• Comply with MFA requirements to renew their cyber insurance policy

• Improve visibility and insights into all identity data

• Gain visibility and detection of service accounts

• Cyber insurance policy renewed

• Complete visibility into users and protection of all on-prem resources

• End-to-end service account visibility and protection

Once they understood how Silverfort could address additional use cases, WBD implemented Silverfort’s service account detection and protection capabilities.

“We didn’t realize when we initially looked into Silverfort that they could help us with our service accounts, but it has been of great value as their service account protection capability is exactly what we needed. We have around 250 service accounts that need to be protected. Being able to lock down those service accounts from source to destination helps us to pinpoint the accounts that have far too much access. Also, in the case of irregular activity, we can reach out to the application owners and alert them of the activity. This has been critical for visibility as we never had that before,” Holder added.

Additionally, WBD has strengthened its overall security posture by ensuring its service accounts are used properly.

“It has helped us understand our bad practices internally. We’ve had some people using service accounts as user accounts, and some people using user accounts as service accounts. Now we can identify the behavior and make sure the service accounts are used properly,” said Wreba-Jaworski.

In addition to complying with the MFA requirements for their cyber insurance policy, WBD wanted an improved understanding of all user account access requests and authentications.

“We had AD data, but we lacked anything that could provide the visibility we needed alongside proactive insights into our AD activities,” said Holder.

Additionally, WBD wanted greater visibility and protection of its on-prem resources. “We have 250 business applications, and each application must run on-prem. We needed to improve our visibility and protection of these resources, which did not have security controls at the time due to only using Azure MFA and SSO for cloud resources. We needed a way to extend MFA protection to our on-prem environment as well,” added Holder.

Having searched for an identity security solution, WBD was recommended Silverfort. They soon realized Silverfort offered much more than their original requirements.

“We were initially seeking a point solution that wasn’t too expensive and that would help us tick the box for our cyber insurance needs. We weren’t looking to invest in a full identity management suite, so we thought we needed something specific that would hit the spot,” said Wreba-Jaworski.

“Some of our deny policies are risk-based for Kerberos and suspected Kerberos which has helped us limit our chances of falling victim to a lateral movement attack. Also, we have another deny policy set up for people who forget to connect to servers with their admin credentials. They sometimes use their user credentials which can cause some security risks,” says Holder.

WBD has been satisfied with the information provided by their policies when learning more about the activities of their users. “As a result of our different policies, we have gained better insights and proactive takeaways from Silverfort logs,” Wreba-Jaworski added.

After signing on with Silverfort, WBD quickly deployed the solution and saw results right away while renewing its cyber insurance policy.

“By quickly deploying Silverfort into our environment and applying access policies to our entire user base, we complied with our insurer’s requirements. We were able to configure and apply different access policies including MFA Prompt, Deny, and Notify Only, which allowed us to quickly implement the security controls needed across our environment,” said Holder.

As a result of applying different types of policies, WBD has gained a more complete visibility and understanding of their environments and users.

These new compliance requirements highlighted some larger gaps in their environment.

“After performing due diligence on our environments and security controls, our insurer required a greater level of security over our on-prem resources and Active Directory. To renew our policy and improve our overall security posture, we focused our efforts on resolving this security gap,” added Janusz Wreba-Jaworski, Cyber Security Manager of Womble Bond Dickinson (UK) LLP.

By enforcing stricter MFA prerequisites for policy renewals, cyber insurance firms are emphasizing the importance of proactive risk mitigation. This prompted Womble Bond Dickinson (UK) LLP to comply with the new MFA requirements and bolster their identity security measures accordingly.

“During the policy renewal phase, our insurer required certain MFA controls, including MFA for privilege account access, to protect all our internal resources,” said James Holder, Infrastructure and Cyber Security Analyst of Womble Bond Dickinson (UK) LLP.