Security Software by the Numbers: A Checklist for MSPs
Most of the MSPs responding to Channel Futures’ 2018 MSP 501 survey say they expect to grow their businesses by offering new security services. In fact, security is by far the No. 1 driver, with 73 percent of listees rating security as their fastest growing service, with 71 percent zeroing in on network security.
My advice: Provide a layered approach to protection, as well as next-gen solutions to defend against advanced threats. This enables you to meet customer demand for additional managed services and differentiate your business.
Choosing the correct cybersecurity solution can minimize the risk of incidents that affect a service provider’s reputation and can drastically reduce the costs of security management. Most conventional antivirus/antimalware solutions are highly efficient at detecting known or common threats, but lack the threat intelligence to accurately identify new or sophisticated attacks.
To avoid having customers hit by ransomware, cryptojacking, fileless attacks and other sophisticated threats, it can be tempting for MSPs to look at next-gen solutions built around machine learning, but many of them lack important layers of protection and show limited efficacy in independent, real-world tests, which are critical to making smart decisions on what to offer customers.
MSPs should follow the steps below to determine the best solutions for their existing or prospective customers.
1. Understand the threat landscape to evaluate solutions against: The threat landscape has evolved considerably over the past few years, with threat actors perfecting strategies to bypass conventional antivirus/antimalware solutions. The widespread use of exploits – known or unknown – to deliver malicious payloads has become the new norm. While most garden-variety attacks rely on exploiting known vulnerabilities that have not yet been patched, despite patches being available, advanced threats involve the use of zero-day vulnerabilities.
Even though ransomware attacks have been around for years, they are still lucrative, as evidenced by businesses across all industries getting hit regardless of their size. This is because cybercriminals employ new delivery mechanisms, exploits or polymorphism (malware with the ability to change once disseminated), to avoid detection by most antimalware solutions, including previously advanced techs like smart sandboxing. Data breaches put MSPs and their customers at serious risk of financial loss from the incident and resulting cleanup or regulatory fines, as well as potential damage to their reputation.
2. Create a feature checklist: When evaluating critical cybersecurity technology, a feature checklist should include multiple security layers. Content control, device control, web filtering and encryption are just some of the additional defenses MSPs should consider when seeking to improve web protection, block untrusted devices and prevent data theft and noncompliance for customers. These additional hardening and control features enhance protection at the user level — the weakest link in the security chain.
Machine learning, anti-exploit and continuous behavioral monitoring are some of the key technologies that can prevent or detect unknown malware or attacks; however, the differences in maturity and efficiency of these layers of protection can differ widely between vendors, and it’s often impossible to assess and compare. A good indicator of the effectiveness and efficacy of a product is its performance in independent tests.
3. Compare real-world independent test efficacy: Independent testing organizations, such as AV-TEST or NSS Labs offer an objective opinion on both real-world applications and performance of the security vendor, as well as how they address market needs. Consistent detection with low impact on user activity and a low number of false alerts are key indicators of a best-of-breed solution.
With more than 800 million malware samples now roaming the internet, according to AV-TEST, the difference between a 99 percent and 100 percent detection rate is significant for an organization that’s constantly under attack. That 1 percent could mean missing more than 8 million malware samples
The ability to accurately pinpoint threats also means MSPs won’t have to deal with false positives – legitimate applications tagged as malicious. In an MSP’s evaluation process, a security solution with a low number of false positives means less time spent investigating false alarms. While MSP offerings usually serve customers’ needs in terms of both pricing and listed specifications, security offerings need to be about efficacy and performance.
4. Evaluate the solution in a real-world environment: Testing the two or three vendors that made your shortlist is essential to finding the solution that will work best for a particular customer’s environment. This can complement independent test results and create a more accurate image of the product capabilities. Look for:
- Detection efficacy, false alerts and performance: A limited deployment of the products on customer premises can reveal how efficient they are at addressing the actual threats your customers face, revealing, for instance, that one of the products detects malware that the others missed. At the same time, MSPs can see if legitimate files are flagged as malicious, creating extra support tickets and effort for the team.
- Management capabilities: When assessing management capabilities, study ease of use in the product’s ability to deploy, monitor, investigate and address incidents, as well as its reporting capabilities. Moreover, consider at least one solution designed to manage multiple customers from the same console. Similarly, ensure that administrators can manage protection for different types of endpoints from the same console. Ideally, everything from virtual to physical endpoints should be centralized, allowing single-pane-of-glass visibility across all workloads.
- Insights from threat-intelligence sources: Connecting threats with actions not only enables early visibility into suspicious activities, but also empowers organizations to make informed decisions regarding their security posture, reducing or containing the impact of a potential security breach. There are hundreds of sources of threat intel, and not all of them are expensive. Make sure the vendors you’re considering enable you to choose the ones relevant to your customer.
Assessing and choosing the right cybersecurity solution isn’t easy, but it’s important. Fortunately, there are comprehensive security solutions that MSPs can reliably turn to for maximum efficacy against threats and minimum overhead in terms of management capabilities.
Ultimately, it’s key for MSPs to understand the security landscape and real-world challenges that customers face when assessing any security solution. Bringing capabilities to the table that address these areas not only makes for good business, but also helps strengthen your reputation as a capable, knowledgeable, results-oriented partner.
Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security.