What is the Cyber Defense Score™?

The Cyber Defense Score™ is an A–F letter grade plus a 0–100 numerical score produced by a 100-tool external attack surface scan. It shows you exactly what cyber insurance underwriters see when they assess your business. It is mapped to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness.

How does Cyber Defense Agent help with cyber insurance?

Cyber Defense Agent runs the same external scans that cyber insurance underwriters use to assess your risk. By scanning first, you can identify and fix gaps (missing MFA, DMARC, open ports, SSL issues) BEFORE your renewal or new application. This helps you avoid denials, reduce premiums, and pass underwriting on the first attempt.

What do cyber insurance underwriters scan for?

Underwriters typically scan for: MFA enforcement across all remote access, DMARC/SPF/DKIM email authentication, open RDP ports (3389), SSL/TLS configuration, known vulnerabilities in public-facing services, DNS security, and evidence of endpoint detection (EDR). Cyber Defense Agent checks all of these in 60 seconds.

Can Cyber Defense Agent help me lower my cyber insurance premium?

Yes. Carriers offer premium discounts of 10–25% for businesses that demonstrate strong security posture. By fixing the gaps Cyber Defense Agent identifies and presenting your Cyber Defense Score™ and trust page to your broker, you provide concrete evidence of risk reduction that carriers reward with lower premiums.

Why was my cyber insurance application denied?

The most common denial reasons are: no MFA on email and remote access (41% of denials), missing DMARC email authentication, open RDP ports, no EDR/endpoint protection, and no incident response plan. Cyber Defense Agent scans for all of these and shows you exactly what to fix before reapplying.

How long does a Cyber Defense Agent scan take?

A full 100-tool external attack surface scan completes in approximately 60 seconds. No software installation, no questionnaires, and no credit card is required to get started. You see the same view of your attack surface that underwriters see.

What frameworks does Cyber Defense Agent map to?

Cyber Defense Agent maps scan results to NIST CSF 2.0, CIS Controls, SOC 2, NIST 800-171, FTC Safeguards Rule, and PCI-DSS readiness. These are the same frameworks cyber insurance carriers reference in their underwriting guidelines.

How much does Cyber Defense Agent cost?

Essentials starts at $149/mo ($1,490/yr). Pro is $349/mo ($3,490/yr) and includes internal scanning, SOC 2 readiness, and full MCP toolset. Enterprise is $999/mo ($9,990/yr) with daily scans, custom framework mapping, and a dedicated AI agent instance. MSP partners pay $79/business/mo with a 25-business minimum. The free scan is always free.

How do I prepare for cyber insurance renewal?

Start 60–90 days before renewal. Run a Cyber Defense Agent scan to identify gaps. Fix critical items: enforce MFA everywhere, deploy DMARC, close open ports, update EDR. Re-scan to verify improvements. Present your Cyber Defense Score™ and trust page to your broker as evidence of improved posture. This positions you for renewal without premium increases or coverage reductions.

What is a trust page?

A trust page is a public cybersecurity posture page hosted at trust.cyberdefenseagent.ai/{your-slug}. It displays your Cyber Defense Score™, framework compliance status, and last scan date. Brokers, underwriters, and business partners can verify your security posture in 60 seconds instead of reviewing 30-page questionnaires.

How-To Guide

How to Set Up EDR for Your SMB

A practical guide to selecting, deploying, and configuring an EDR solution for small and mid-size businesses, from agent installation to alert management.

Farhad Mirza Khawar

Founder of HIPAA Agent and Cyber Defense Agent. Compliance infrastructure for SMBs. Sacramento, CA.

2026-05-01

Before You Start

An inventory of all endpoints including desktops, laptops, and servers with their operating systems
Administrative access to all endpoints or a device management solution like Intune or Jamf
A selected EDR vendor and active subscription or trial
Network connectivity requirements documented including firewall rules for agent communication

Select an EDR solution appropriate for your organization

Evaluate EDR solutions based on your organization size, technical capabilities, and budget. For SMBs without dedicated security staff, choose a solution that includes managed detection and response services where the vendor security operations center monitors alerts on your behalf. Key features to evaluate include real-time threat detection, automated response capabilities, ransomware rollback, device isolation, and cloud-based management console. Popular SMB-focused options include CrowdStrike Falcon Go, SentinelOne Singularity, Microsoft Defender for Business, and Sophos Intercept X. Request trials from two or three vendors and test them on a small group of devices before committing. Ensure the solution supports all operating systems in your environment including Windows, macOS, and Linux if applicable. Check integration capabilities with your existing tools like Microsoft 365 or Google Workspace.

Prepare your environment for deployment

Before installing agents, prepare your infrastructure. Whitelist the EDR vendor cloud service URLs and IP ranges in your firewall and web proxy to ensure agents can communicate with the management console. If you are replacing an existing antivirus solution, plan the removal carefully. Running two endpoint security agents simultaneously can cause performance issues and conflicts. Check system requirements for the EDR agent including minimum OS versions, RAM, disk space, and CPU requirements. Create a deployment schedule that groups endpoints into waves. Wave one should be IT team devices for initial testing. Wave two covers a representative sample of user workstations. Wave three is the full rollout. Document a rollback procedure in case the agent causes compatibility issues with critical business applications.

Install the EDR agent across all endpoints

Use your device management solution for automated deployment. In Microsoft Intune, upload the EDR agent installer as a Win32 app or line-of-business app and assign it to device groups. In Jamf for macOS, create a policy that deploys the agent package. If you do not have a device management solution, create a deployment script and distribute it via Group Policy for domain-joined Windows machines or use a remote management tool. For the initial wave, install manually on IT team devices to verify the agent installs correctly, registers with the cloud console, and does not conflict with existing software. Monitor for issues like excessive CPU usage, application compatibility problems, or network connectivity failures. Once the pilot is successful, proceed with automated deployment to the remaining waves.

Configure detection and prevention policies

After agents are deployed, configure your security policies in the EDR management console. Start with the default recommended policy from the vendor, which typically provides balanced protection without excessive false positives. Enable real-time protection, behavior-based detection, and exploit prevention. For ransomware protection, enable the ransomware-specific detection modules and configure shadow copy or rollback features if available. Set the response action for high-confidence detections to automatic remediation, which quarantines malicious files and kills malicious processes without waiting for human review. For medium-confidence detections, set the action to alert-only initially so you can review and tune before enabling automated responses. Create separate policies for servers and workstations since servers may need more permissive rules for legitimate administrative tools.

Tune alerts and reduce false positives

During the first two weeks after deployment, expect a higher volume of alerts as the EDR learns your environment. Review each alert to determine if it is a true positive or a false positive. For legitimate business applications that trigger alerts, create exclusions in the EDR policy. Common false positive sources include custom in-house applications, administrative scripts, backup software, and remote management tools. Document each exclusion with a justification so you can audit them later. Be cautious with exclusions because overly broad exclusions create blind spots that attackers can exploit. Exclude specific file paths or hashes rather than entire directories. Review your exclusion list quarterly and remove any that are no longer needed. After tuning, your alert volume should stabilize to a manageable level.

Establish an alert response workflow

Define how your team responds to EDR alerts. For organizations with managed detection and response, the vendor SOC handles initial triage and escalates confirmed threats. For self-managed EDR, assign a primary and backup person to monitor the console daily. Create a tiered response process. Low-severity alerts are reviewed within twenty-four hours. Medium-severity alerts are reviewed within four hours. High and critical alerts trigger an immediate response. Integrate the EDR console with your communication tools by sending alerts to a dedicated Slack or Teams channel. Document the investigation steps for common alert types so any team member can handle them consistently. When a confirmed threat is detected, follow your incident response plan for containment, eradication, and recovery. Log all investigation outcomes to build institutional knowledge about your threat landscape.

Common Mistakes to Avoid

Running two endpoint protection products simultaneously, causing performance degradation and detection conflicts

Deploying to all endpoints at once instead of using a phased rollout with a pilot group

Creating overly broad exclusions that leave significant blind spots in detection coverage

Not assigning someone to monitor the EDR console daily, letting alerts go uninvestigated

Choosing a solution that requires dedicated security expertise when the team lacks those skills

How to Create an Incident Response Plan How to Secure Remote Work for Your Team How to Evaluate a Managed Security Service Provider

Get your Cyber Defense Score™ in 60 seconds.

100 tools. No installation. No credit card.

Get My Cyber Defense Score™ →