New threats and a changed work environment mean customers need extended security services from their managed service providers.
This is according to Dima Dabbour, Senior Channel Account Executive MSP at Sophos, who was speaking ahead of a webinar to focus on the Sophos Managed Threat Response (MTR) value proposition for local MSPs.
Risks in a changing environment
Dabbour says accelerated adoption of cloud, digital transformation and remote working in the wake of the ongoing pandemic, has expanded the attack surface for cyber criminals. Adversaries are also changing their tactics, techniques and procedures to increasingly launch cyber attacks that combine automation with active human interaction or “hands on keyboard” hacking.
“In these types of attacks, adversaries attempt to manually circumvent traditional preventive solutions, such as firewalls and endpoint security, and leverage administrator tools, pen test tool kits, and poorly designed or easily exploitable applications to escalate privileges and move laterally. Antivirus is not enough. Companies need a more in-depth defence strategy, and they need to adopt new technologies,” she says.
“Currently the market is going towards Zero Trust strategies like ZTNA or SASE. That is the right approach, because everything always comes back to the endpoint. The Endpoint and its user are ultimately key to the ability to drive cyber security forward. Moreover, a comprehensive, defence-in-depth cyber security system that emphasizes multiple layers of protection is critical for proactively defending against these stealthy attacks.”
Risks of WFH
Dabbour says there are a number of new security challenges organisations face while working from home.
“One challenge is that some of the systems and tools organisations were using were not as effective in a remote working scenario as they were in-house. For example, systems monitoring, and patching issues were exacerbated when offices were inaccessible. Some businesses found it difficult to provide connectivity while others were not prepared to shift to remote working seamlessly. Some businesses were taking temporary shortcuts to enable remote working which led to a worsening of their security posture,” she says.
To mitigate these risks, Dabbour says organisations have to start by securing who gets into the company’s cloud applications and services.
“Identity security represents a huge challenge for organisations. A review of cloud accounts by the Sophos Cloud Optix cloud security posture management service discovered worrying trends in organisations’ security posture as it relates to cloud account access, with 91% of organisations having over-privileged Identity and Access Management roles and 98% without MFA enabled on their cloud provider accounts. Managing access to cloud accounts is an enormous challenge and yet only a quarter of organizations in our research saw it as a top area for concern, while a third reported that cyber criminals gained access by stealing cloud provider account credentials.”
Dabbour says: “Granting extensive access permissions to IAM users, groups, and cloud services is a risky practice. If such credentials get compromised, cyber criminals may gain access to any services and data those permissions grant. All user accounts should have MFA enabled, as it adds an extra layer of protection on top of usernames and passwords.”
“Additionally, an important part of Cloud Security is to secure what can get out. You won’t have to look far to find stories of shared storage-related data breaches caused by misconfiguration, where security settings with public read/list permissions had been enabled. AWS has even released an update to help customers from running afoul of this – one of the biggest causes of cloud data breaches. In our review of cloud accounts, we discovered that accidental data exposure through misconfigured storage services continues to plague organisations, with 60% leaving information unencrypted. Organisations are making it easy for attackers to search for and identify new targets.”
The silver lining in all this is that the number of organisations exposing data to the public internet is declining, with Sophos Cloud Optix identifying that only 13% of organizations left database ports open to the internet and 18% of organisations had storage services with public read/list permissions enabled. Assuming there will always be use cases for public access being available, organisations are starting to close the door on this, the most common attack method for obtaining sensitive company and customer data.
Finally, Dabbour says, secure configurations matter a lot for dealing with security risks in the cloud. Encryption is critical when it comes to stopping cyber criminals from seeing and reading stored information and is a requirement for many compliance and security best-practice standards. “Public mode” – a setting that can be applied to databases, shared storage, and other cloud provider services – is a major cause of data breaches, and misconfiguring cloud services in “public mode” allows cyber criminals to automate their searches for security weak points. Guardrails should be in place to prevent such misconfigurations.”
Sophos solutions to mitigate risk
Sophos is addressing these challenges by not only providing organisations with industry-leading, cloud-native protection products but also making investments in ever more capable AI systems to help security teams be both more effective and proactive, launching products that enable organisations to embrace Zero Trust, and providing help for organisations who lack dedicated security teams through its Managed Threat Response team.
Says Dabbour: “To secure your customers, nowadays it is not enough just to provide them with an antivirus, especially if those are your managed customers, who trust you most. You need to provide proactive threat hunting. Threat hunting requires the right tools, people and processes in-house to effectively manage security around-the-clock. Yet, many businesses struggle to put all of these much-needed pieces in place and build their in-house threat hunting team. This dilemma has given way to a new solution: Managed Detection and Response (MDR) services.”
MDR services are outsourced security operations delivered by a team of specialists. MDR services act as an extension of organisations’ security teams, combining human-led investigations, threat hunting, real-time monitoring, and incident response with a technology stack to gather and analyse intelligence. Not all partners and IT integrators are able to provide their customers with the SOC and this 24/7 proactive threat hunting. It always requires highly skilled staff who you usually need to educate from scratch and 24/7 availability for your customers. Additionally, for the proactive threat hunt you need access to the global cyber security incident data that goes far beyond your own customer ones. This costs you money and a lot of time, thus, resulting in failing to serve managed customers who would like to use the 24/7 services.
As a market leader in advanced threat prevention with a deep legacy of pioneering cyber security offerings, Sophos develops solutions by truly understanding customer challenges. In this regard, Sophos Managed Threat Response (MTR) service provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. Going beyond just notifying customers of attacks or suspicious behaviours, the Sophos MTR team takes targeted actions on customers’ behalf to neutralise even the most sophisticated and complex threats. This way, using the MTR services from Sophos, an MSP makes sure to protect themselves best, as well as their customer, at the same time consolidating all the processes and generating more revenue from the managed services they sell.
The MSSP Fast Track webinar on building out a full managed cyber security service will be hosted by Sophos in partnership with ITWeb on 29 September.
For more information and to register for this event, go to https://www.itweb.co.za/webinar/sophos-mssp-fast-track/
Share