endpoint detection and response (EDR): solutions that detect security incidents and contain them at the endpoint, plus provide contextual information and remediation guidance
Lawrence Cruciana, president of Corporate Information Technologies, an MSP in Charlotte, N.C., employs an EDR solution from Cylance. “This system allows us to place granular controls and collect granular application information from all of our managed endpoints. We can look under the covers of thousands of systems and deploy if-then-else type protocols to support overlapping security controls and response to specific security incidents,” he explains.
Before rolling out an EDR solution, though, channel pros should experiment with it first by setting up a virtual environment to avoid triggering an onslaught of false positives, advises Mike Bloomfield, president of Tekie Geek, an MSP in Staten Island, N.Y. “Nothing is worse than getting a call by a client that you rolled out your new endpoint protection, and their legacy application is now being killed on every computer and quarantined.”
governance/compliance management: monitoring and controlling sensitive or personal data according to local, state, national, and international regulations
Many SMBs need to comply with PCI-DSS (credit cards), HIPAA (healthcare), SOX (financial), and other regulations, along with the newest regulations around privacy—the European Union’s General Data Protection Regulation and California’s Consumer Privacy Act of 2018.
Ferron says MSPs should learn what regulations pertain to their customers’ businesses or partner with an expert. Governance tools such as RSA’s Archer Platform are available as well, Ferron says, but they are expensive. “Do I see this space coming where there’ll be an MSP-hosted governance module where one MSP can put all of their customers in this one engine and get a snapshot of where they’re at? Yes, but I haven’t seen any really good ones yet.”
Internet of Things Security: protecting back-end networks and devices connected to the IoT
According to the 2019 Official Annual Cybercrime Report from researcher and publisher Cybersecurity Ventures, sponsored by the Herjavec Group, “IoT (Internet of Things) devices were the biggest technology crime driver in 2018.” The report says that will continue through 2019 and the foreseeable future.
“We’re in the birth stages of security for IoT,” says Stiennon, noting that part of the problem is the proliferation of devices and lack of standards. Indeed, research from the IoT Security Foundation finds that fewer than 10 percent of consumer IoT companies follow vulnerability disclosure guidelines.
Work is underway to address such problems, though. For example, the foundation in December issued Release 2 of the IoT Security Compliance Framework, and vendors will be rolling out IoT security products in growing numbers soon too. Stiennon points to startup firm Phosphorus as an example.
intrusion detection system (IDS): monitors network events and analyzes them for signs of possible incidents, violations, or imminent threats
intrusion prevention systems (IPS): performs intrusion detection and then stops the detected incidents
The “father” of IDS/IPS is an open source solution called Snort, Ferron says. “Almost everybody’s got a variation of Snort.” He recommends MSPs install some type of IDS/IPS in their customers’ environments or outsource the function to a company like Vigilant.
managed security service provider (MSSP): monitors and manages security devices and systems, and typically operates (or outsources) a 24/7 security operations center (SOC)
MSSPs are focused subject matter experts, says Cruciana. Unlike MSPs, “they aren’t necessarily concerned with the health of your stack, or how your system is configured, or is your database server running the most optimal way. To a client, IT is anything that has a wire sticking out of the back of it. In the true security space, there are very few wires. There’s more protocol and procedure and administrative controls. And those two worlds really haven’t met.”
O’Hara expects they will. Before long, he predicts, an MSP who doesn’t offer managed security will be like a locksmith who does physical tumble locks but not car key systems.
network anomaly detection: continuous monitoring of network traffic for unusual events or trends
Traditional cyberdefense presumed that everything outside the network is not trusted and everything inside is, says Cruciana. Network anomaly detection solutions, by contrast, take nothing for granted, basing their actions on long-term observation of what is and isn’t normal in one specific environment. “[It] doesn’t presume that a printer is just a printer,” says Cruciana.
His product of choice is KineticFuse’s ThreatWarrior. “This allows us to look at all of the network traffic both north-to-south (inside to outside) and east-to-west (machine to machine/machine to server) within our managed networks. It uses an unsupervised neural network to learn each client’s network, behavioral patterns, and typical use characteristics. This evaluates all network traffic equally and identifies things that don’t belong without the use of pattern-based signatures.”