In our last Layered Security post, we covered some trends in cyberattacks that MSPs need to pay attention to. We also walked through a model of layered security that can help you better support your customers and protect their data.
As mentioned, protecting your customers may require you to enhance your existing security stack. Today, we want to dive right in to talk about the foundational elements of the modern security stack for MSPs to help provide sound security services for their SMB customers.
Tactics and technology at each level
We introduced a diagram in the last post illustrating the different levels at which an attack could occur. By implementing security layers at each level, you get multiple opportunities to stop an attack before it can cause widespread damage to you or your customers. Before we get into it, remember one cardinal rule: try to protect as far away from the data as possible. It’s much better to stop an attack with an email protection than to have to rely on user training to avoid clicking a phishing link.
That said, let’s start close to the data with protections at the device level.
At the core level, you’ll want a good antivirus solution in place. Traditional AV solutions relied on signature protection alone, which required users to keep up with the latest virus signatures for protection. More modern AV solutions combine this signature protection with both heuristic and behavioral scans, which look for known indications of malware to catch emerging threats. Make sure your AV solution offers all three at least. Also, set up rules in your RMM to flag services disabled in bulk, as malware often tries to shut down detection and recovery mechanisms to make the virus harder to detect or respond to.
Note: While we consider endpoint detection and response (EDR) solutions to be a step up from the core level, EDR solutions may soon become ubiquitous among business users. They use artificial intelligence and machine learning to locate malicious behavior on devices—going beyond files like viruses to look for any kind of unusual behavior. While strong AV is crucial, try to at least use EDR on devices for high-risk users. Also note that EDR and AV compete for resources on endpoints, so you’ll have to pick one or the other for each endpoint.
The next level concerns the applications your customers use. It’s critical to patch software when updates become available. So make sure to schedule regular patch updates during off-hours, and try to automate rules to quickly apply critical security patches for both operating systems and third-party software.
Also, at this level, try to avoid any unsupported operating systems. When vendors don’t actively support operating systems, it can start to build up vulnerabilities. So while you may have clients who really love older operating systems, it’s a major business risk to allow them to continue using it. It’s worth migrating customers—the concerns they have over changing their workflow will recede quickly enough, but a data breach can be devastating.
Training your people and your customers to be security-minded can make a huge difference in a security posture. That’s why it’s important to run regular user security trainings that include information on how to spot phishing, remain careful against other social engineering attempts, and set strong passwords. It’s worth running these trainings regularly to help improve retention and reinforce the proper behaviors among your customer base.
For that matter, while it’s beyond the core level, we do highly recommend offering password management as a service (available via N-able™ Passportal™ Site) to make sure that your customers automatically set strong passwords and you can help enforce strong password policies.
When it comes to network protection, some good low-hanging fruit involves enabling endpoint-based firewalls. Even Windows firewall offers great protection to prevent malicious network traffic. For customers requiring greater protection, next-generation firewalls offer additional capabilities like deep packet inspection to prevent malicious traffic and even some malware protection. More advanced network protection includes tools like security information and event management (SIEM) software, which are more the province of advanced managed security services providers (MSSPs) with dedicated staff.
Finally, we come to the internet level. These layers shouldn’t be neglected—as mentioned before, it’s ideal to stop attacks at this layer before they get any closer to the network (or ultimately the data).
Perhaps the most important, crucial technology to put in place here is email protection. Most email vendors like Microsoft or Google offer built-in security features with their email solutions. However, these security features may not be enough, so it helps to add an email gateway designed specifically for security.
There are a few settings to configure to help protect your customers. First, block macros to prevent weaponized documents from launching a malicious script. Second, set up scanning for link extensions to prevent malicious downloads from legitimate sites. Finally, block password-protected documents as attackers often use this to prevent scanning and detection.
Outside of email protection, set up URL filtering on the endpoint to block malicious domains. If an attack lands, they’ll reach out to a malicious server to download a payload; but having strong URL filtering can help prevent the download. Plus, good filtering can prevent users from navigating to phishing sites.
Finally, while not a security product, we recommend closing any internet-facing ports unless absolutely needed.
Honorable mention: Backup
While backup is useful for dealing with more than just security incidents and isn’t a preventive security technology, it’s absolutely an essential part of any security stack. If an attack lands, being able to restore to a safe point is critical for keeping customers operational after an attack.
In this case, it helps to look for a good, cloud-first backup. Since many ransomware attacks delete local backups, having off-site backups in the cloud is critical. Also, please be aware that online storage like DropBox or Google Drive are not backup solutions. They can’t give you a lot of the power and functionality you’ll need, so make sure to get a good, business-grade backup solution.
Staying safe today
With cybercriminals upping their game, it’s important to remain current with the latest defenses. Start by laying these foundational elements for your customers, and then you can build your way up to additional defenses.