These days, every organization needs someone they can trust for advice on IT security. Global enterprises like the Wall Street banks can afford to put one or more trusted security advisors on staff; but down on Main Street, most folks have to look outside the organization for trusted security advice, just as they do for trusted IT advice. And that represents a great opportunity for MSPs who make the right investments in security knowledge and offer the right mix of security solutions.
Traditionally, anti-malware has been the leading edge of security selling by MSPs and it still represents a golden opportunity for adding revenue to IT contracts, if you can get past some of the current linguistic confusion about malware protection. Here’s how I would boil it down for prospective clients: “the best way to keep malicious code off your systems is a properly licensed, appropriately configured, fully-supported anti-malware solution that is both comprehensive and centrally managed.” And in my opinion, the best way to implement this approach in all but the largest organizations is through an MSP who really understands the security landscape and can offer the kind of flexible billing that today’s business environment demands.
To get your clients to buy into this approach you may need to wrestle with some of the geek-speak that pervades the security industry. Consider endpoint protection. The upside of this term is the way it embodies the valuable perception that every digital device connecting to an IT system needs protecting, even when it’s not connected. The trend toward mobile computing, BYOD, and now IoT, has created a rapidly expanding universe of digital processing points, from laptops to tablets and smartphones, even sensors and USB drives. That universe is rife with malware, pushed by everyone from illegal spammers to ransomware bandits and nation state IP thieves. If devices are not protected at all times, connecting them to the company network, wired or wirelessly, creates serious risk of network compromise.
Unfortunately, the need for malware protection does not end at the endpoint. Servers are not exempt from malware threats (they are specifically targeted by some malware). Yet many organizations still don’t realize servers are both malware targets and potential malware delivery systems. A comprehensive anti-malware solution must leave no platform unprotected. Even Macs, commonly considered “malware free” need to be included – otherwise they can become a Windows malware delivery system (“Look it’s an attachment forwarded by the Graphics department – they use Macs so it must be safe to open”).
The most confusing term in malware protection today is next generation, which can be roughly translated as: “does not rely on static malware-specific signatures and uses some other detection techniques instead of, or in addition to, such signatures.” In fact, this also describes mainstream anti-malware products from vendors who have been around for decades. It’s true that early products from some established anti-malware vendors gave each new piece of malware a unique signature that was then transmitted to the protected device, but folks quickly realized this created a window of opportunity for infection between signature updates (a window that became more critical as standalone devices were networked and the number of unique malware samples increased).
Consequently, other technologies were incorporated into mainstream anti-malware, such as generic signatures that identified multiple pieces of malware, and heuristics that spotted malware-like features in previously unseen executables. Whitelisting of known good code was added to improve performance, along with sandboxing to test suspicious code prior to system execution. More recently, post-execution monitoring of suspicious activity on the network and in system memory has been added, together with botnet protection and exploit technique blocking. The cloud has been tapped for faster updating of threat knowledge, including URLs known to be distributing malware. So, despite what you might have heard, a good anti-malware product can protect against previously unseen malware, even if it is not labeled next-gen.
A different kind of technology, the ability to centrally and remotely administer anti-malware, has enabled one of the biggest advances in fight against malicious code. Remember, to be effective, malware protection needs to be properly licensed and appropriately configured. Good administration tools can ensure both. The biggest hole in malware defense continues to be the assumption that anti-malware protection is on when in fact it is off (as in: “Our CRM software vendor asked us to turn AV off to diagnose an install issue, and we forgot to turn it back on”). A good administration tool solves that, enforcing limited time windows for manager approved suspensions of protection and alerting when unprotected systems are trying to connect.
With that level of control integrated into your client system management console, you can provide customers with the highest level of malware protection. At the same time, you should be encouraging clients to run a proven backup and recovery solution, the ultimate defense against a wide range of threats, from ransomware to fires and floods and hardware failure. You should also be encouraging them to sensitize their employees to the importance of cyber hygiene, making sure they know “cybersecurity is every employee’s responsibility”. To become a trusted security advisor, an MSP must show leadership and provide expertise, some of which may come from partners and vendors. The latter should be ready and willing to assist you in attaining trusted security advisor status with your clients.
After all, one point we can all agree on is that security is hot market right now and likely to remain so for years to come (for more on this see the recent Kaseya blog post).
Please stop by the ESET booth at the upcoming Kaseya Connect conference in Carlsbad to learn more about how becoming a trusted security advisor to your clients can boost your bottom line.