Attacks on endpoint devices are intensifying and becoming increasingly more effective with each passing year. From Zero-day exploits and polymorphic malware to DNS hacks, the methods cybercriminals use to continually barrage the SMB are growing in complexity, creativity, and callousness. After years of seeing these threats transform and expand, it was evident that traditional MSP tools are not robust enough to stop modern-day cybercriminals.
Typical channel network security offerings include antivirus, anti-spyware, routers, firewalls, and intrusion detection. As an MSP, your job is to manage those applications and monitor traffic and performance. While these solutions and protection methods are essential and part of baseline security for a reason, adding other protection measures on top of that stack is critical in today’s volatile environment. A layered approach provides more safeguards.
At a minimum, security should be all-encompassing. A best practice is to cover every potential point of failure with at least two layers of defence. MSPs should also receive an alert when there is a breach in the initial protection or if any other system begins to falter or fails at any point. This approach gets the attention of tech professionals, while second and even third lines of defence will help slow down attackers or encourage them to look for lower hanging fruit (easier marks). Creating a buffer allows MSPs enough time to assess the situation and address the problems accordingly.
Unfortunately, 100% reliable protection is an impossible goal − determined cybercriminals will undoubtedly find a way into businesses they target. A layered security approach may not stop every attack or circumvent all careless employees, but it can improve a business’s ability to spot potential threats and give their IT teams or MSPs enough time to neutralize the attacks.
There are a number of additional provisions MSPs can take on to protect SMBs, including the options covered below.
Almost all web traffic requires DNS queries. This is the first step when a user connects to a website, which also creates an excellent opportunity for cybercriminals to conduct a variety of attacks. For example, DNS hijacking redirects unsuspecting users to a spoof website designed to collect sensitive personal information.
These pages negatively reflect on the real business and can incur other liabilities if not discovered soon enough. Phishing, malware, and ransomware scams all use DNS servers to connect users to infrastructure that can power even more severe and costly incidents. For example, DDoS attacks send a large volume of traffic to a website and overwhelm the servers, causing them to crash and go offline until the problems can be resolved. Amplification attacks turn small queries into larger strings, leading to similarly detrimental results and additional support.
Those potential vulnerabilities make DNS security a vital focal point for MSPs. The basics include monitoring DNS requests and IP connections to ensure no malicious activity is taking place. That step will dramatically improve network protection and security visibility. Adding DNS-layer security to the mix strengthens the protection layers by blocking suspicious requests, preventing infiltration, stopping malware, and averting call-backs to attackers.
Network Protection Options
VPN and proxy servers are an extremely valuable piece of a layered security plan, though neither will keep savvy cybercriminals at bay on their own. Combined, they block malicious traffic and intrusions and allow users to access business applications and other sensitive systems securely.
Employees browsing the internet without any protections allow traffic to flow freely between their IP addresses and public sites. That creates a significant security risk, especially in a work from home environment with less corporate controls. If an employee visits a suspicious website infected with malware, their computer and the corporate network will likely be exposed and possibly corrupted. Adding a proxy server circumvents this potential threat by creating a layer of anonymity. These technologies also prevent malicious traffic from getting into the system and stop traffic (files and communications) from going out to these malicious sites.
Now add a VPN to the mix. These technologies allow users to access the corporate network from the public internet through what is essentially an encrypted tunnel. VPN sessions allow employees to share data safely and securely across networks from any location while masking their IP address. That not only creates an added layer of privacy for users but protects their employers from cyberattacks inside their protected networks.
New Cloud Defences
Microsoft 365 has been hugely successful. Unfortunately, as more companies standardize on a single platform, those solutions end up in the crosshairs of a broader community of cybercriminals. Despite the increased security capabilities of these multifunctional platforms, their focus is on business and personal applications, not on defence.
Your clients need to understand that there are inherent risks associated with popular platforms. They need more comprehensive coverage. For example, adding an email filtering and encryption to the mix will help protect sensitive company information by blocking unauthorized access to messages and validating outbound traffic.
A secure email archiving and backup offering can also help MSPs address their clients’ compliance requirements and business continuity goals. Every added layer of security will delay if not foil the ever-changing attacks by cybercriminals.
This list of layered security options is certainly not all-inclusive. However, these are relevant and reasonably easy to implement solutions that every MSP could implement to protect their clients data better and ensure their own peace of mind.
Author: Greg Aiken