Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

November 17, 2020 | Joshua Liberman

Building an Advanced Security Arsenal, Part 4

The last installment in this four-part series argues for changing the vision of how and what MSPs protect to focus on pathways rather than targets.

THROUGHOUT THIS SERIES, I have focused on products and services; the toolbox we use to protect our sites. There has been the occasional detour into more metaphysical areas, discussing the Zen of things, but for the most part, I have stuck to the nuts and bolts. For this final installment, I want to step back and take a wider, more philosophical view of security.

It is important to separate this discussion from one of frameworks such as NIST, CIS, CMMC, and others. It is hard to categorize these frameworks as a group, but in general, they are more descriptive than prescriptive and do not usually provide actionable SMB security guidance. They are valuable but this will not be a discussion of those frameworks.

Defining the Issue

Most of us who secure SMB businesses approach it from the standpoint of what tools to use to protect which processes. But we also need to look at SMB security from a standpoint of pathways and processes. That means focusing more on the ways that information is stored and transmitted, how it is secured during those processes, and finally, how these processes may fail or be subverted.

You can think of this as an exercise in imagining how someone might enter or otherwise infiltrate a secure building or installation. Doors and windows are obvious, but roofs, tunneling, utility entrances, and more are also part of the equation. For example, if you allow a delivery person into your building, do you verify that he or she is actually working for UPS or FedEx? If you receive a package, do you verify its sender and that it was expected? Do you open it and confirm contents?

What about repair people, especially if they are working on cabling or power or, for that matter, in any space that electronics could be planted? Do you watch them work? And we should not forget to consider external efforts, from dumpster diving to using lasers to measure windowpane deflection, to good old physical taps to capture voice or network data.

We have to visualize doing IT security this way too. There are plenty of obvious analogies with email: verifying the sender through DMARC, DKIM, and SPF; scanning attachments and attached URLs (email filtering); and even package inspection upon opening (endpoint protection, for the most part). But there are many more useful analogies here too. Building ingress can be thought of as firewall ports, remote access, Wi-Fi, and even Bluetooth (which works in our parking lot from some of the phones). And we can compare the ubiquity of remote work, with its many unknown, unprotected endpoints, to letting folks we not only do not know but cannot even see into the building.

Rising to the Challenge

What does this mean to us as IT security professionals, other than day drinking and lawyers, guns, and money? Again, I see this as an argument for stepping back from the way we do things now and reconsidering our strategy. In my own case, I have spent years trying to design, implement, and manage overlapping layers of security products and services. This has worked very well so far. But just as signature-based endpoint detection has hit the wall, device-based security is running out of runway as well.

To start, we should consider what we are defending and how it has changed. It is almost cliché now to point out that the perimeter has effectively dissolved. Between wireless and remote access, work from anywhere, and the proliferation of cloud service “”destinations”” we all support, the word “”perimeter”” no longer carries the same meaning. When we look at our endpoints, another traditional component in the equation, many of us have moved from managing a fleet of known, secured, and monitored machines to what can best be described as a motley crew of unknown threats.

Further complicating matters, in this time of COVID, many SMBs are not open to paying for more tools. And there are now many more cloud-provisioned services to protect, from Microsoft 365 to online signatures to collaboration, not to mention data repositories from Dropbox to Citrix, public cloud offerings, and many more. Securing this panoply of threats gets overwhelming fast. And do not even get me started on IoT (the Internet of Threats); every connected device represents a potential threat, whatever its intended use.

Once again, it makes sense to consider the pathways and processes to analyze how they work and might be compromised, rather than the things they target. This is easier send than done, but at some level we are already using our tools to do it. Anything that addresses anomaly detection, whether it be EDR/MDR clients, log reading and response services, or even network traffic analysis, meets this description. Another thing we can do is build “”abstraction”” into our plans. In our case, we use proxied, scanned RDS connectivity for remote access to achieve this. And, of course, we cannot overlook targeted social engineering attacks where the pathway is the human mind itself.

We also must keep a tight watch on hosted apps, as they may be dangerous pathways on their own. A few months back, I asked if Office 365 seats were now “”endpoints”” too. In this new context, they are now conduits or pathways. Nothing is more dangerous than the compromised mailbox of a company principal, for say, business email compromise. That means we must be looking for anomalous behavior(s), providing conditional access, and reviewing logs for anything out of the ordinary. Better yet, we should outsource that effort to an expert provider that offers configurable alerts. Another pathway to consider is social media and how it can be weaponized, whether simply for intel gathering or to launch an actual compromise.

Seeing the Future, Being the Future

To quote Yogi Berra, “”It’s tough to make predictions, especially about the future.”” The one thing that we can predict with certainty is more change. They say you do not have to outrun the bear, only your slower friend. But when there are two bears, things get more complicated. We have to figure out how to stop reacting to yesterday’s attacks and start anticipating the attacks of tomorrow. If we change our vision of how and what we protect, looking to pathways rather than targets, we might just stay ahead of all of the bears.

JOSHUA LIBERMAN is president of Net Sciences, founded in 1996. A 25-year ASCII Group member, former rock climber and martial artist, and lifelong photographer, Liberman has visited five continents and speaks many languages. He also writes and speaks in the IT field and raises Siberian Huskies with his wife Heidi, who calls him the Most Interesting Geek in the World.

Image: iStock

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience