How to Improve Your Cybersecurity Game 

The MSP channel has been haunted by cyberattacks in recent years and the threats keep coming and getting more sophisticated. With the recent issues in the news, we’ll have to make sure that we’re prepared for whatever may come our way. That’s the bad news.  

The good news is that we’re getting better at addressing them and responding appropriately. So what is it that we’re doing to improve this situation and how can we continue to improve? 

According to Kevin Nejad, the CEO of Vijilan Security, MSPs are doing a much better job now than they were a few years ago – especially during the pandemic. They have adopted current technologies and have grown beyond expectations. Kevin made these comments during an episode of “Sunny’s Silver Linings” podcast, and went on to give a really good summation of the state of the MSP channel in the age of cybersecurity and what we can do to improve even more. 

But how can Kevin be so optimistic? I mean, come on, we’re seeing unprecedented attacks take place, especially among the infrastructure that supports the work-at-home teams. The bad guys are exploiting the known vulnerabilities and existing weaknesses in these systems and applications. The recent attacks on our own solution providers like Kaseya and SolarWinds were very well done. The attackers cleaned the crime scene so thoroughly that investigators couldn’t even prove where the intruders came from, which means that the digital footprints were very well removed. So how can he be so optimistic that things are improving? 

“Today’s MSPs have very good security stacks,” Kevin said. “Vijilan conducted a survey of about 1,500 MSPs in various industries and looked at the types of technologies that they are using, the types of services they’re providing, and we noticed some commonalities among the technologies being used.” 

Kevin cited the top five security stacks being used:  

  • EDRs 
  • Email security 
  • Backup and disaster recovery 
  • Solid network management operations (identify and patch vulnerabilities, etc.) 
  • Security monitoring (log management, log analysis, 24/7 response, etc.) 

He noted that one area being monitored is the time it takes for MSPs to identify an intruder. The time period is from when an intruder breaks into an environment up to the point when they are identified, eradicated or contained. This period is called “dwell time”. It takes time, however. He said that MSPs have managed to reduce that time by a number of ways: incorporating EDRs, actively monitoring clients’ environments, etc.  

Another sign of improvement is that 60% of the incidents which were reported to law enforcement were reported by the MSPs or clients because they now have greater insight into the affected environments. Earlier, it was the FBI or law enforcement who would first approach the MSP or client every time there was a breach. Now that has shifted because of the better insight into environments and MSPs are more proactive on identifying these incidents and taking action. 

Good job! 

Now, how can you reduce the cost of data breaches? I mean, the cost of security breaches has increased by 10% in the last 7 years, according to Kevin. So what to do? 

You must have some or all of these strategies in place: 

  • EDRs (endpoint protection, which covers laptops, workstations and servers) and XDRs. These are complementary to each other. End points are the critical areas of the attack surface. 
  • XDR = Extended Detection and Response (includes firewalls, routers, etc.) 
  • MDR = Managed Detection and Response 
  • XMDR = SOC + NOC (SNOC). This helps you manage a wide area of clients’ environments and their critical assets, including firewalls, routers, switches, and servers.  

Kevin advises that you continue to reduce the dwell time. You must respond in seconds or minutes, not hours. Also key is to implement automated monitoring of file servers, firewalls, cloud applications, switchers, and routers, etc. Quarantine the user (or isolate the device) or have a rollback option within the EDRs, and leverage any technologies that are part of the SIEM platform that can act based on the findings. Kevin said that this trend has been shortening the dwell time significantly year after year.  

If you don’t offer security support but can’t afford to develop your own team, Kevin advises that you consider partnering with a third-party security vendor. But the challenge is finding one that will be reliable and align culturally. He suggests you ask the following questions when interviewing vendors: 

  • “Do you manage just the endpoints (EDRs) or beyond to include firewalls and routers?” 
  • “Can you collect logs from all of your technologies, parse and normalize that data between different datasets and vendors?” 
  • “Do you have deep integration with other products so that you can respond to threats automatically or manually?” 
  • “Do we align culturally?” 

This is great food for thought. So go put these into practice if you don’t already and let’s stay ahead of the bad guys as best we can. Click here to listen to the full podcast with Kevin Nejad. 

User Avatar
Kam Kaila

Kam Attwal-Kaila is a Partner and President of IT By Design. Having been with the company since 2005, Kam is ITBD’s Brand Ambassador and responsible for building the brand worldwide. She leads the company’s Community initiatives and is the engine behind Build IT; a channel event that facilitates sharing of knowledge by channel educators through templates, tools, and scorecards that help MSPs grow. Along with being a Partner of ITBD, she is the recipient of numerous accolades for channel excellence, including multiple Woman of the Channel and Power 70 accolades, and Influencer of the Year. She is a leader in providing educational content to the IT Channel at other events, webinars, and channel publications.

Kam has a double master’s degree from Rutgers University and the New Jersey Institute of Technology. She has been a professor at Rutgers University and Hudson County College. A mother of three, she is actively involved with her family and community work.

Leave A Reply

Your email address will not be published. Required fields are marked *