MSPs Must Prepare for New Cyber Attacks

Liviu Arsene

May 02, 2018

MSPs Must Prepare for New Cyber Attacks

The main goal of MSPs is to help businesses grow by ensuring agility, scalability, and security. This means MSPS need to constantly learn and adapt to sophisticated threats, and deliver a full complement of security services and technologies that address individual risks for each company. Consequently, MSPs need to stay on-par with security trends and pay close attention to both threats and cutting-edge technologies that can mitigate them.

Security layers augmented by machine learning, hyper-detection capabilities, and automated EDR tools that can reduce the amount of “noise” caused by traditional EDR solutions, will not only bring additional value to an MSPs offering, but also dramatically improve their efficiency and ability to react to new threats.

Layered protection ranging from content control to device control and anti-exploit technologies are significantly more powerful and more effective in detecting and blocking threats if they’re all part of the single agent, reporting in a single, centralized console. Instead of stacking security technologies from various security vendors, having a unified threat protection agent that’s capable of deploying the entire security stack on endpoints (either virtual or physical) without inflicting performance penalties is effective method – both security and operational wise – for securing any type of infrastructure.

Security that’s built to support hybrid, local, cloud, virtual, or physical infrastructures all under the same management console, offers MSPs and their clients more visibility, more control, and more security without negatively impacting affecting performance, costs, or management.

1. Be sure you are protected against advanced ransomware attacks.

Focusing on the prevention part of ransomware should be an MSPs main focus. By offering clients security technologies that prevent ransomware at the pre-execution level is far more effective than doing damage control post-infection. Cybersecurity solutions that leverage advanced machine learning algorithms laced within all security layers, have the ability to detect and block polymorphic or highly obfuscated ransomware before any data is lost and business continuity affected.

Readying post-infection technologies, such as data backup and recovery, MSPs can help offer their clients the right tools and practices for ensuring business continuity. By treating ransomware as a hardware failure, MSPs should be able to help clients recover any potentially lost data and minimize any financial or service uptime disturbance. Because advanced ransomware will have the ability to move laterally across networks – sometimes by using various tools, such as Mimikatz, to steal credentials directly from memory – MSPs should consider security technologies specifically built to detect these memory manipulation techniques. Combined with machine learning-based layered
protection, MSPs can offer customers added value by tackling the treat using proactive technologies.

2. Integrate anti-exploit technologies able to detect Zero-Day exploits

Simply deploying traditional security technologies for protecting a client’s infrastructure is not enough. Breakthrough technologies that augment the current security stack with new visibility, proactivity, and monitoring capabilities designed to detect and prevent advanced threats will
offer MSPs the value their customers are looking for. Understanding the client’s environment and selectively layering security defenses and technologies specifically built to address their needs makes a huge difference.

Integrating technologies that are capable of understanding the attack techniques threat actors use to exploit unknown vulnerabilities in software or operating systems, means less better prevention and less work for MSPs. Memory introspection technologies that focus on the “how” threats operate instead of “what” they actually are, enable MSPs to prevent known or unknown vulnerabilities from being exploited to deliver threats.

This additional security layer can be completely isolated from the virtual workload, while at the same time enable full visibility into how memory manipulation techniques associated with zero-day vulnerabilities can be prevented.

3. Help customers avoid data breaches and non-compliance

This year’s data breaches ranged from Equifax – affecting 145.5 million people – to Yahoo which estimated that 3 billion customer accounts have been affected.

MSPs need not just help companies with compliance – or more immediate, GDPR compliance - by offering tools and services that adhere to the new regulatory demands, but they also need to be compliant themselves. With compliance varying on both the client’s and on the MSPs end, it needs to be balanced to be addressed by both. This means they have to also have to be individually compliant as well as how they operate together. Increased mobility is also a compliance factor that makes disk encryption mandatory, meaning that MSPs also need to work with customer companies to achieve this.

4. Improve incident response times with one security dashboard.

Having complete visibility across the client’s entire infrastructure – physical and virtual – can help MSPs implement rapid incident response actions. With the ability to immediately react to a client’s needs from anywhere at any time, an MSPs value dramatically increases. Using cloud-based tools, consoles, dashboards, and automated detection and response tools that aggregate threat intelligence in a human-readable and comprehensive way, helps MSPs significantly minimize incidents responses.

5. Strengthen email security and protection against fileless attacks.

While spam has become a common occurrence for any organization, it’s worth noting that it’s still one of the most effective methods for delivering malware, advanced persistent threats (APTs), and even ransomware. However, since 2017 we’ve seen an increase in malicious attachments that contain payloads written in scripting languages such as PERL or Python. These fileless attacks that leverage PowerShell will continue to proliferate.

The fact that Windows 10 adoption is also increasing and supporting Linux Bash, could lead to a surge in fileless malware delivered through spam. This means that MSPs need to focus on securing email servers and endpoints with security technologies specifically designed to detect fileless attacks and prevent malicious attachments from reaching or being executed on employee endpoints.

tags


Author


Liviu Arsene

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.

View all posts

You might also like

Bookmarks


loader