In an expanding collaboration between Chubb, one of the largest publicly traded property and casualty insurance companies, and SentinelOne, a cybersecurity leader, clients of SentinelOne who are also Chubb policyholders can now share their enterprise cyber health assessment data with Chubb. This facilitates a more efficient and precise underwriting process.

With the increasing emphasis on cybersecurity investment, insurance carriers are seeking greater transparency into their insureds’ cybersecurity health. The collaboration not only offers policyholders streamlined access to SentinelOne’s cybersecurity solutions, but also enhances transparency into policyholders’ cyber health investments through SentinelOne’s Vital Signs Report.

This post captures a Q&A between Craig Guiliano, SVP of Threat Intelligence and Policyholder Services at Chubb, and Bridget Mead, Senior Manager of IR Cyber Risk at SentinelOne, as they address some frequently asked questions about the Vital Signs Report.

Q: What is the Vital Signs Report?

Chubb/Guiliano: The Vital Signs Report (VSR) is an assessment of our policyholders’ cybersecurity posture. This report is going to be a game changer for not only how we, as the carrier, assess our individual policyholder’s cybersecurity health, but for our ability to assess our portfolio exposure as one of the world’s largest insurance companies. Our underwriters are quickly moving away from checkboxes on a questionnaire and moving towards data-driven policy renewal decisions.

SentinelOne/Mead: The VSR is based on a collection of internal signals that we mapped to the Center for Internet Security’s (CIS) Critical Security Controls (CIS Controls) CIS18 framework. We make the report available to all SentinelOne clients at no charge. It displays the strength of a client’s digital environment in areas important to cyber security and the cyber insurance underwriting process. The graphic below shows the major categories included.

We are thrilled to announce our latest S Ventures investment in Guardz, a unified cybersecurity platform built to empower MSPs to secure and insure small to medium-sized businesses (SMBs).

A Modern Approach to Cybersecurity for SMBs

SMBs today face a unique set of challenges when it comes to protecting against the evolving cybersecurity threat landscape. With cloud and SaaS adoption, SMBs’ IT infrastructures are becoming increasingly complex to manage. This is coupled with limited budgets and staff, making it difficult for SMBs to acquire and deploy best-in-class cybersecurity solutions. With 88% of the SMB market turning to Managed Service Providers (MSPs) for cybersecurity protection, there is a critical need to build a scalable, easy-to-use cybersecurity platform that is specifically tailored to the needs of MSPs and their SMB customers.

In comes Guardz – addressing this gap head-on and developing a modern approach for SMB cybersecurity. The Guardz platform combines a robust cybersecurity technology and deep insurance expertise that ensures MSPs and their SMB customers can proactively safeguard their digital assets against a myriad of cyber threats, mitigate cybersecurity risks, and prevent the next cybersecurity attack.

Last week, PinnacleOne detailed how firms can navigate the era of AI in cybersecurity and emerging tools to keep pace with advancing threats.

This week, we focus on recent escalation dynamics in the ongoing conflict in the Middle East.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: This email address is being protected from spambots. You need JavaScript enabled to view it.

Insight Focus | Navigating International Conflict and Escalation Dynamics

Summary of Recent Events

Conflict between Israel and Iran simmered for decades before the most recent spike in tensions. The proximate cause for Iran’s assault on Israel this weekend was the result of that country violating well-established norms. Israel bombed an Iranian diplomatic facility adjacent to the main embassy in Syria killing senior Iranian generals. Embassies and their compounds are considered the sovereign land of the country that they represent – in the U.S., law enforcement agencies (like local police) are prohibited from stepping foot within their walls.

The Good | Police Unmask 200 LockBit Affiliates

Following the takedown of their operations earlier in the year, the inner workings of LockBit’s affiliate infrastructure have become clearer this week as investigations continue. The UK’s National Crime Agency, with assistance from the FBI, have reportedly matched a list of pseudonyms used by the ransomware gang to suspected cybercriminals.

So far, investigators have been able to link some 200 affiliates of LockBit who were using nondescript usernames to real world identities. The NCA’s senior officer on the case further confirmed that authorities have been able to connect specific affiliates back to particular cyberattacks. As the investigations carry on, all details collected are helping law enforcement to pursue more of the gang’s influential members, as well as any associated money launderers and malware developers.

Over the past three years, LockBit’s Ransomware-as-a-Service (RaaS) operations have left a long line of victims in its wake, with their ransom demands totalling at least $120 million.

Despite a dramatic takedown in February and having a senior administrator sentenced in March, LockBit lingers on through a new blog and data leak site, though lacking its prior momentum. Still, the gang’s ringleaders remain at large and cyber defenders continue to monitor for signs of rebranding – a strategy used by Hive and predecessors of BlackCat/ALPHV. Law enforcement’s efforts in matching up outstanding LockBit usernames to known criminals is a major step in disrupting LockBit’s new and future operations.

The Bad | New Phishing Campaign Drops Multi-Stage Malware via SVG Files

Security researchers this week reported on a complex cyberattack leveraging phishing emails to spread a wide range of malware, including Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a crypto wallet stealer.