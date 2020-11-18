SolarWinds lays out 10 tips to help MSPs rethink cybersecurity strategy amid evolving IT landscape

This is part 1 of a 2-parter.



SolarWinds Vice President of Security Tim Brown wants MSPs to think about fruit – pomegranates, to be exact. During a recent client presentation, the executive said that the network of yesteryear – a centralized entity surrounded by security protections, with a structure reminiscent of an avocado – has given way to one that’s distributed and application-centric.



“Maybe you can trust an ‘avocado.’ The seed in the middle is the network, with protections all around it. But what about a pomegranate? That’s what we have, in reality, today,” Brown said. “Each seed represents an application – Office365, Salesforce, you name it – and the gel coating is the protection around the seed. We can’t assume each app has enough protection. We need to validate that. We need to audit each seed and make sure we’re authorizing that seed appropriately. And then we need policies around each group of seeds to [determine] how we’re going to protect our company.”



The avocado-pomegranate analogy isn’t a new one. Brown said it originated with the Jericho Forum, an international group of IT security experts, more than a decade ago, as part of its discussions around de-perimeterization, the removal of boundaries between organizations and the outside world. But likening the network to a pomegranate, and its myriad seeds to applications, is completely appropriate given today’s IT scenario, Brown said.



As distributed networks and digital transformation move to the fore, cybersecurity trends continue to shift rapidly – patterns that are being helped along by the COVID-19 pandemic and the rise of remote workforces.



Brown said we’re seeing more generic cyberattacks, alongside more multifaceted and sophisticated ones, an increasing number of phishing attempts and network probes, and a more aggressive targeting of MSPs both large and small – the controllers of clients’ “crown jewels,” or most valuable assets. “The bad guys are taking over more machines, building more botnets, getting more data to sell,” Brown said. “MSPs are natural targets because they hold the key to so many clients’ data.”



Brown lays out 10 best practices for MSPs on the cybersecurity front lines:



1) Start with the basics. Layering security solutions may be a common practice today, but MSPs that don’t adhere to basic principles of security risk compromising their own assets and those of their clients. Brown said most security exploits – 80 to 90%, that is – are due to poor cyberhygiene, and that includes using poor patching models, not changing default passwords, and simply not taking basic precautions to protect the IT environment.



2) Assess – and re-assess – the crown jewels. “Now that people have shifted their business models, the most valued assets can change,” Brown said. Those assets include mission-critical and business-critical resources, the things MSPs have to concentrate more on protecting.



3) Embrace remote everywhere. With work-from-home (WFH) initiatives taking center stage, the network no longer has a center. Devices are all over the place, and so are the threats. That means MSPs have to take a different approach to locking down resources.



4) Don’t apply equal treatment. Today’s IT realm is one place where all people shouldn’t be treated the same. “I like to think of the 80/20 rule. Who are my 20% that can really do harm? I have to watch them more closely,” Brown said. “Those end up being my [IT] admins – the staffers with a lot of access to a lot of things. It’s important to treat them a little special and not let them do as much as the 80% can do.” Brown said focusing on the 20% helps narrow down the security team’s job, shielding them from the impossible task of locking down 100% of an organization’s devices and apps.



5) Focus on endpoints. With distributed workforces and the WFH model, we’ve lost some control on the network side, Brown said. “You might have a great [corporate] firewall, but if nobody’s coming through it, it’s not doing what it was intended to do,” he said. “The network is no longer a control point. You have to look deeper into the endpoints and watch who your endpoints are talking to.”



6) Monitor diligently. Again, the key today is to concentrate on the endpoints with monitoring, looking for indicators of compromise both on those endpoints and in applications. What’s more, you’ve got to act fast if and when you find something.



7) Automate the investigation and interrogation response. “It’s super important to automate all you can,” Brown said. “As an MSP, you’re already doing a lot of automation, but you don’t want to limit that automation to just operational things. You want to apply it to security and the security response as well.”



8) Make identity and access management a priority. According to Brown, this is one of our “weakest links” in security. MSPs need to manage identities and access at the right levels – to give people access to only what they need when they need it, just enough to do their jobs.



9) Enable zero trust. Translation: Don’t automatically trust anything, whether it’s inside or outside your network perimeters. Be sure to structure your protections per application. Again, today’s network is more like a pomegranate than an avocado, with many discrete seeds (apps) that need protection.



10) Document, document, document. This may not come natural to us in the MSP world, but it’s critical to record and document what we do so that we can develop and codify repeatable processes for ourselves and our clients, Brown explained. “Policy helps us to be repeatable, and documents allow us to fall back on prescribed processes,” he said. “With prescribed processes, you end up making fewer mistakes and reducing your risk.”



Check out part 2, when we talk about the differences between MSPs and MSSPs. Are you considering crossing over to the other side?