MSPs face multiple challenges when it comes to the need to secure their customers in the most efficient and scalable way possible. From troublesome users to cumbersome tools to the challenges of onboarding new customers, it can be difficult to consistently and fully protect each endpoint. A few weeks ago at IT Nation, I presented on the threats faced by MSPs in the modern threat landscape, as well as how to close the gaps in their defenses. Here are the key takeaways:
1. Cybercrime is not an event; it’s a business model
Cybercrime took some time to catch up, but, like the rest of IT, it has evolved to be faster and more focused on recurring revenue (in this case, for hackers). Previously, hackers were operating in a fairly nonscalable and expensive way: doing their own research, building their own tools, running their own servers and monetizing the data. Doing everything themselves was very resource-intensive, which meant acting like a project-based shop and going for the largest possible targets.
In contrast, today’s cybercriminals are agile, connected and collaborative, with their own vendors and service providers. They have transformed cybercrime into a distributed underground economy where one can buy perpetual licenses or subscribe to SaaS cybercrime tools, rent infrastructure, and even buy and sell data efficiently. With less business and technology costs to worry about, bad actors have also begun to go after smaller targets.
In the old model, an SMB with $80,000 in its bank account would not be a big enough target for these attackers. However, in the new ecosystem, the SMB would be an appealing target, and probably isn’t as well-protected as larger corporations. According to recent research by the National Cyber Security Alliance, attacks against SMBs accounted for 41 percent of all attacks in 2013, and SMBs are 15 times more likely to be breached.
2. SMBs are facing multiple infection vectors
Along with a barrage of new bad actors targeting SMBs, infection vectors have expanded in scope, depth and efficacy as criminals have specialized in certain tactics. Phishing emails, once laughably awful, have become sleek, professional and awfully hard to differentiate from the real thing. An explosion in exploit kits, which are plug-and-play tools to push an executable through the browser, have allowed them to set up drive-by download sites faster and more efficiently than ever. Malvertising has also hit its inflection point, allowing criminals to drive traffic to sites that infect users and providing an additional area of concern for security teams. The paradigm of infections caused by users going to inappropriate sites has gone the way of the fax machine as criminals have spread their reach, enhanced their techniques and refined their business models.
In addition, secondary marketplaces for ill-gotten gains have sprung up all over the Internet, hawking everything from credit cards and Social Security numbers to medical records. This secondary market makes SMBs even more attractive, as criminals can choose whether to spend their own time extracting money from targets or to sell it to other criminals who are happy to pay for stolen data and use it to extract money.
3. Firewalls and antivirus are not enough
In the face of this thriving threat landscape, it’s essential to look beyond traditional security measures to protect your business and your customers. Cybercriminals are now running a business, and they are investing in technology to get around firewalls and antivirus. One of the biggest areas of investment in new cybercrime technology has focused on crypters and anti-sandboxing wrappers. These tools modify malware’s signatures to look just different enough to evade detection by signature-based security tools. These tools often come complete with subscription-based, automated QA that regularly checks the malware against up-to-date antivirus definitions to ensure that they can evade even the most up-to-date security appliances. With these enhancements, even commodity malware can be re-packaged to become a zero-day threat to your organization.
4. To keep pace with today’s threats, MSPs need to strengthen their security
So as an MSP, what can you do to protect yourself? I’m not saying you should rip out your firewall and antivirus, as these layers do protect against some attack vectors. But they do need a layer above them to give you a fighting chance against modern attacks. Think of your security stack like bullet-proof glass: multiple layers of different materials working together to stop a bullet or, in your case, an infection. When looking for an additional layer, it’s critical to get an advanced security layer that uses a truly different approach to security--not just the same engine with a new delivery model.
5. Standardizing security across your customer base will maximize efficiency and profit
As a growing MSP, you’re probably wondering, “How can I ensure a robust security system is in place for all my customers?” This is particularly difficult for MSPs, as there are a number of uncommon factors among customers that can make standardization tricky: Performance issues on customer-owned equipment that force antivirus exceptions, unique network topologies that force the use of different firewalls, and hardware lock-in because of prior purchases are just a few common scenarios.
You need to find a way to offer scalable security to everyone without disrupting network performance, which is where a tool like Umbrella for MSPs can help. Umbrella for MSPs is a cloud-based security layer that uses big data algorithmic learning, not signatures, to protect users against the latest advanced threats. It’s delivered over the DNS layer, allowing you to protect any user, on any device, in minutes and without impacting performance. OpenDNS Umbrella protects the world’s largest brands, and Umbrella for MSPs adds full multitenancy, centralized settings and PSA integrations, enabling MSPs to strengthen and standardize SMB security with an enterprise-grade layer.
These recommendations are just the tip of the iceberg when it comes to strategies for improving security efficacy and performance. To get the full story, you can see my full presentation here.
Dima Kumets is MSP Product Manager at OpenDNS. Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.