Coalition Control is the account home for all Coalition policyholders and technology customers, combining insurance, technology, and services from Coalition and its partners into a unified, dynamic online experience. Control is a cyber risk management platform to detect, assess and mitigate cyber risks proactively.
You only need a business email address to create an account with Coalition Control. From there, our technology gets to work scanning your domain, searching for vulnerabilities and presenting you with recommendations to remediate any discovered vulnerabilities and cybersecurity risks.
Sign up for Coalition Control free at https://control.coalitioninc.com
Platform Features
Risk Profile
Powered by Coalition's proprietary technology, claims data, and public information, every company gets a risk score that shows whether the company is at a high, medium or low risk based purely on the number and criticality of active security findings. Risk score provides executives and security professionals with a quantitative summary of their overall posture. Risk score changes over time as new security findings are discovered and older risks are remediated. The Risk profile shows the Risk Score trend over time to see how the security posture is trending. The Risk profile also highlights the count , severity and trend of security findings for your organization that led to the risk score and a quick snapshot of your company's assets.
Coalition Risk Assessment
The Coalition Risk Assessment (CRA) is a comprehensive report on the risk profile of a company. Like the Risk Summary & Ranking, it changes over time and in parallel, and the CRA is downloadable on demand inside Coalition Control.
Risk Impact
Quantify the financial impact of your cyber risks with a Claims Calculator. By inputting industry, company size and automated detection of your security posture users can find the expected loss and likelihood of incidents. The claims calculator also suggest insurance limits.
Invite Colleagues & Manage Users
Any user from a company can invite others within their organization to join them inside Coalition Control. The ‘Invite’ button is a global feature found in the navigation bar across all pages within the platform. Coalition’s exclusive community of security professionals and enthusiasts is available to all users. Manage (add, update, delete) users of your organization that have access to this platform.
Claims Incident Hotline
If you have an emergency cybersecurity incident that you need help with - use this to obtain our toll free number
Security Findings
Active Security findings are detections based on scanning your attack surface that can prove to be a threat for your company. Security findings can be critical (impacts insurability or premium), high, medium or low. Security findings typically highlight risks such as exposed endpoints, RDP, exposed web panels, exposed databases, known CVEs, exposed API tokens, detected malware and more.
Security findings can be filtered , searched, exported to help with analysis.
Self Service Resolution
For each security finding Control presents the impacted assets ,age (last and first detected), risk evidence, remediation steps and actions to take to resolve the issue. To resolve a security finding, click on Resolve button:
- Fixed the Issue: If recommended steps have been taken to fix the issue
- Create Exception: If you want to accept the risk, mark it as third party risk or false positive
- Remove Asset: Request removal of asset that you think maybe a false positive. Approvals may take up to 48 hours.
For more details, check How to resolve a Security Finding in Control?
Security Notifications
Users are notified of Critical security findings by email and can choose to mute certain notifications. The Security Notifications page shows a history of all security alerts sent, recipients and status
Security Checklist
Security checklist offers SME and mid-market companies a step-by-step guide/list of tasks to improve their cyber security posture based on CISA recommendations and CIS controls. Each task on the list provides guidelines , reference links and recommended vendors or partners to accomplish the control. To complete the task simply attestate. If all attestations are complete, users can go from one security status to another (Standard, Strong, Best-in-Class). By accomplishing a security status you may be eligible for premium discount at renewal.
Attack Surface Monitoring
Attack surface monitoring (ASM) is a Coalition technology that finds online assets, assesses their security findings, and recommends remediation actions. Every company has the Free version included in Coalition Control, and the Upgraded version is available by subscription or included free with any Coalition cyber insurance policy.
Lite Scanning scans the 250 most-commonly compromised ports once per quarter. Extended Scanning increases an organization’s coverage to all 65,535 ports, once per month, and includes API access and Lite Scanning of up to four third-party domains. It includes all of the Lite features plus:
Browse through your company's attack surface by navigating to 'Attack Surface' in the menu
-
Assets:
See all domains, subdomains, DNS records, and IP addresses on an organization’s main domain.- Flagged Assets: Discover assets that may have malicious activity. See if any torrents are active on the organization’s domain as a possible malware or data exfiltration vector. See if an organization is sending traffic to Coalition’s global network of honeypots collecting signals for indicators of compromise.
-
Apps and Services:
See which apps and services are running and connected to the public internet and where along with versions and known CVEs. -
Data Leaks:
Learn if any company information or employee data has been leaked in a data leak, dark web, hacker chatter. Search for keywords of sensitive information on open fileshares, databases or pastebins as potential leaks. -
Phishing Risks:
Discover and takedown lookalike or spoof domains for your company's domains that may have been spun up by threat actors for social engineering attacks. Also learn about basic email security posture such as DMARC and SPF policies.
Share/Export/Integrate with REST APIs
All data in Control can be exported to CSVs and shared via unique URLs. Additionally Control offers a robust set of REST APIs to integrate with other products or consume the data.
Marketplace
One stop shop to find recommended vendors and discounted partners that offer security software and services. You can find a recommendation by company size, a security control and specific security findings. We have vendors in several categories such as Okta, Jumpcloud, Crowdstrike and more
Security Training
Coalition offers cybersecurity awareness training and phishing simulation via partnership with Wizer.
Coalition Services
Coalition Incident Response (CIR) is the team of in-house security experts for coaching policyholders through cybersecurity events and leading investigations into ransomware, business email compromise, digital forensics, and log analysis. CIR services are free to policyholders in the event of a covered claim.
When investigations do result in a claim, the Coalition claims team stands ready to help mitigate any disruption to a policyholder’s business with 24/7 access in the United States and Canada.
Coalition also offers Managed Services for specific needs such as MDR.
We are constantly adding features and functionality to Coalition Control. The best way to find out about and stay on top of all of our new product releases is to create a Coalition Control account for your organization and get updates as they happen.