I COULD NOT HAVE BEGUN TO REALIZE just how pertinent this topic would be when I first planned these articles, but here we are. When disasters like the coronavirus pandemic strike, we must enable our clients to stay working against the odds; maintaining their security even as we open their networks to new threats posed by their personal PCs. That means securing the target and remote machines, and the connectivity itself. And it must be done on a reasonable budget, implemented as quickly and easily as possible, with minimal support burden down the road.
Securing the Target Machines
Managed service providers are typically securing managed endpoints, which should include every desktop at every site for all of us. But there are some additional challenges once we start providing nearly ubiquitous remote access to our users. When the remote machines (usually, Windows or Mac laptops) were all under our management, there was a reasonable assumption that they were “sanitary” and generally well protected. But we are not living that reality any longer; suddenly we are supporting many unknowns at once. This makes securing the managed targets both more difficult and more critical. Most of us are already doing automated patching, endpoint detection and response (EDR) or some sort of advanced AV, DNS filtering, and more, but let’s talk about that “more.”
We rely upon CylancePROTECT and CylanceOPTICS through Solutions Granted for our EDR solution and for the vendor’s support and management of those endpoints. Solutions Granted offers three tiers of services with its endpoint offerings. Net Sciences has recently moved to the third tier, which provides 24/7 SOC services for those endpoints, as well as Infocyte’s advanced threat detection and incident response (known as the “Response Ready” program). This allows Solutions Granted even greater visibility into the endpoints, enabling the provider to both track malicious activity and, if need be, isolate it entirely from its network, locking down connectivity from the machine to only its SOC. This is just the sort of extra protection we needed and is a great “force multiplier” that we could not even approximate on our own.
Securing the Remote Machines
We are now in a truly different world when it comes to providing remote access to our clients. As recently as February, we did not have a single remote endpoint connecting to our networks that was unmanaged. For many of us, that has changed in the past month, with hundreds of new, potentially dangerous connections set up with almost no “endpoint vetting” done.
To mitigate this issue, we have decided to limit collateral damage by using DNS filtering on these new endpoints. As much as we’d like to do full EDR, there are problems of cost and support limiting us. As anyone in this business knows, when you work on any machine, whatever next goes wrong, you “own it.” You could set a screen saver, and months later, when the 10-year-old hard drive dies, they will know it was your fault.
Therefore, whatever we do to secure these endpoints, it must be all but invisible to the user. We’ve partnered with DNSFilter and use its agents, which can be silently installed. The agents filter web traffic, of course, but in some cases can prevent keystroke logging or other compromises from “phoning home.” It’s a small but important step that’s safe and helps our clients and us.