate andrestore the compromised systems.
So companies that utilize EDRtechnology benefit from
(01:23):
leveraging machine learning andartificial intelligence to
continuously build knowledgearound user behaviors, which
makes it easier to detect when auser engages in suspicious
activity.
That would be such as trying toaccess restricted information.
One might ask what is EDRcollecting specifically?
(01:43):
A few ways are through networkconnections, process executions
and currently running processes.
So yeah, that's what I have tosay I like it.
Speaker 1 (01:56):
You got anything to add, Chris?
Speaker 4 (01:58):
I would say no.
Edr is a fundamental piece to acompetent cybersecurity
solution.
It takes a job of scanningthousands, potentially, of end
points, which is impossible forthe average IT department to do
manually, and flags potentialrisk or threats that could pop
(02:24):
up in a business environment.
Speaker 1 (02:27):
I'm assuming that in our current world, where more
people than ever work remotelyor work from home, that the
number of end points would begrowing pretty quickly.
So it seems like this wouldmaybe be a no-brainer right Like
you need this, and when I hearyou explain it, alexander, like
what it does and what it is, itseems like something whether you
(02:49):
have five end points or 5,000,it seems like sort of a
no-brainer something you shouldhave.
Do you find that many insurerslike on it, they have this in
place, or is this stillsomething that insurers tend to
think of as an optional add-onif they've already got something
like MFA in place, do they feellike this is an extra that they
(03:12):
can take or leave as an option?
Or are we seeing this becomelike we understand we really
need this?
Speaker 3 (03:19):
Yeah, so right now, what I'm experiencing is MFA is
a requirement, as you said.
I am seeing EDR as more of anextra or a bonus, but as the
environment changes, I think itis becoming a preferred control
by our underwriters.
I'm not finding it arequirement, though, at least
(03:42):
not yet.
But, chris, what are you seeing?
Speaker 4 (03:45):
I see a lot of.
Traditionally, a lot ofcompanies have seen NextGen
Antivirus as enough of aprotection.
But as time has progressed andespecially companies more in the
middle market space arestarting to adopt EDR on a
(04:05):
larger scale, as they've seennot only the benefits of it, but
also on a cybersecurity side,but also from a risk management
side, as it's.
You know, while not impossibleto get terms about it, there is
benefits to a lot of middlemarkets.
I still think that there is agreater need of adoption on
smaller businesses at this time.
(04:26):
Maybe they're just not aware ofthe benefits of having it.
Speaker 3 (04:29):
Yeah, and something.
A great example of this anunderwriter told me would be how
MFA has gone kind of from youknow a bonus, you know you can
add this if you want to more ofa requirement.
In recent years theapplications would say do you
implement MFA?
But as of recent, the questionnow asks do you enforce MFA?
(04:54):
Because they've noticed justbecause it ensured might
implement MFA, and that theyhave MFA does not mean they
actually use it and have it inplace.
So once a cyber attack happened, they realized the application
just it wasn't narrow enough anddidn't give the full picture.
Speaker 1 (05:12):
Why would you have it and not use it?
Is that a dumb question?
Speaker 3 (05:15):
I know you can surprise it.
It's a thing.
Speaker 1 (05:18):
From an underwriting perspective, then why is EDR
important?
Speaker 4 (05:24):
I mean I think it helps prevent a frequency of
cyber claims, especially onlarger insureds, like we've
spoke about briefly.
When you have thousands ofendpoints, that it becomes a
huge advantage in detectingearly bad actors or possible
(05:44):
intruders to the network andfreezing the action as soon as
technology be possible, becausea human couldn't act as quickly
as these solutions.
So from an underwritingperspective, it makes the
insured a overall moreholistically sound risk.
One thing I will also say isthat in insured have a cyber
(06:08):
incident, edr can really helpaid analysis of the attack.
There has logs in place thatcan show in-depth who has been
where and if a bad actor hasbeen somewhere they're not
supposed to be.
It can definitely help whenspeed means everything and in a
(06:28):
cyber incident it can helpanalyze and assess OK, what's
going on, whether we need tofocus on what's the issue, and
stuff like that.
It can be a major tool forcyber forensic teams to stop the
bleeding and get you back towhere you need to be.
Speaker 3 (06:43):
Exactly, and sometimes these are not things
that the insured can see.
There is something called asilent failure, and this is
where attackers are free to movearound in the insured's
environment, often creating backdoors that allow the attackers
to return as they please, and sohaving EDR is able to catch
(07:03):
these kinds of things that youcan't see with naked eye.
Speaker 1 (07:07):
That's terrifying, yeah, yikes.
Speaker 2 (07:11):
Silent failure.
That's what my father called me.
Now, if a company employs EDR,what are the advantages
associated with it when it comesto cyber coverage?
Speaker 3 (07:23):
The biggest advantage is protecting your company.
This cyber control can impacttheir premium or coverages
offered and can even limit thenumber of carriers willing to
provide a quote if you don'thave EDR so I mean if you're not
wanting sublimits I would sayEDR is very important to have
(07:44):
100%, I would say.
Speaker 4 (07:46):
companies that are certain size also are subject to
credit or debits on theiroverall premium, depending if
they implement EDR or not.
Every carrier is different butis definitely a factor in
eligibility and premium.
Speaker 1 (08:05):
Well, and I think I mean when I think about how this
is, it's good to have.
Not everyone has it.
If you're a company that has it, I think that says a lot about
your cybersecurity posture rightto your potential underwriter.
Hey, I'm on this.
You don't make me have this,but I already have it.
You know that you are reallyengaged with trying to protect
(08:27):
yourself and Tim.
I'm not an underwriter, butthat seems like a positive to me
also.
Speaker 3 (08:32):
It is.
And something I have comeacross with carriers one or two
is that if the insurer does nothave EDR in place at the start
of the effective, at the startof the policy, they're going to
sublimit.
And even if the insuredimplements EDR midterm, I've had
(08:55):
carriers say we're still goingto keep this sublimitted until
renewal.
So I think it's reallyimportant to have off the bat,
because I think it just it givesyou more options with the
markets and like who you canchoose from.
Speaker 1 (09:08):
And while we don't, you know, support any specific
solution or product, in thewritten companion piece that
goes with this podcast, we dolist some options of places that
you can start looking, you know, for EDR.
If you already have a cybercarrier, do those companies
sometimes also help point you inthe right direction?
Is it something that yourcompany wants to implement?
(09:30):
Can they help you find theright EDR solution if you're not
sure where to turn?
Speaker 4 (09:34):
Yes, most carriers have preferred vendors,
including for EDR.
They usually have two or threethat they can recommend to a
risk manager if they don'talready have a solution in place
.
Speaker 1 (09:47):
Well, one thing is certain, and that is that the
world of cyber is complex.
Working with brokers that knowwhat they're doing when it comes
to cyber should definitely be apriority for every retail agent
.
How does partnering with a CRCgroup broker make a difference
for your retail partners?
Speaker 4 (10:07):
We have a quarterly ready cyber index that goes out
that shows how the market trendson cyber pricing and increases
or decreases on overall premiums.
I think it's very helpful justto show a state of the market
from a macro view my macroperspective.
Like you mentioned, we haveover 100 brokers on the
(10:32):
professional division of CRCthat love to collaborate,
especially on more complex,nuanced topics or incidents that
give us a broad reach ofknowledge that we can tap into.
Speaker 3 (10:49):
Yes, I agree with Chris on that one.
I would say we specialize inthis because we see it every day
, with the experience andsituations we've learned from
and the claims we've handled.
Speaker 2 (11:03):
The evolution of cyber coverage has been faster
than anything else we've everseen.
It's just amazing.
Every time we cover it it'ssomething completely different.
Speaker 4 (11:15):
Yes, it's still evolving, even today.
As the world changes, new riskscome to light exponentially
faster than more traditionallines like property and general
liability, and such Underwritersand policies are adapting to
new risk, emerging risks thatare going on because of world
events constantly.
Speaker 2 (11:38):
Well now, this is the fun part of the podcast that we
like to call Rapid Fire.
We just throw these out thereand you guys just it's just like
a party game.
Okay, and the first questionjust jump in what food can you
not live without Pizza?
Speaker 3 (11:53):
Sushi.
Speaker 2 (11:54):
What was the last thing that you binge watched?
Speaker 3 (11:57):
Friday Night Lights.
Speaker 4 (11:59):
The blacklist.
Speaker 1 (12:00):
I have never seen Friday Night Lights, me neither.
Speaker 4 (12:02):
I have seen the blacklist.
Speaker 1 (12:04):
I just started.
Is it worth it?
Should I give it a shot?
Speaker 3 (12:07):
Oh yeah, Friday Night Lights is sweet.
Speaker 2 (12:10):
I thought it was a prequel to Saturday Night Fever,
friday Night Lights, but I waswrong, way, way wrong.
Speaker 1 (12:18):
Well, thank you both for joining us today, Alexandra
and Chris.
It's been so good talking withyou.
If you're a listener, thanksfor joining us.
Providing current insights intothe marketplace is just one
more way CRC Group is placingyou first.
We'll see you next time.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.