Oct 03, 2017
The 4-Part Model for Managed IT Layered Security
If you weren’t born yesterday, you probably know cyberattacks have increased in both number and severity over the past few years; all you have to do is watch the news. HBO Game of Thrones spoilers anyone? Even though ransomware is currently responsible for roughly $5 billion USD in 2017 and garners the majority of the spotlight, there are many other forms of cyberthreats with the potential to affect both individuals and businesses. Whether it’s a distributed denial of service (DDoS) attack taking down websites (or entire portions of the internet), stolen intellectual property due to compromised passwords or improper employee access, widespread automated attacks against unpatched software, or aliens from Mars, businesses have to stay vigilant against attacks from all vectors and planets.
The good news is organizations seem to be rising to the occasion, with cybersecurity budgets growing rapidly. Estimates show that cybersecurity budgets will total roughly $1 trillion USD during the period of time between 2017 and 2021. This is a massive opportunity for IT service providers to generate more revenue by taking a broad, layered approach to security for their clients.
So where do you begin? The Four Pillars of Comprehensive, Layered Security:
- Protect: Lock Every Door.
- Your first line of defense involves monitoring both electronic devices and the physical security of corporate offices. This first layer can show early warning signs of cyberthreats, helping you stop attacks before they get off the ground. In fact, some of the defenses in the other pillars would be impossible without this foundational layer.
- Detect: Detect It Fast, Stop It Cold.
- This next pillar includes many of the tools and techniques thought of as traditional security mechanisms—like antivirus, patch management, web protection, and email protection. They’re not enough to cover all problems, but they can deal with quite a few. Just patch management alone would have prevented several major ransomware attacks like WannaCry and Petya.
- Recover and Encrypt: Keep It Secret, Keep It Safe.
- Any defense strategy requires the ability to quickly recover after a disaster. The first two pillars can prevent a lot of attacks, but they’re not bulletproof. By having good backup solutions to restore systems quickly, two-factor authentication for account recovery, and strong encryption to prevent unauthorized access to intellectual property, you can provide your clients with a kind of insurance policy against data theft and downtime.
- Analyze and Manage: From the Top to the Bottom.
- The final layer involves advanced security tactics and active management. Many businesses require a more in-depth approach than the first three pillars can provide. This step involves penetration testing, security incident and event management (SIEM) systems, and security operation centers. This pillar provides the highest level of protection for businesses, making these some of the most lucrative security services you can provide.
But that’s not all. Before you start implementing these practices and technology of the model, you will have to assess the security situation for each client, which leads us to the discovery phase. Whether you’re starting out with a new client or you want to review the security state of an existing customer, start by taking stock of existing security defenses.
Asking these questions and more will help you formulate your plan for implementing the four pillars.
- What general security monitoring do you have in place?
- Do you monitor user activity?
- Do you monitor physical security devices?
- Do you have an antivirus solution? If so, what kind? How often do you update your definitions and run scans?
- Do you have a patch management solution in place? If so, how often do you update your software?
- Do you have perimeter-level protection, such as mail security?
- Do you have a defined data management program?
- Do you test the data management program?
- Do you track user access to sensitive data?
- Do you run vulnerability scans on “data at rest” in all possible locations, looking for PII that could be exploited?
ACTIVE MANAGEMENT & ANALYSIS:
- Do you limit employee access to corporate data and select areas of the network?
- Do you have internet content controls in place?
- Are employees trained on security protocols?
- Do you manage the core network to avoid malicious activity?
Once you have answers to these questions, you can start implementing the model. Now go forth and spread the word of cybersecurity.
About The Author
David Weeks, Senior Global Channel Sales Manager for SolarWinds MSP, works closely with the company’s top tier partners and major accounts worldwide to understand their needs, provide insight into current market conditions, and offer strategic sales and marketing recommendations to the channel. David is a regular presenter at the company’s global and regional summits, and is passionate about ensuring the success of MSPs.