Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News

February 8, 2024 | Stephen Lawton

5 Reasons Why Ethical Hackers Enhance MSPs’ Offerings

MSPs should consider adding these key capabilities to their existing staff.

As MSPs expand their portfolio of offerings, some are enhancing their cybersecurity capabilities with an interesting addition to their staff: ethical hackers.

These offensive hackers — sometimes called white-hat or red team hackers — differ from penetration testers already working for MSPs in several ways, including how they identify vulnerabilities, the tools and strategies they use to find threats, and what falls into their purview as a threat. 

Here are some reasons why an MSP should consider adding offensive hacking capabilities to their existing staff. 

Ethical Hacker Scope of Capabilities 

Shay Colson

Penetration testing often is a passiveprocess that finds security vulnerabilities in applications and systems or performs simulated cyberattacks on a company’s computer systems and networks.

Ethical hacking is more aggressive, actively challenging network security. An ethical hacker could even impersonate an enterprise’s business partner to determine if a company has a physical security vulnerability or supply-chain risk — something well beyond the standard remit of a pen tester.

“The value proposition of an MSP is aggregation, concentration, and correlation, and that makes them an attractive target,” said Shay Colson, managing partner of cyber diligence at Intentional Cybersecurity, formerly Coastal Cyber Risk Advisors. “The big piece is to have someone at the table when the MSP is making decisions from products and services to architecture and operations. That gives another perspective from either the threat actor, the hacker, or even just a general security perspective.”

Offensive Attack Mindset 

Gregory Hatcher

MSPs with offensive cybersecurity capabilities can offer far more expertise than an MSP with classically trained security engineers, said Gregory Hatcher, co-founder of White Knight Labs.

An engineer’s abilities and toolset paired with a red-team mindset provides proficiencies beyond that of most MSP staffers.

Offensive security training is invaluable for testing the on-site security controls of an MSP’s customers — and the MSP itself. The exercise could include social engineering of the client to test their computing resources, staff training, and physical security.

In-house Vs. 3rd-party Expertise

Peter Hefley

Having an offensive-focused engineer in the MSP’s Rolodex can be useful, according to Peter Hefley, associate director of attack and penetration at consulting firm Protiviti. This is especially helpful if an MSP’s cyber insurance policy requires third parties for forensics and other investigative tasks after a breach.

But there’s still value in having both forensics and red-team engineers on staff. An offensively trained engineer may be part of an MSP’s own incident-response team, but they likely will perform other tasks, such as ensuring the MSP is secure from third-party threats and red-team penetration testing adversary simulations.

SMBs — often law firms, CPAs, financial services organizations, healthcare providers, and other high-value targets — opt for MSPs because they rarely have their own cybersecurity staff. An MSP with offensive abilities provides added value by identifying privacy and security threats that pen testing cannot detect, Hefley said.

The Cyber Insurance Element

Patrick Shaw

An ethical hacker provides an MSP with the expertise to ensure their own network is secure enough for the MSP to qualify for cyber insurance. Many cyber insurance underwriters have higher standards for services providers who manage potentially hundreds of client accounts, since it’s a higher risk to the insurer than for a single company.

IT services providers also could use the ethical hacker’s skills to stress test clients’ networks to help them meet underwriter requirements for a new insurance policy or a renewal, expanding the MSP’s service offerings and revenue. 

It’s the Little Things that Count

Patrick Shaw, senior assessment manager at Dox Electronics, said it’s critical to maintain and update privileged accounts, particularly service accounts.

Too often, these are ignored, even though some likely have passwords 5 years or older, he noted. Compromised service accounts, like other seldom-monitored accounts, can lead to a breach that MSP security engineers often aren’t trained to identify.


Editor’s Note: If your MSP wants to monetize ethical hacking services, check out Certified Ethical Hacker Tyler Wrightson’s step-by-step guide on this topic.


Image: iStock


Editor’s Choice

Exclaimer is Embracing MSPs With a New Program. Could Email Signatures Be Newest ‘as a Service’ Offering?

February 28, 2024 |

If you never thought email signatures could be a source of recurring revenue, think again. Managing it can help you and your customers monetize email in a way you probably never thought possible.

EXCLUSIVE INTERVIEW: Dell’s New Chief Partner Officer Denise Millard Gets Candid on AI

February 23, 2024 |

Dell’s new chief partner officer believes that 2024 is the year that artificial intelligence becomes “real” for businesses and consumers alike.

EXCLUSIVE INTERVIEW: Nerdio CEO Shares Insights on Integrating AI in MSP Operations

February 22, 2024 |

Fresh off of his company’s recent announcements, Vadim Vladimirskiy shares how Nerdio is committed to leveraging AI and other technologies to enhance the MSP experience.


Related News

Growing the MSP

Explore ChannelPro

Events

Reach Our Audience