{"id":23078,"date":"2021-08-31T15:00:12","date_gmt":"2021-08-31T14:00:12","guid":{"rendered":"https:\/\/www.n-able.com\/?p=23078"},"modified":"2025-01-31T13:50:56","modified_gmt":"2025-01-31T13:50:56","slug":"secure-your-clients-prevent-churn","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn","title":{"rendered":"Secure your clients and prevent churn with a canary"},"content":{"rendered":"<p class=\"p3\"><span class=\"s1\">Many people are familiar with the stories of coal miners using canaries to detect carbon monoxide and other toxic gases as a warning system for when they should evacuate. Even though cybersecurity is far removed from coal mining, it has an equivalent \u201ccanary in the coal mine\u201d that takes the form of indicators of compromise, or IoC for short.<\/span><\/p>\n<p class=\"p3\"><span class=\"s1\">So why should an MSP be concerned with looking for IoCs? We\u2019ll cover two of the top reasons, including early detection of client churn, but we\u2019re going to start with one of the security reasons because of recent events.<\/span><\/p>\n<h2 class=\"p4\"><span class=\"s1\">No honor among thieves <\/span><\/h2>\n<p class=\"p3\"><span class=\"s1\">Early August 2021 saw a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">disgruntled affiliate<\/span><\/a> of the Conti Ransomware cybercrime gang release their ransomware playbook and details about their C2 infrastructure, which detailed the use of legitimate remote monitoring and management software and remote desktop software to provide persistence for attackers so they could establish a more permanent foothold in an environment. <\/span><\/p>\n<p class=\"p3\"><span class=\"s1\">Attackers use legitimate IT support software because it will evade most security solutions and AV products. Attackers also never know when their initial entry point might be shut by defenders closing ports or mitigating vulnerabilities in an environment. Once those holes are patched by defenders, attackers will still have access to the environment due to the legitimate software they installed during initial stages of the compromise. In the case of remote monitoring and management software, the attackers will have system access to compromised systems, making further damage to their targets trivial via ransomware or data exfiltration.<\/span><\/p>\n<h2 class=\"p4\"><span class=\"s1\">Client churn<\/span><\/h2>\n<p class=\"p3\"><span class=\"s1\">As an MSP, client retention is a very important part of operating a successful business. Some of the same IoCs that can indicate an attacker has a presence in an environment can also indicate a competitor has been given access to your client\u2019s environment, and you may be looking at an early indicator of churn. MSPs have many tools at their disposal for gathering information about a prospect\u2019s environment prior to contract negotiations, and this may happen without the prospect\u2019s current MSP being informed. <\/span><\/p>\n<p class=\"p3\"><span class=\"s1\">By having the ability to monitor for those common tools MSPs use, such as other RMM solutions, remote desktop tools, and network scanning tools, you have an opportunity to quickly respond to the event. This can help reassure a client at danger of churning of your good security practices, and that you are closely monitoring what happens in their environments. It also gives you an opportunity to save the relationship or better prepare your business for the loss of the client. Knowing months ahead that a client may not renew a contract is better than discovering it at renewal time. <\/span><\/p>\n<h2 class=\"p4\"><span class=\"s1\">How to monitor for an IoC?<\/span><\/h2>\n<p class=\"p3\"><span class=\"s1\">Monitoring for IoCs at scale requires the use of advanced solutions like an SIEM, SOC, or something similar, but there are a lot of baseline IoCs that can be monitored for by using the N&#8209;able<sup>\u2122<\/sup> RMM or N&#8209;central<sup>\u00ae<\/sup> solution. For example, 24\/7 checks in RMM and service monitors for N-Central can alert you to <a href=\"https:\/\/me.n-able.com\/s\/article\/Registry-Hive-Monitoring-NC\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">incorrect Registry Hive permissions<\/span><\/a>, VSS being disabled, or not creating <a href=\"https:\/\/me.n-able.com\/s\/article\/VSS-Snapshot-Age-Monitor-RMM\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">timely snapshots<\/span><\/a>, with many more options available in the <a href=\"https:\/\/me.n-able.com\/s\/global-search\/%40uri#t=AutomationCookbook&#038;sort=relevancy\"><span class=\"s2\">Automation Cookbook<\/span><\/a> and the ability to add custom monitoring.<\/span><\/p>\n<p class=\"p3\"><span class=\"s1\">When you start talking about indicators of churn, RMM and <a class=\"wpil_keyword_link\" href=\"https:\/\/www.n-able.com\/products\/n-central-rmm\"   title=\"N-Central\" data-wpil-keyword-link=\"linked\"  data-wpil-monitor-id=\"11\">N-Central<\/a> are perfectly suited to the task. They have the ability to alert when applications are <a href=\"https:\/\/me.n-able.com\/s\/article\/Software-Added-or-Removed-Monitoring\" target=\"_blank\" rel=\"noopener\"><span class=\"s2\">added or removed<\/span><\/a><\/span><span class=\"s3\">,<\/span><span class=\"s1\"> or to monitor for when certain software is present on a device that can give you an early indication of competitor presence or shadow IT in your clients environments. <\/span><\/p>\n<p class=\"p3\"><span class=\"s1\">Any early warnings you can get about competitor or attacker ingress is invaluable to an MSP\u2014and automating that process is worth the effort. <\/span><\/p>\n<p class=\"p5\"><span class=\"s1\"><i>Lewis Pope is the Head Security Nerd at N&#8209;able. You can follow him on:<\/i><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>Twitter:\u00a0<\/i><a href=\"https:\/\/twitter.com\/cybersec_nerd%22%20%5Ct%20%22_blank\"><span class=\"s5\"><i>@cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>Linkedin:\u00a0<\/i><a href=\"https:\/\/www.linkedin.com\/in\/thesecuritypope\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s5\"><i>thesecuritypope<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p6\"><span class=\"s4\"><i>Twitch:\u00a0<\/i><a href=\"https:\/\/www.twitch.tv\/cybersec_nerd\" target=\"_blank\" rel=\"noopener\"><span class=\"s5\"><i>cybersec_nerd<\/i><\/span><\/a><\/span><\/p>\n<p class=\"p5\"><span class=\"s1\">\u00a0<\/span><\/p>\n<p class=\"p5\"><span class=\"s1\">\u00a9 2021 N&#8209;able Solutions ULC and N&#8209;able Technologies Ltd. All rights reserved.<\/span><\/p>\n<p class=\"p5\"><span class=\"s1\">The N&#8209;able trademarks, service marks, and logos are the exclusive property of N&#8209;able Solutions ULC and N&#8209;able Technologies Ltd.\u00a0 All other trademarks are the property of their respective owners.<\/span><\/p>\n<p class=\"p5\"><span class=\"s1\">This document is provided for informational purposes only. Information and views expressed in this document may change and\/or may not be applicable to you.\u00a0 N&#8209;able makes no warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information contained herein.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for general business health. Lewis Pope explains.<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-23078","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Secure your clients and prevent churn with a canary - N-able<\/title>\n<meta name=\"description\" content=\"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Secure your clients and prevent churn with a canary - N-able\" \/>\n<meta property=\"og:description\" content=\"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-31T14:00:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-31T13:50:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"720\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lewis Pope\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lewis Pope\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\"},\"author\":{\"name\":\"Lewis Pope\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\"},\"headline\":\"Secure your clients and prevent churn with a canary\",\"datePublished\":\"2021-08-31T15:00:12+01:00\",\"dateModified\":\"2025-01-31T13:50:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\"},\"wordCount\":731,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"articleSection\":[\"Head Nerds\",\"Security\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\",\"url\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\",\"name\":\"Secure your clients and prevent churn with a canary - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es#website\"},\"datePublished\":\"2021-08-31T15:00:12+01:00\",\"dateModified\":\"2025-01-31T13:50:56+00:00\",\"description\":\"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Head Nerds\",\"item\":\"https:\/\/www.n-able.com\/es\/blog\/category\/head-nerds-es\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Secure your clients and prevent churn with a canary\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/es#website\",\"url\":\"https:\/\/www.n-able.com\/es\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/es?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/es#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/es\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae\",\"name\":\"Lewis Pope\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g\",\"caption\":\"Lewis Pope\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Secure your clients and prevent churn with a canary - N-able","description":"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn","og_locale":"es_ES","og_type":"article","og_title":"Secure your clients and prevent churn with a canary - N-able","og_description":"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.","og_url":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2021-08-31T14:00:12+00:00","article_modified_time":"2025-01-31T13:50:56+00:00","og_image":[{"width":720,"height":356,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg","type":"image\/jpeg"}],"author":"Lewis Pope","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/04\/blog-Lewis-Pope.jpg","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"Lewis Pope","Tiempo de lectura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn"},"author":{"name":"Lewis Pope","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae"},"headline":"Secure your clients and prevent churn with a canary","datePublished":"2021-08-31T15:00:12+01:00","dateModified":"2025-01-31T13:50:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn"},"wordCount":731,"publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"articleSection":["Head Nerds","Security"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn","url":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn","name":"Secure your clients and prevent churn with a canary - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/es#website"},"datePublished":"2021-08-31T15:00:12+01:00","dateModified":"2025-01-31T13:50:56+00:00","description":"Indicators of compromise are important things for MSPs to monitor within their clients\u2014not just for security, but also for business health.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/es\/blog\/secure-your-clients-prevent-churn#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Head Nerds","item":"https:\/\/www.n-able.com\/es\/blog\/category\/head-nerds-es"},{"@type":"ListItem","position":2,"name":"Secure your clients and prevent churn with a canary"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/es#website","url":"https:\/\/www.n-able.com\/es","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/es?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/es#organization","name":"N-able","url":"https:\/\/www.n-able.com\/es","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/32c214c92846fdd7b16459b9236c12ae","name":"Lewis Pope","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f61d746b384dec3b7d702cd5a5e62b2d6a9722dd83df5ae50505361c3a3eadb1?s=96&d=mm&r=g","caption":"Lewis Pope"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/23078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/comments?post=23078"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/23078\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/media?parent=23078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}