Why SMBs and MMEs Can’t Rely on the Perimeter, but Need Layered Security

stack of padlocks

In a recent eBook, Best Practices To Protect Your Company’s Data and Infrastructure Through Layered Security, Kaseya and Kaspersky Lab detailed what SMB and MME IT shops can do to truly protect themselves.

The basics offer frontline protection. Firewalls, antivirus, anti-malware, and password policies are a great start. The bad news is that the bad guys have been either cracking or bypassing these defenses for years. It’s old hat.

Two intertwined concepts have taken hold to deepen those defenses. One is layered security; the other, which is often used to mean the same basic thing, is defense in depth.

Fortunately, Kaseya and Kaspersky Lab are partners in supporting both definitions of deep security. In fact, Kaseya VSA, an end-point management solution, is deeply integrated with Kaspersky’s antivirus software.

To help IT pros understand the issue more deeply, Kaspersky Lab crafted the eBook, “Cybercriminals: Unmasking the Villain.” Kaspersky regularly surveys customers and tracks not just viruses, but also how hackers create and exploit vulnerabilities. One dramatic but not altogether shocking revelation is that SMBs are a frequent hacker target, partly because the criminals know that SMB defenses aren’t as fierce as those of their enterprise brethren.

Some of the key Kaspersky findings:

  • 31 percent of all cyber-attacks are directed at businesses with fewer than 250 employees.
  • 42 percent of confidential data loss is caused by employees — often well-meaning employees opening unauthorized email attachments, forwarding sensitive information or storing data insecurely.
  • Hacking a small business to get into a larger business is now standard operating procedure for cybercriminals.

The lesson here is that SMBs need state-of-the-art security practices, and one route to these is through managed security services.

Whether you contract with a managed security services provider, or do it on your own, your best bet is a layered approach to security. Here are some of the concepts for layered or defense in depth that Kaseya has identified as part of a leading-edge security strategy:

  • Full 360O visibility. You can’t manage what you can’t see. You need a solution that easily and continually discovers all devices on your network and your customers’ networks, including servers, laptops, kiosks, mobile devices, scanners and peripherals. It also needs to constantly collect real-time status on all operating details for these devices to keep systems up to date.
  • Consistent antivirus and anti-malware (AV/AM). Once all devices are visible, you must ensure they are protected with AV/AM software. Installing is just the beginning ― you need to update systems to ensure they are always running the latest versions. So get a solution that makes this easy and automatic.
  • Keeping patches current. All devices need to be up-to-date on Microsoft and other third-party patches. Patches and updates can be tested centrally then pushed out to all machines or select groups once they are proven safe. Again, with the right type of automation, you can be confident that all patch updates are successful ― and that you’ll get an alert if they aren’t.
  • Policy-based configurations. Look for solutions that enable multiple sets of policies to be applied automatically based on any set of groupings you want ― by customer, device type, user role, or even location type ― that can check that each device is in compliance with its assigned policies. This way, you can standardize and update all infrastructure under your care with confidence. Of course, doing this successfully depends on powerful and flexible automation to keep up with multiple policies and update many devices by simply changing a policy once.
  • Complete Identity and Access Management (IAM). You already know you can’t use vendor-supplied defaults for system passwords.  IAM takes this further by including multi-factor authentication (MFA), which is also a PCI DSS requirement. IAM also includes centralized credential management, policy-based rules, and Single Sign-On for end users (including partners ― remember how Target was breached!) to keep internal systems and customer systems protected.
  • Real-time tracking alerts. If a device, laptop or even server idea leaves a customer’s building, you should know instantly where it is once it’s back online.
  • Securing/destroying data. Once you know a device has gone out of corporate control, you need to be able to ensure the data on the system is not accessible to malicious players. You need the ability to remotely disable the device, encrypt the data, or even destroy the OS on that device.

If you’re interested in learning how Kaseya VSA and Kaseya AuthAnvil can enable you to implement an inclusive layered security approach, download our Automation Cheat Sheet: IT Compliance, Audits, and Security.

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
IT infrastructure costs contral

Key Ways to Cut IT Infrastructure Costs

The current global economic crisis has fundamentally changed the way many businesses operate. Given the fact that it will probablyRead More

MSP Marketing

MSP Marketing:  3 Channels to Build Your Sales Pipeline

Many managed service providers (MSPs) struggle with getting their marketing strategy in place. This is usually because MSP owners areRead More

The MSP Landscape as Told Through Data, with Jy McBain of Forrester - Connecting IT Podcast

Connecting IT Podcast – The MSP Landscape as Told Through Data, with Jay McBain of Forrester

In this edition of the Connecting IT Podcast, Jim Lippie Kaseya’s GM and SVP of Partner Development, talks with JayRead More

MSP Metrics and Fundamentals with Nigel Moore

Connecting IT Podcast – MSP Metrics and Fundamentals with Nigel Moore

In this edition of the Connecting IT Podcast, Jim Lippie, Kaseya’s GM and SVP of Partner Development, talks with NigelRead More

Connect IT Global - You're Invisited! - 100% Virtual - August 24-27, 2020
2020 MSP Benchmark Survey Report