Managed service providers are a prime target for threat actors as gaining access to one MSP’s network potentially means gaining access to all its customers’ networks. This heightened target profile necessitates specialized tools and processes for keeping these networks secure.
Cybersecurity authorities in the U.S., U.K., Australia, New Zealand, and Canada released a joint statement warning of an increase in attacks along with guidance for how MSPs and their customers can anticipate and mitigate these attacks. Innovations in network security automation can make simple work of three labor-intensive recommendations: managing internetwork operating system patch management, backing up systems, and configuring devices.
Patch management is a colossal effort to prioritize and implement correctly. For example, a quarterly patch update from Oracle arrived with 520 fixes last quarter—and this is just one vendor among many in a hybrid network ostensibly managed by a single MSP. Routine configuration tasks take time to manually complete, are susceptible to human error, and can lead to vulnerabilities. Critical updates must be implemented as quickly as possible, but are put off, overlooked, or executed inconsistently.
Maintaining a network without automated tools can be exhausting and never-ending, but falling behind on patch management leads to security incidents. Threat actors are targeting known vulnerabilities because they understand many organizations are slow to implement patches. Indeed, 87% of organizations have experienced an attempted exploit of an already-known, existing vulnerability. Therefore, it is critical to be on top of what patches are currently installed, know which updates are required for which systems, and know how to confirm the updates have been correctly installed.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends organizations prioritize patching vulnerabilities included in its Known Exploited Vulnerabilities Catalogue. With the right network security automation solution, these patches can be made automatically and will produce a clear record of which ones were implemented, to what devices/systems, and when, for auditing and compliance purposes.
Backing Up Systems and Data
CISA guidance suggests having backups isolated from network connections (cloud with separate, offline encryption keys, or a location that is air-gapped from the organizational network) as many ransomware variants are encrypting/deleting recovery files. Keeping backups on the network can enable the spread of ransomware and foil restoration plans in a worst-case scenario.
IT teams need to ask themselves if they are prepared to handle many different types of disasters and develop a plan should they be forced to reboot their networks from scratch. Manually creating and running scripts after the fact is a futile effort, so some elements of the process must be automated. Teams must have a clear plan for what needs to be backed up (operating systems on network devices, stored data, network configuration files, etc.), create a backup schedule, and regularly test and update backups.
CISA also suggests that MSP customers clarify that their contractual arrangements include backup services that meet their disaster recovery requirements. Specifically, the guidance recommends customers require their MSP to provide a backup solution that automatically and continuously backs up critical data and system configurations and store backups in an easily retrievable location, such as a cloud-based solution or a location that is air-gapped from the organizational network.
In addition to these recommendations, organizations should consider an automated solution that simplifies and ensures backups and includes both seamless disaster recovery and automatic verification procedures. This should be standard, no matter how many multitenant sites and service providers are involved. The goal is to replace the need for manual or scripted backup procedures with a process that enables automated backups of all devices on the network, can schedule and store any number of configurations for as long as needed, and can automatically verify backup processes.