In a recent eBook, Best Practices To Protect Your Company’s Data and Infrastructure Through Layered Security, Kaseya and Kaspersky Lab detailed what SMB and MME IT shops can do to truly protect themselves.
The basics offer frontline protection. Firewalls, antivirus, anti-malware, and password policies are a great start. The bad news is that the bad guys have been either cracking or bypassing these defenses for years. It’s old hat.
Two intertwined concepts have taken hold to deepen those defenses. One is layered security; the other, which is often used to mean the same basic thing, is defense in depth.
Fortunately, Kaseya and Kaspersky Lab are partners in supporting both definitions of deep security. In fact, Kaseya VSA, an end-point management solution, is deeply integrated with Kaspersky’s antivirus software.
To help IT pros understand the issue more deeply, Kaspersky Lab crafted the eBook, “Cybercriminals: Unmasking the Villain.” Kaspersky regularly surveys customers and tracks not just viruses, but also how hackers create and exploit vulnerabilities. One dramatic but not altogether shocking revelation is that SMBs are a frequent hacker target, partly because the criminals know that SMB defenses aren’t as fierce as those of their enterprise brethren.
Some of the key Kaspersky findings:
- 31 percent of all cyber-attacks are directed at businesses with fewer than 250 employees.
- 42 percent of confidential data loss is caused by employees — often well-meaning employees opening unauthorized email attachments, forwarding sensitive information or storing data insecurely.
- Hacking a small business to get into a larger business is now standard operating procedure for cybercriminals.
The lesson here is that SMBs need state-of-the-art security practices, and one route to these is through managed security services.
Whether you contract with a managed security services provider, or do it on your own, your best bet is a layered approach to security. Here are some of the concepts for layered or defense in depth that Kaseya has identified as part of a leading-edge security strategy:
- Full 360O visibility. You can’t manage what you can’t see. You need a solution that easily and continually discovers all devices on your network and your customers’ networks, including servers, laptops, kiosks, mobile devices, scanners and peripherals. It also needs to constantly collect real-time status on all operating details for these devices to keep systems up to date.
- Consistent antivirus and anti-malware (AV/AM). Once all devices are visible, you must ensure they are protected with AV/AM software. Installing is just the beginning ― you need to update systems to ensure they are always running the latest versions. So get a solution that makes this easy and automatic.
- Keeping patches current. All devices need to be up-to-date on Microsoft and other third-party patches. Patches and updates can be tested centrally then pushed out to all machines or select groups once they are proven safe. Again, with the right type of automation, you can be confident that all patch updates are successful ― and that you’ll get an alert if they aren’t.
- Policy-based configurations. Look for solutions that enable multiple sets of policies to be applied automatically based on any set of groupings you want ― by customer, device type, user role, or even location type ― that can check that each device is in compliance with its assigned policies. This way, you can standardize and update all infrastructure under your care with confidence. Of course, doing this successfully depends on powerful and flexible automation to keep up with multiple policies and update many devices by simply changing a policy once.
- Complete Identity and Access Management (IAM). You already know you can’t use vendor-supplied defaults for system passwords. IAM takes this further by including multi-factor authentication (MFA), which is also a PCI DSS requirement. IAM also includes centralized credential management, policy-based rules, and Single Sign-On for end users (including partners ― remember how Target was breached!) to keep internal systems and customer systems protected.
- Real-time tracking alerts. If a device, laptop or even server idea leaves a customer’s building, you should know instantly where it is once it’s back online.
- Securing/destroying data. Once you know a device has gone out of corporate control, you need to be able to ensure the data on the system is not accessible to malicious players. You need the ability to remotely disable the device, encrypt the data, or even destroy the OS on that device.
If you’re interested in learning how Kaseya VSA and Kaseya AuthAnvil can enable you to implement an inclusive layered security approach, download our Automation Cheat Sheet: IT Compliance, Audits, and Security.