How MSPs Can Help Customers Implement Layer IT Security

April 4, 2023

How MSPs Can Help Customers Implement Layer IT Security

Given all the malware variations and those yet to come, as well as all the existing and yet-to-be-discovered IT system vulnerabilities and opportunities for data breaches, it makes sense for companies to employ a layered IT security approach. But that can be overwhelming for small- and medium-sized businesses (SMBs), particularly those with limited IT resources.

This is where MSPs can provide exceptional value through much-needed guidance and IT security services. Here are recommendations you can offer to help your SMB customers implement a layered IT security strategy.

1. Implement Identity Protection Policies and Solutions

One of the common cyber threat vectors is employees. Employee security training is a must, but implementing stricter identity protection can help too. Among the suggestions:

• Implement Strong Password Policies. Enforce password policy best practices throughout an organization. Require long password strings with a mix of letters, numbers, symbols, and capitalization. Set time limits for passwords to expire and don’t allow recent passwords to be reused

• Enable MFA. Multifactor authentication helps safeguard access to apps and data by requiring a second form of authentication and a password. Common MFA includes time-based codes sent via text or email or the requirement to answer security questions.

• Combine Single Sign-On (SSO) with MFA When Possible. Signing into an app can slow users down by 10-30 seconds, which adds up with each app used. To help users remain productive while maintaining security, enable SSO whenever possible to reduce the number of credentials that users have to manage and the number of sign-ins they must complete each day. SSO also helps reduce desk tickets related to password resets.

• Apply Conditional Access (CA) Rules. To further balance security and usability, set rules to limit MFA when users are in the office but continue to enforce MFA on untrusted networks, such as at home, airports, and coffee shops. This reduces user frustration at being slowed down by the extra steps of MFA when they’re at work.

• Supplement SSO Gaps with a Password Management Tool. Not every app can be combined with SSO, so to further reduce the number of passwords that users have to maintain (and therefore reduce the likelihood of password reuse across apps), you should offer a password management tool that generates strong passwords, and encrypts and stores user credentials.

2. Use Endpoint Security – Managed Preferred

Servers and desktops aren’t the only targets for cybercrime. Employees’ laptops, tablets, and smartphones can also be exploited. The old security standbys, like antivirus software, are no longer sufficient.

Endpoint detection and response (EDR) solutions provide an additional layer of security and can discover and remediate threats across mobile devices, desktops, and servers. The managed variety is even better because the solution provider receives and responds to all security alerts, freeing up the customer’s internal resources.

Plus, the customer benefits from the provider’s extensive security experience and expertise. Features to look for include:

• Remote worker protection

• Offline protection

• AI and behavioral-based detection

• Incident forensics reporting

• Automated threat blocking

• Firewall control

• Device control for USB and Bluetooth

• Complete endpoint visibility

• Custom detection rules

• 24/7/365 monitoring and response

• Automated quarantine

• Policy configuration and compatibility assessment

3. Go with 24/7 Threat Monitoring and Detection

Solutions like US Signal’s Managed Extended Detection and Response (XDR) provide around-the-clock threat monitoring and detection. In the case of US Signal’s XDR solution, US Signal’s security experts monitor, detect, and respond to security issues across a customer’s extended environment.

The XDR service uses a cloud-based deployment model to monitor deployed agents, collect logs, and analyze data with minimal impact on system performance. Software agents conduct endpoint monitoring and collect data—such as processes, connections, the volume of activity, and data transfers—into a central database. Logs and telemetry data are also collected from network devices, cloud services, and more for comprehensive network threat protection.

The solution correlates and analyzes the data to create threat alerts to be investigated by the US Signal SOC. The SOC investigates breaches to determine how an exploit penetrated security and to hunt for remaining threats in the network

4. Add More Email Security

The native security features of most email solutions, including Microsoft 365, don’t offer enough built-in protection to combat threats such as phishing, ransomware, spam, and malware. Leveraging a third-party advanced email solution can provide much-needed advanced security features that:

• Block malicious communications with anti-spam and reputation-based filters.

• Stop advanced attacks such as APTs and zero-days with CPU-level analysis that detects and blocks them at the exploit stage.

• Detect malicious hidden content by recursively unpacking the content into smaller units, which are dynamically checked by multiple engines.

• Identify threats with best-of-breed signature-based antivirus engines enhanced to identify highly complex signatures

• Use URL reputation engines and advanced image recognition technology to validate the legitimacy of URLs

• Prevent payload-less attacks by using machine-learning algorithms with IP reputation, SPF, DKIM, and DMARC record checks.

• Monitor traffic and analyze malicious intent with ongoing reporting and support.

• Flag emails with customizable banners based on policies and rules to provide contextual information to increase security awareness.

5. Focus on Both Network and Web Security

Network security helps protect network systems and data from unauthorized or malicious access. Web security protects users from accessing malicious websites. Both are needed to secure incoming and outgoing network traffic.

Recommendations for increasing network security include:

• Installing a next-generation firewall that can monitor inbound internet traffic and block inappropriate material; leverage detection and prevention mechanisms; offer granular, role-based control over privileges and responsibilities of administrative users; and more.

• Disabling unnecessary ports to reduce the attack surface and provide cybercriminals with fewer vulnerabilities to exploit.

• Segmenting a network to keep unauthorized users from accessing resources they shouldn’t and creating a defined line of work and personal web surfing habits.

Recommendations for enhanced web security include:

• Blocking users from visiting malicious or inappropriate websites.

• Preserving bandwidth consumption by blocking users from streaming services that use up precious bandwidth.

• Implementing web security solutions that offer multi-layer, unmetered DDoS mitigation and protection against DDoS attacks such as HTTP, SYN, UDP, ACK, and QUIC floods.

More Resources

To learn more about how to help your customers strengthen their overall IT security, take advantage of these resources.