TitanHQ

Bullet Proofing Managed Networks for MSPs

Pillars of the Modern MSP Security Tech Stack

Advanced DNS security and content filtering is a vital security layer is further bullet proofing managed networks for MSPs. Through discussions with thousands of MSPs during the year, we have found that there are 5 constant pillars to a successful MSP security stack.

Recent research carried out by Channel Futures found that 73 percent of MSPs rated security as their fastest growing service. The difficulty for MSPs isn't whether to invest in security-as-a-service, but how to offer that service, so that it includes all the tools required to cover customers security needs.

Your customers are getting more educated about data breaches and how easily they can happen. The fact is, SMBs are reading the headlines, they know they need better security. They will buy security services from your company, or they’ll find another MSP that can protect them — in addition to the traditional managed services (such as network management, on-premises servers, on-premises storage) you’re currently offering.  If they haven’t already, your customer will start demanding security layers from their MSP. It’s time to get your security offering ready.

Key Layers of a Security Stack for MSPs

1) Email Security – SpamTitan
As the onslaught of phishing attacks and ransomware continues, IT budgets are being built with security in mind …even for the small and mid-size enterprise.  This should not be a surprise to anyone, given the regular headlines reporting countless exploits where hackers have undermined an O365 environment. Security is a feature that Microsoft has added to 0365 but for most organizations, this does not meet their security benchmarks. A recent study found that one in three business owners do not have safeguards in place to combat cyber breaches and 60% of small businesses that suffer a breach go out of business within six months.

As email security experts with over 20 years’ experience, we know new malware can penetrate the usual email filtering mechanisms. It has long been the case that older email protection technologies, like analysis reputation and fingerprinting, are no longer effective against the evolution of these threats. Recent research by Osterman identifies that Microsoft’s EOP can detect 100% of all known viruses with updates every 15 minutes. However, the research found it to be less effective against unknown or new malware delivered by email.

Email continues to be extremely important in modern business communication. Every day, millions of emails are sent from companies to customers and suppliers, from employees to their managers and from one coworker to another. The permanent relevance of email in organizations, affected by increasing security concerns associated with phishing, web threat and data leakage,  pushes MSPs to provide email security on top of the existing email infrastructure. The challenge for MSPs is to choose a robust security service that will become a value-added service that allows them to earn optimal margin. As the frequency of email attacks continues to increase, businesses will be looking to MSPs to help secure their environments. Organizations of all sizes now expect their MSPs to be able to secure their email environment as part of a larger suite of services.

For MSPs, it’s vital to articulate the impact of email-borne threats to the customers and then explain the importance of building a layered cybersecurity defense starting with email security services. To maximize protection and minimize risk SMBs should have a layered security solution in place. Layered security provides protection first at the perimeter level through endpoint and email protection, content and DNS filtering. It also delivers user-level security through AV protection, patch management, critical file backup, regular vulnerability scanning, password management, and disk encryption.

Attackers use email as a vehicle for phishing attacks and malicious attachments. You can use different options when dealing with email filtering. Email filtering will stop a lot of malicious content from entering the network. Email filtering controls mail flow and blocks spam, viruses, malware, ransomware and links to malicious websites.  It is best to choose a solution that also incorporates anti-virus protection that can strip malware attachments before they penetrate the network.  Those companies that use a cloud-based email solution such as Office 365 should consider supplementing the very basic protection included in these packages with a third party solution built from the ground up to fully protect the users' inbox.

More about SpamTitan for MSPs.

2) Web Security & DNS Filtering
Filtering email stops malicious files from entering the network, but what if your users get an email with a malicious link on their private accounts that they access from work? Let’s go beyond the company's email security protecting against spam and phishing attacks. With the WebTitan DNS filter,  MSPs can provide a service that helps organizations filter and block malicious web traffic.

Filtering web content will help protect your network from users accessing malicious sites during business hours and while using the corporate network to browse. Content filtering can also block sites unrelated to employee productivity, so you can block sites like gambling that can be used for scams.

Like its email security counterpart tool, web filtering must do more than just block offensive content and unproductive websites.  It now plays a key part of the security arsenal in a layered defense system.  A modern-day web filtering solution must do more than simply scan domain names, however.  It must be able to granularly filter malicious web content in order to block malicious sites, malware, viruses, malvertising, and ransomware.  Whether you manage a corporation or a coffee shop, if your business provides web access to users, it needs to protect them with web filtering that is both content and security driven.

DNS Filtering

Instead of using just web content filtering, you can add DNS filtering to your layers. DNS filtering blocks sites from being accessed during the nameserver lookup phase of web browsing. This added layer stops malicious traffic before it ever has a chance to reach the internal network.  This is because the server connection is cut at the DNS stage of connecting a friendly name to its associated IP address. Whether you are a company with remote workers that utilize public Wi-Fi to conduct business or a school implementing a one-to-one laptop program for your student body, you need to protect your devices both on and off-premise. With so many facets of the traditional datacentre being migrated to the cloud, it only makes sense that web filtering is hosted there as well.

Cloud-based DNS web filtering is fast becoming the implementation of choice for many organizations.  With the insertion of simple client code on your enterprise devices, users can be forced to interact with a designated DNS no matter what the location of the device.  Furthermore, protection is blocked before any HTML code is even accessed for malicious websites, preventing the web session from starting.

WebTitan DNS filtering provides a point of enforcement, monitors and enforces acceptable web use policies, and blocks access to malicious websites. WebTitan DNS Security also includes comprehensive reports like the top-10 most visited domains, website categories and blocked domains to enable improved usage to help manage usage and deepen the analysis of security incidents.

A primary weakness of on-premises content filtering appliances or endpoint software protection is that the enterprise must wait until the threat reaches the perimeter before it can be detected and managed properly.   What if you could eradicate malicious threats before it comes anywhere near the perimeter? That is the beauty of cloud-based DNS security.  It provides far-reaching protection for your devices and users as well as doing it much faster than traditional methods.  Below are six reasons why cloud-based DNS security solutions eliminate threats so quickly and why you should consider offering it as a service to extend the protection of your enterprise.

Benefits of Securing the DNS Layer

In the same manner that DNS provides the ability to resolve domain names to IP addresses, a DNS-layer security solution identifies potentially malicious websites by IP address.  The DNS resolving process takes place before a web connection is even engaged.  By placing your web content filtering process within the DNS layer, malicious web threats are eliminated sooner so that mischievous or damaging code never arrives at your perimeter.  Because it is blocking IP addresses, it can protect against command and control call-backs or data exfiltration attempts.  And just because it occurs within the DNS Layer, it doesn’t just protect port 53.  It protects all ports and protocols.

The Dirty Work takes Place in the Cloud

It isn’t your DNS server that is involved in the process; it is a DNS service in the cloud.  This means that everything is taking place outside of your enterprise so that threats found amongst your web traffic are terminated before they ever reach your network or endpoint devices.  This is especially beneficial when inspecting SSL enabled sites.  Decrypting and encrypting web traffic is very CPU intensive, which can negatively impact the web experiences of your users.  With a cloud-based solution, the CPU processing burden is placed on the service provider resulting in a predictable experience regardless of traffic volume.

Deployment is Quick and Easy

There is nothing “quick” nor “easy” about implementing a new content filtering appliance or scaled endpoint application.  This isn’t the case with a cloud-based DNS solution.  You don’t install a DNS –layer solution.  You simply redirect your DNS traffic towards the service provider’s server.  You do not have to wait for hardware to arrive on premise or worry about UAC prompts on end devices.  Simply redirect your DNS request to the designated IP address and the web protection process begins within minutes for all of your devices, regardless of the operating system or form factor.

Instant Scalability and Coverage

All hardware appliances are built to accommodate the maximum amount of traffic.  Often times scaling your traffic entails scaling your device, which means purchasing an additional unit or a more robust replacement.  Scaling a cloud-based DNS content filtering solution is ridiculously easy.  Simply add more devices.  A cloud-based service provider scales to their customer demands behind the scenes.  It also means that all of your devices are protected regardless of location.  This means that mobile devices experience the same level of protection whether on or off premise because the filtering process takes place in the cloud. 

Consolidated Management is Fast and Efficient

Virtualization and other software defining datacentre solutions are constantly talking about the benefits of a single pane of glass management.  By managing the web sessions of all of your users regardless of location and device type through a unified portal, management is easy and comprehensive.  The ability to asses a potential threat through a single pane of glass allows for faster reaction times.

It’s the Perfect Turnkey Solution for Managed Service Providers

As a managed service provider, you do not have the manpower nor time to monitor content filtering devices for all of your customers.  Most likely, your customers do not want another appliance taking up space either.  Because of its ease of implementation and management, a cloud-based DNS-layer security solution is an ideal complimentary service that can provide added income sources to your business model with very little time investment.

A cloud-hosted DNS web-filtering solution offers complete protection against all types of threats including destructive viruses, malware, ransomware and of course phishing attack.  While on-premise solutions can offer comprehensive coverage as well, it cannot match the speed and efficiency of combatting threats “over there” before they have a chance of approaching your devices.

These five reasons highlight the beauty, simplicity and unbeatable efficiency of cloud-based DNS security. By securing at the DNS layer, malicious threats are eliminated before damaging code reaches your network perimeter.

About WebTitan DNS Filtering

WebTitan crawls:

  • 700 million URL’s,
  • 6 billion web pages,
  • in 200 languages in real time every single day.  

WebTitan threat intelligence is based on 5 trillion search queries monthly and crawls on average 700 million URLs.

Our real-time Database contains:

  • 3 million malicious URLs, phishing sites and IP addresses at any one time.
  • Each day we see over 100,000 new malicious entries.
  • We revisit and analyze over 300,000 URLs every single day.

How MSPs are Layering Security Services

There's no silver bullet that can take down every attacker, but it’s possible to implement several layers of security that work together as a whole to defend against a myriad of attacks. Layered security stops a successful breach from vulnerability in one defense and offers an onion design approach where each layer compounds with another to form a fully functioning, complete sphere of security. It protects the internal network and its data by surrounding it with several layers that an attacker must defeat, making security much more complex for a successful breach.

For managed services providers (MSPs), this presents both a challenge and an opportunity. Most SMBs do not have the resources to prevent and protect against the myriad of attacks vectors faced today. The average cost of a security breach for SMBs is $47,000. In addition, SMBs also risk reputational cost which can be even more damaging to the organization. For managed services providers (MSPs), this presents a challenge and an opportunity to help clients. MSPs can help clients understand the current threat landscape and the importance of layered security as the only effective security strategy to prevent breaches and protect data.

Single Focus Solution – a thing of the past

There was a time when enterprises depended solely on a robust hardware-based firewall that established a perimeter to protect the network from attacks from the outside.  Forward-looking MSPs realize that today’s enterprise can no longer rely on single-focus solutions to protect customers from threats.  Increasingly MSPs are incorporating multiple defensive layers to combat embryonic threats by attackers. This multi-layered strategy means if one layer is breached, the other layers will then carry out their designated role to stop the attack.

Layered security is a systematic approach in which multiple defense strategies cover the failings of individual components.  Although they work independently, they work collaboratively to protect enterprise systems and devices.  In the process of implementing these tools into a comprehensive strategy, the whole is greater than the sum of the parts.  Because vulnerabilities are constantly being exposed and new malware compositions being created, enterprises must incorporate multiple defense strategies to stop-gap avenues of attacks.

MSPs must grasp the opportunity to offer these security layers to ensure their customer's users and systems are secure.

Best Practise for Selling Layered Security

SMBs turn to managed service providers (MSPs) to be their IT departments; they also need the chosen MSP to serve as their best defense against the ever-changing and increasingly sophisticated threat landscape.  From phishing to spam, ransomware or social engineering your clients’ businesses are at risk every day.  This requires the MSP to offer a layered security service to customers. Layered or defense in depth security means implemented overlapping layers that provide the key elements needed to secure assets: prevention, detection, and response.

How MSPs can use layered security to differentiate their service

It’s vital for the MSP to differentiate themselves by communicating with customers about security. MSPs must align with recognized and trusted solution vendors committed to their partners’ success. When selecting security solutions to resell, MSPs need to balance quality, ease of use, service, and pricing. MSPs have to choose a security vendor that covers all the angles and potential threat vectors used by cybercriminals.  With the right technology solutions, SMBs improve security while freeing up time and resources.

MSPs must consider:

  • 360 degree visibility. MSPs must partner with a vendor that can secure devices both on and off the network.
  • Consistent anti-virus and anti-malware protection. It’s important for MSPs to always be running the latest versions. Crucially MSPs must partner with a vendor that offers solutions that make it easy and automatic to stay up to date.
  • Policy-based approach. Using WebTitan for Service Providers you can easily allow your client to create and manage their own policy to protect their users.
  • Multi-tenanted solution - Support all of your customers on one centralized platform.
  • Alerts on usage patterns. You need to be alerted of any potential security breach beyond viruses and malware, including unusual patterns of user behavior or access or suspicious spikes in activity.
  • App blocking. Disallowing certain email extensions or file types from being downloaded can help keep systems clean and running strong.  This provides another security dimensions since some extensions or files types are more vulnerable than others.
  • Web filtering. Blocking websites sites known to host spyware, viruses or malware limits exposure to attack.

How MSPs can develop a complete layered IT security program for their clients.

Layered security involves more than simply layering new security tools on top of existing infrastructure.  Layered security is an architecture that requires a well-conceived blueprint.  A piecemeal approach to the implementation of security tools can introduce inhibitive complexities into systems management.  Ironically, these complexities can create opportunities for hackers.  It is important for both IT and C-level executives to inventory their assets and business processes in order to define their acceptable risk exposure to these.

In today’s hybrid enterprise environments,  the approach to secure cloud assets is different than that of on-premise resources.  No matter its design, IT departments must ensure that the entire technology stack is secure.  It is also important for IT not to silo their security functions and that all personnel works collaboratively with one another in establishing security practices, managing systems infrastructure, monitoring alerts and planning future purchases.  In a sense, like your security architecture, your personnel must work in conjunction with one another.  MSPs must deliver this message to SMBs.

Is Layered Security Difficult to Implement?

A layered approach is much more effective than one large security platform, but it must be done properly. All components must be able to work together not against each other, which can be tricky if you purchase layers from multiple vendors. A layered suite of products is usually much more effective, as long as each component is built to work with the others.

When you take a layered approach, you have access to much more data, alerts and monitoring to provide a better view to strengthen your ability to completely secure your network. When one layer fails, the other should catch any suspicious traffic. Multiple layers are critical for a strong defense and quick containment.

Some of the biggest data breaches were the result of failed security. In 2016, a wave of ransomware attacks left hospitals technologically crippled and some were even forced to go offline and return to paper and pen logs.  The ransomware was sent through email, which means several layers of security failed or were just never implemented including email filters, content filters, and anti-malware applications. Had the right layers been installed, the users would not have fallen for phishing emails that were then used to download malicious content.

Next Steps: Why Layered Security is more important now than ever before

Organizations are under constant and unpredictable threat of attack.  Cybercriminals aren’t going away anytime soon. In fact, their methods are getting increasingly sophisticated as they evolve to meet heightened security standards.  Ransomware is a growing threat to businesses of all sizes in every industry. In just the first half of 2017, 1.9 billion data records were lost or stolen due to cyber attacks.  This followed a tough year in 2016 when criminals pocketed approximately $1 billion in ransomware payments. Despite the very real and increasingly professionalized dangers of ransomware, 66 percent of SMBs still assume they are too small to garner criminal attention. For some SMBs, the potential financial liabilities of ransomware are still not enough motivation to build a security strategy.

As cybercriminals change their techniques to evade detection, layered security becomes more important. Robust layers of complementary protection lowers the probability of a successful attack and may even halt an attack even if one component of your defenses fail. Implementation isn't always simple, it requires planning and expertise.  Relying on a single security layer is no longer wise in today’s threat landscape. Organizations need to focus on the data they are protecting and build layers of security around it. Your clients and your bottom line will thank you.

MSPs can help clients understand the urgency of implementing layered security and protecting against malware,  ransomware, and other cyber threats.  TitanHQ provides security solutions that complement each other and offer a comprehensive security and recovery solutions suite through which MSPs can help SMBs deploy an effective layered security solution to protect their business from todays and future threats.

If you’re interested in learning how TitanHQ can enable you to implement a comprehensive layered security approach for your customers please get in touch with us today or sign up for our MSP TitanShield program.

Start Free Trial Request Demo
TitanHQ

Talk to a Trusted Security Advisor

Call us on USA +1 813 304 2544 or IRL +353 91 545555

Contact Us