PC consumers tend to feel to safe so long as they have antivirus protection in place. Some neophytes are comfortable even without having this modicum of protection.
As experienced IT pros, MSPs know better. Antivirus and anti-malware protection is important, but it is only one aspect of keeping MSP and client endpoints safe. Keeping both the provider and customer sides safe is essential. Customers need to be safe because that is what they pay you for – and your reputation is on the line.
Keeping your own operation secure is perhaps more important. Since you have control of client endpoints, a successful breach of your infrastructure means the hacker could next go after your customers. And if you or your clients fall under compliance rules, there are significant fines and penalties that come with any sort of breach.
Starting this year, service providers and businesses have a more general compliance rule for those in the European Union (UI) to worry about. While HIPAA focuses on healthcare and PCI on credit cards, the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) says that any company or individual that processes data is responsible for its safety. This same rule applies across multiple countries.
Layers of security are critical. Once we cover that, we’ll talk about processes and best practices that make these layers even more effective. The layers consist of:
- Firewall, both personal and network
- Intrusion detection and prevention
- Anti-virus and antimalware protection
- Patch management and updates
- Auditing and inventory
Making the Most of Your Layers
Full 360° visibility: You can’t manage what you can’t see. You need a solution that easily and continually discovers all devices on your network and your customers’ networks, including servers, laptops, kiosks, mobile devices, scanners, and peripherals. It also constantly needs to collect real-time status on all operating details for these devices to keep systems up to date and have consistent protection in place. Once all devices are visible, you need to ensure that they are protected.
But installing is just the beginning ― you must also update systems to ensure they are always running the latest versions. You need a solution that makes this easy and automatic.
Keeping patches current: Patching isn’t optional. All devices need to be up-to-date on Microsoft and other third-party patches. Patches and updates can be tested centrally and then pushed out to all machines or select groups once they are proven safe. Again, with the right type of automation, you can be confident that all patch updates are successful ― and that you’ll get an alert if they aren’t.
Policy-based configurations: Look for solutions that enable multiple sets of policies to be applied automatically based on any set of groupings you want ― by customer, device type, user role, or even location type ― and that can check that each device is in compliance with its assigned policies. This way, you can standardize and update all infrastructure under your care with confidence. Of course, doing this successfully depends on powerful and flexible automation to keep up with multiple policies and update many devices by simply changing a policy once.
Regular, routine backup and recovery: Routine, reliable (and encrypted) backup and recovery is a vital component of any comprehensive layered security approach. In addition, complete and regular backups are also a defense against CryptoLocker and other ransomware attacks.
Complete identity and access management (IAM): You already know you can’t use vendor-supplied defaults for system passwords. IAM takes this further by including multi-factor authentication (MFA), which is also a PCI DSS requirement. IAM also includes centralized credential management, policy-based rules, and single sign-on for end users (including partners ― remember how Target was breached!) to keep internal systems and customer systems protected.
Policy-based access: You need to be able to create as many policies about access as for device configurations. With these policies in place, you can quickly and completely delimit access to systems and data based on staff’s functionality and job requirements. In addition, you can create policies to require password changes after so many days or lockout rules after so many failed login attempts. Location-based rules would control when and where users can sign in. For example, limiting user access by location, such as building, city, or country. This can protect against unverified users accessing systems and POS devices.
Deprovisioning users: Statistically, admins enable more users than they disable. While outside attacks lead the list of retail breaches, it’s only prudent to make sure you have a way to quickly and completely deprovision a user ― whether employee, sys admin, customer or partner ― from any and all systems under your care.
Alerts on usage patterns: You need to be alerted of any potential security breach beyond viruses and malware, including unusual patterns of user behavior or access and suspicious spikes in bandwidth utilization.
App blocking: Disallowing certain app, like peer-to-peer apps or Flash, can help keep systems clean and running strong. This also provides another security dimensions since apps that are more vulnerable can be blacklisted to prevent users from installing and inadvertently creating an enticing entry point for hackers.
Web filtering: Blocking websites sites known to host spyware, viruses or malware limits vectors of attack opened by unwitting users. Filtering is usually accomplished through many tactics, including a database of black-listed websites, policy-based content filtering, and scanning and inspecting SSL-encrypted traffic.
Real-time tracking alerts: If a device, laptop or even server leaves a customer’s building, you should know where it is as soon as it’s back online.
Securing/destroying data: Once you know a device has gone out of corporate control, you must be able to ensure that the data on the system is not accessible to malicious players. You need the ability to disable the device remotely, encrypt the data, or even destroy the OS on that device.
Automation Brings Efficiency to Your Layers
Most large enterprises and all those on the upper scale of the IT maturity curve automate their IT security. That means the systems automatically discover all of the devices that need protecting and continually update that list. Based on the audit, key security tools are applied to endpoints automatically. At the core of this is antivirus and anti-malware protection. Here not only is the software pushed out based on IT–defined policies, but new definitions and other security data is constantly updated and applied.
At this level of maturity, patches and updates aren’t parceled out on a piecemeal basis, and anti-malware software isn’t applied or updated when there is an “oops.” All of this is handled continuously without bogging down the IT admin staff.
Again, an audit shows your devices and in this case the OS and update status. After that, patches are sent out when they need to be and installed. When there is a problem with a patch, it can be uninstalled, tested, and reapplied when the issues are resolved.
The best way to keep these devices updated and running, not to mention all your servers, is IT automation. Consider automating as many IT functions as possible, including:
- Discovery of your computing assets including non-approved apps
- Safe and disciplined software deployment
- User privileges and access
- Password management
- Auditing and reporting
- Malware and virus interdiction
- Detection and remediation of system problems
To learn more download, our white paper Best Practices: Protect Your Clients Data and Your MSP with Layered Security.