MSPs must master cybersecurity II

James Shepperd

MSPs of all kinds provide support for the IT business needs of multiple sectors, with client numbers ranging from dozens to hundreds, or even thousands of clients. To provide comprehensive a service they must also understand their role in keeping clients safe. To do that, increasingly involves zooming in on infrastructure and process and having to the capacity to understand and act when there are indications that malicious activity is afoot.

And as businesses face increasing threats to revenue and reputation from both malicious actors and regulation, they’ve turned to MSPs in larger numbers for well-managed services. However, as many security execs have opined, MSPs must master cybersecurity.

Keys to the kingdom – a tasty target
Let’s face it, in digital terms MSPs have become as integral to business as parcel delivery services, as well as building management and security. These ‘big three’, have played a vital role in driving “corporate” business for close to a century, enabling business function and continuity. Only in the digital realm, for these services to be provided at their most efficient involves unifying them under one roof. It means that to create efficiencies of scale an MSP has to offer comprehensive service to win privileged access to both data and systems of a large number of client networks.

Logically, to A. protect their businesses and B. protect the entire fabric of the business ecosystems their clients belong to (industry vertical/supply chain), MSPs have to put cybersecurity at the center of their business case.

The stakes are high, even for small MSPs because poor internal security practices and/or service provision could result in Supply chain attacks, ransomware, DDoS, corporate espionage, cryptolocking, etc. and affect any or all clients, as well as the business verticals they belong to.

Discussing the links between the current MSP landscape and cyberthreats to business, one observer, Chris Loehr, executive vice president of Texas-based Solis Security Loehr cited that a “preponderance of low-quality MSPs has fostered the current (ransomware) onslaught.“

Loehr, who was among the early responders when GandCrab ransomware struck MSPs in early 2019, noted in the Houston Chronical:

Desptie the ease of entry, pursuing success via the MSP business model shouldn’t be taken lightly. Increasing client-side demands, especially around security and more visible malicious campaigns like GandCrab mean that MSPs are being asked to demonstrate their mastery of cybersecurity to clients. Added to that, they are simultaneously joining the long lists of targeted businesses. Thus, the need for mastery is a two-pronged challenge.

Who better to trust
Looking at the marketplace, many MSPs, well-positioned in both cash and capacity have already made the jump to being Managed Security Service Providers (MSSPs). While smaller MSPs may doubt their fitness, increasingly user and business friendly tools have emerged that can enable them to rapidly widen their service offer.

Within the borders of existing popular dashboard architecture like ConnectWise’s Automate or SolarWinds N-Central, the functionality of a well-regarded security suite can be added within minutes to complement existing dashboard functionality with a Direct Endpoint Plugin (DEM plugins).

Among cybersecurity vendors in the MSP space, with 6000 plus partners, ESET is a technology leader and offers (DEM) plugins for popular platforms including:

With these DEM plugins there is no need to install any remote administration server or set up a cloud console. Our Direct Endpoint Management plugins integrate with RMMs at the dashboard level, helping MSPs achieve a high degree of automation from day one. This also means that you can raise your security with almost immediate effect.

ESET RMM integrations are created to be robust in terms of both security and functionality. The plugins allow the MSP administrator to perform these tasks with ESET Security products:

The available solutions include ESET Endpoint Security, ESET Endpoint Antivirus, ESET File Security for Microsoft Windows Server, and ESET Mail Security for Microsoft Exchange Server. MSP administrators can also employ RMMs to manage endpoints with the macOS operating system.

The new plugins join an even longer list ESET solutions that enable MSPs to leverage ESET’s security suite via our ESET Remote Administrator management console, while also maintaining access to their existing management infrastructure. These include:

For those MSPs whose integration is not on the ESET list, there’s the special eRMM functionality that is part of ESET endpoint solutions. In that manner, many MSPs have the potential to switch to an ESET-supported RMM, and can connect endpoints to their RMM agent with a bit of settings tweaking.

Trickle-down cybersecurity?
Having adopted a strengthened cybersecurity posture derived from systems capable providing protection levels worthy of enterprise targets, both MSP and clients can take benefit.

Now some may ask whether deploying aspects of an advanced suite of enterprise tools for an MSP is proportional to the risk faced by MSPs and clients alike.

If you are unsure about the efficacy of employing enterprise tools for your MSP operation, you might consider pursuing a security audit internally as well looking at your client-facing security offer. But ESET telemetry, and detections industry wide show reasons to be wary. For more motivation to answer the abovementioned question, imagine your top 10 clients suffering a breach or other security incident. Now imagine if that breach were traceable to your service via some basic tools of the trade – for example, via a hacked remote desktop protocol or poor implementation of 2FA.

A recent article by ESET Senior Researcher Stephen Cobb, “Criminal hacking hits Managed Service Providers: Reasons and responses,” discusses how MSPs have “raised the standard of due care” in light of recent attacks. “If you suffer a data breach – either as an MSP or the client of an MSP – you cannot reasonably defend legal challenges to your security posture on the grounds that you were unaware serious criminals were active in this space.”

Future Proofing – MSSPs modeled after enterprises?
Cobb offers a rationale for implementing the following eight measures: application whitelisting, application patching, application hardening, restricting administrative privileges, multi-factor authentication, OS patching, daily backups and adjusting Microsoft Office macro settings.

The other guidance offered by Stephen Cobb was deployment of Endpoint Detection and Response (EDR) which allow security desks to help with the identification of irregular/anomalous behavior and breaches. They also aid in risk assessment, incident response, investigations and remediation.

While EDR solutions and other advanced kit do represent additional costs and demand additional skills beyond standard endpoint protection platforms, MSP/MSSP operators should consider their cybersecurity maturity as a key selling point and a core necessity for their sustained business operations. Case in point: Engaging with threat data at this level means that the MSP can not only protect itself, but it can demonstrate its security prowess to clients.

On one hand, with this trend set to strengthen, one only has to look to how the security environment evolving to pose new challenges to both MSPs and their clients. On the other hand, the environment is creating yielding new business opportunities. To fight for these, many technologies are within close reach as are detailed roadmaps to improved security, security services and growth.