By William Leichter, Virsec
MSPs are playing an increasingly important role in security for a growing number of customers. As businesses continue to move IT infrastructure to the cloud and virtual desktops in response to the COVID-19 pandemic and remote work migration, many of the traditional network security functions, like firewalls, ISP, and anti-malware are being outsourced. But as businesses worry less about networks, they need to shift their focus to protecting what really matters: their critical applications and data. Or as I like to call them, the company’s “crown jewels.”
Ransomware attacks have grown aggressively this year. Organizations in the U.S. experienced a 109% YOY increase in attacks through just the first half of 2020. While there are some basic steps that every MSP needs to take to help prevent these attacks – like developing incident response plans, implementing multi-factor authentication, using strong and unique passwords for all accounts, and restricting network access to pre-approved IP addresses from clients – MSPs must find the best security vendor and partner to ensure the safety of customer data. This means identifying a vendor that delivers application-aware server workload protection to keep businesses safe from both known and unknown threats.
Assessing Security Vendors
MSPs themselves are a highly attractive target for cybercrime, with one breach giving cybercriminals access to all their clients’ environments for ransomware or other types of attacks. In a recent survey, 37% of participants said they felt their MSP business was more prone to cybercrime risk as compared to in 2019. The same report found that 77% of MSPs stated that no less than 10 to 20 percent of their clients have experienced at least one cyberattack in 2020.
The stakes are higher than ever. When evaluating security vendors and deciding which ones to trust with this highly sensitive information, MSPs need to reassess their requirements and ask some new questions before deciding. Many conventional security tools, designed for customer-managed networks, require far too much ongoing work tuning, tweaking, adjusting policies, and chasing down false alerts. This high-touch model is not nearly as scalable or sustainable as companies need from outsourced security.
Four Questions MSPs Need To Ask Security Vendors
- Does the solution require constant signature or policy updates?
Blacklisting everything bad is a dying security model. It is not effective for protecting server-based workloads and lacks the automation needed to keep you protected against the evolving cyber threats in today’s world. Instead, look for solutions that detect threats and exploits automatically, without requiring signatures of known malware.
- Does the solution require extensive, ongoing learning or tuning to be effective?
MSPs need to stay up to date on their technology offerings for clients, and they cannot afford to be spending extra time, money, and resources tuning to ensure security. Solutions requiring extensive learning and tuning to be effective are not the right fit. Look for a solution that scales easily, not one that is costly to constantly tune. MSPs cannot afford to update every customer’s security system every time there is a new patch or code update.
- Does the solution create a lot of unnecessary noise?
Too many alerts, whether true or false, inevitably drown out real threats and undermine security effectiveness. MSPs especially need tools that cut through the noise, separate possible threats from real attacks, and only provide actionable information to the customer.
- Does the solution use a positive security model vs. a negative security model?
Advanced tools using a positive model based on whitelisting only allow trusted applications, files, processes, and libraries to run, and can detect unauthorized deviations as code executes, down to the memory level. Negative security models, based on blacklisting, stop everything that could be bad, creating a never-ending, no-win model. Ensuring that critical applications and resources only do the right thing is a finite, solvable problem, and offer much greater security and automation, especially for MSPs.
MSPs have a lot on their plates and security should seamlessly integrate with their work, automatically keeping them and their customers safe while running in the background. This year, the most important aspect of effective security solutions is the elimination of false alerts - no signatures, no tuning, no noise! Keeping this top of mind when assessing security vendors is the key to ensuring better, more automated security for all.
About The Author
William Leichter is VP of Product Management for Virsec.