FOR IT PROFESSIONALS€¦ · tional opportunity to add security services to your practice—solving...

Inside The threat landscape is like a minefield for your SMB customers. As their IT services provider you can play an important role in helping them protect data and IT assets. As the go-to provider for guidance and advice on cyberdefense, you have an addi-tional opportunity to add security services to your practice—solving a problem for your customers while growing your business.

This Expert Guide for IT Professionals highlights what you’ll need to know about next-gen security tools, ways that IT secu-rity is changing, how network assessments can be a foot in the door, and why you need to take on the “cybersecurity educa-tor-in-chief” role for your customers. Plus, a security services practitioner shares simple advice he gives customers to boost their in-formation security and reduce financial risk.

NEXT-GENERATION SECURITY: WHAT YOU NEED TO KNOWBusinesses today must look to next-gen security solutions that detect, foil, and repel cybercriminals who have elevated their activities to a science. By Megan Santosus

YOUR ROLE AS CYBERSECURITY EDUCATOR-IN-CHIEFOnce you understand the technologies your clients employ, you can explain how, as a team, you’ll pro-tect their data and infrastructure. By Ron Culler

3 CHANGING ASPECTS OF IT SECURITYWith new technologies spurring changes in IT op-erations, SMBs and their IT providers must look at security from different angles By Seth Robinson

WHY PROVIDE NETWORK ASSESSMENTS?With assessments, you can win new deals, grow revenues, and produce valuable network reports. Here’s how. By Michael Mittel

INFOSECURITY: FOCUS ON THE SIMPLE STEPS FIRSTAbsolute Network Solutions advises SMBs on the simple steps they can take to boost infor-mation security and reduce financial risk. By Steve Weltman, CISSP

P O W E R E D B Y

W W W. C H A N N E L P R O N E T W O R K . C O M

GuideF O R I T P R O F E S S I O N A L S

INFOSECURITY HOW-TO:

Protecting Your CustomersProtecting Your Customers

http://www.channelpronetwork.com

Next-Generation Security: What You Need to KnowBusinesses today must look to next-gen security solutions that detect, foil, and repel cybercriminals who have elevated their activities to a science. By Megan Santosus

Cybercrimes are becoming increasingly sophisti-cated and disruptive. Traditional security tools such as anti-malware and anti-virus are no match for underground hacking communities that operate with unprecedented coordination and profession-alism. In response, channel pros today must look to emerging next-generation security solutions de-signed to detect, foil, and repel cybercriminals who have elevated their activities to a science.

Tools such as breach detection, security analytics, threat intelligence, and deception systems are the latest security technolo-gies designed to protect data and networks from today’s attacks—spe-cifically those that are targeted, evolving, and stealthy. “Next-gen tools make total sense because cybercriminals and hackers are going to work around existing tools,” says Richard Stiennon, chief research analyst at IT-Harvest LLC, an IT security industry research and analyst firm. “Organizations need a new set of tools that do a better job.”

Stiennon puts such tools in a larger bucket he calls cy-berdefense. What differentiates these tools is that they typically take active measures against advanced and targeted attacks rather than protect against typical malware and Trojans that are seemingly more random in nature. “Next-gen technologies monitor and watch everything on the network and take action once they detect things that are out of whack,” he explains.

As for general trends, “the convergence of hard-ware and software is defining the next-generation solutions,” says Steve Morgan, founder and CEO at market research firm Cybersecurity Ventures. Among the best examples of this trend, Morgan cites IBM’s z13s server that includes built-in ana-lytics, encryption, and other security services, and Cisco’s Firepower next-generation firewall that combines a firewall with threat services to better detect and respond to attacks. “Integrating multiple point solutions into unified dashboards reduces the burden for IT security administrators,” Morgan adds.

With integrated, proactive capabilities, “the biggest selling point is that these technologies are more capable of detecting today’s advanced threats,” says Kevin Beaver, founder and principal informa-tion security consultant at Principle Logic LLC, in Acworth, Ga. With many next-gen tools available as either appliances or virtual options, “there’s also the benefit of cloud-based analysis that can occur in real time.”

Tools of the TradeBreach detection is one such next-gen tool. As its name implies, breach detection technologies in effect already take the stance that a breach has

“Next-gen tools make total sense because cybercriminals and hackers are going to work around existing tools.”RICHARD STIENNON, Chief Research Analyst, IT-Harvest LLC

2POWERED BY


Guide INFOSEC: PROTECTING YOUR CUSTOMERS


either occurred or is inevitable. As such, these tools aim to sift through all sorts of data on the network to uncover anomalies and take corrective action such as blocking the suspicious activity on all end-points throughout the network.

These tools offer not so much prevention as con-tainment, and aim to do so by identifying attacks on a network and keeping them from spreading. Often, breach detection tools rely on an agent or server that monitors network traffic rather than signa-ture-based approaches to detect malware; once an attack is detected, the tools share that information with other machines, thereby blocking the attack.

The advantage of next-gen breach detection tools is that they are automatically upgraded on a frequent basis, eliminating the potential for security gaps caused when updates are not downloaded prompt-ly. The tools are also lightweight, reducing the kind of overhead that can degrade performance.

Many established vendors—including Check Point Software Technologies Ltd., Fortinet Inc., Dell Son-icWall, and Webroot Inc.—have breach detection capabilities built in, making them appropriate for SMBs. There are also niche players such as Cylance Inc., Cybereason, eSentire Inc., LightCyber, Sentinel IPS, and Sqrll Data Inc. that are either priced for the SMB space, or work well for channel partners look-ing to provide managed security services, according to Stiennon.

Threat intelligence services are a complement to breach detection; such services gather, aggregate, and correlate data from numerous sources to actively identify attackers. In essence, threat intel-ligence provides “visibility into the network so you can deal with any problems,” says David Lissberg-er, co-founder and CEO of Sentinel IPS in Dallas. His colleague, Ted Gruenloh, differentiates breach detection and threat intelligence thus: “Breach de-tection blocks attackers for what they are doing; as a reputation-based tool, threat intelligence blocks attackers [based on] who they are.”

In essence, threat intelligence services are “feeds of information about different kinds of threats and issues that security staff have to sift through,” ex-plains Ron Culler, CTO of Secure Designs Inc., a pro-vider of managed security services in Greensboro, N.C. The goal of aggregating such feeds is to uncov-er patterns in an effort to look for anomalies from a network’s known good state. Any such anomalies can then be shared throughout the network, there-by providing actionable information—resulting in suspect activity that is identified and shared.

Given the amount of data that is fed into these systems—not to mention the dearth of security staff among SMBs—such services are particularly suitable for a managed offering. A wide swath of vendors, ranging from stalwarts Trend Micro Inc. and Microsoft Corp., to Sentinel IPS and FireEye Inc., offer threat intelligence services.

• TRADITIONAL SECURITY MEASURES are no match for hacking communities that operate with

increasing coordination.

• NEXT-GEN SECURITY is all about active measures such as breach detection, security analytics, threat

intelligence, and deception systems.

• SMBS CAN INCREASE PROTECTION through managed services and integrated tools.

TAKEAWAYS

3POWERED BY




Security AnalyticsVoluminous amounts of data figure prominently in security analytics solutions. Such systems typically feed into a security incident and event manage-ment (SIEM) system “all the data you can collect from logs, desktops, servers, switches, and rout-ers,” explains Culler. “The analytics systems use machine learning to learn about the environment and identify anomalies from a broad perspective.” The aggregated data is available from a centralized dashboard, streamlining the review process.

According to Culler, few SMBs have a SIEM or the staff to make sense of the analysis; consequently such analytics solutions are not practical on a wide scale. However, Morgan says that vendors will increasingly add ana-lytic features to exist-ing tools, putting such capabilities within the reach of SMBs. He cites AlienVault Inc. as “one company that brings behavioral monitoring, SIEM, intrusion detection, asset recovery, and vulnerability assessment into a single solution aimed at simplify-ing security for SMBs.”

For organizations that assume a breach will oc-cur, deception or decoy solutions may be just the ticket. “Deception technology is a way of gathering data, and it actually fits into the threat intelligence

space,” says Stiennon. These systems monitor and try to drive new threats to fake servers, desktops, and network gear. Attackers are misled into thinking they are on a real network—breadcrumbs and user credentials are left to lure attackers to access the fake network, thereby revealing their presence.

These deception systems are akin to honeypots but significantly more complex since they rely on much more data and incorporate threat intelligence com-ponents. As such, Stiennon says, most SMBs can set up detection systems from the likes of Attivo Networks Inc. and TrapX Security but do not typical-ly have the staff required to examine the data such systems collect.

Today’s next-gen tools provide context, correlation, and automation capabilities that are critical to derail-ing sophisticated attacks. Like the attacks themselves, these tools continue to evolve; while many specialized security options are not within reach of the typical SMB, integrated tools are now available that provide enough functionality at an affordable price.

MEGAN SANTOSUS is a freelance writer in Boston.

Cybersecurity Ventures The Cybersecurity 500, a list of the top vendors in the space edited by Steve Morgan.

www.channelpronetwork.com/ZZZ

The Honeynet Project A knowledge-sharing site about computer and network attacks.

www.honeynet.org

SANS Institute Information security training and research.

https://www.sans.org

FOR MORE INFORMATION:

Threat intelligence services are “feeds of infor-mation about different kinds of threats and issues that security staff have to sift through.”RON CULLER, CTO, Secure Designs Inc.

4POWERED BY




Your Role as Cybersecurity Educator-in-ChiefOnce you understand the technologies your clients employ, you can explain how, as a team, you’ll protect their data and infrastructure. By Ron Culler

As the number of interconnected devices grows, we need to reconsider what cybersecurity really means. Deploying anti-virus tools and firewalls only takes a company so far in defending against attacks, and a more holistic approach to protecting data and IT assets is necessary.

Cybersecurity today affects everything that’s tech-nology-enabled. Whether you’re developing software, building networks, or integrating disparate technolo-gies that may not necessarily fit within the traditional boundaries of IT, there is always a security component to consider. This clearly places a burden on solution providers who must run their clients’ IT environments with maximum uptime, but also protect their data and networks. Even if you don’t have cybersecurity exper-tise beyond the basics, you need an understanding of threats and risks, especially “shadow IT” areas such as the Internet of Things (IoT) and VoIP, to steer clients away from dangerous territory.

For starters, you need to understand the technologies your clients employ. Do they have VPN connections to employees and B2B links to third parties? Have they started to install IoT devices? Do they control their voice systems and physical security via their network? The more you know, the more conversant you will be in explaining potential dangers and how to avoid them. This knowledge will also prepare you to better alert clients on the security ramifications of interconnected systems, so they don’t assume they’re secure simply because they have AV tools and firewalls.

Not Immune from CybercrimeSmall businesses often consider themselves immune from cybercrime, assuming they have nothing hackers would want or are too small to arouse interest. But all

companies, big and small, handle valuable data that can be highly profitable to cybercriminals, such as health records, credit card credentials, and intellectual property.

Many small businesses connect digitally to larger part-ners, and if they don’t have adequate security systems in place, they put themselves and their partners at risk. The November 2013 Target breach and a 2015 attack on the federal Office of Personnel Management report-edly were both facilitated by third-party vulnerabilities. This is why it is imperative that solution providers ex-plain to clients that they have certain security responsi-bilities when they are part of a digital ecosystem.

Solution providers must educate small business clients on the dangers and potential ramifications of failing to properly secure their data and networks. Providers should take a consultative approach to helping clients select technologies and set user policies to avoid put-ting their businesses and their partners at risk. Solution providers also can address the persistent misconcep-tions around cybersecurity. Not every breach or hack is a major problem, for example. We on the front lines must clear up the confusion for clients.

Providers can use such incidents as teaching mo-ments, explaining the types of risks—from robotic threats to targeted, state-based advanced attacks—so clients get a better understanding of how to defend against them. Cybersecurity requires a multi-layered approach involving tools, training, action, and a continual state of alertness to keep up with new threats and take action to address them.

RON CULLER is co-founder of Secure Designs and serves as the CTO, technology architect, MSS visionary, and security evangelist for the company.

5POWERED BY




3 Changing Aspects of IT SecurityWith new technologies spurring changes in IT operations, SMBs and their IT providers must look at security from different angles. By Seth Robinson

It’s unlikely Bob Dylan was talking about IT security in his 1964 classic “The Times They Are A-Changin’,” but things are definitely changing in the field. CompTIA’s 2016 IT Industry Outlook predicts that companies will take a new offensive mindset with security, and our Trends in Information Security study shows how this new mindset is starting to take hold.

In general, a defining characteristic of modern se-curity is the breadth of solutions required to secure an organization’s assets. The traditional view of a secure perimeter has been eroding for some time, but many companies still struggle to understand the range of actions they should be taking. Aside from additions to the technology toolbox like data loss prevention (DLP) and identity and access management (IAM), here are three areas where security requires different tactics.

1. New Starting Points: Security conversations might start with emphasizing the importance of security and describing recent breaches. Most companies don’t dispute this point. Eighty-four percent of companies in CompTIA’s survey feel that security has a higher priority today than it

did two years ago, and 85 percent expect secu-rity to be a higher priority in two years than it is today. In addition, 82 percent say their current security is mostly or completely satisfactory. Instead of discussing the importance of se-curity, however, businesses should look at their IT operations and take action. Changes in IT are cited by nearly half of all firms as a driver for modifying their security approach. With increas-ing cloud and mobility adoption, the number of firms changing IT operations is much higher, suggesting a gap between current IT practices and security postures.

2. New Training Options: The primary cause for security breaches is human error. As the workforce pushes more aggressively into new technology, they are more likely to make mis-takes since security expertise is low. The simple answer is to provide training, but many compa-nies don’t focus on education as a core com-petency, and many security training packages don’t include ways to measure success. The

A defining characteristic of modern security is the breadth of solutions required to secure an organization’s assets.

6POWERED BY



http://www.comptia.org/resources/trends-in-information-security-study


most advanced companies are exploring new training methods that are measurable, practical, and focused on a wide range of scenarios.

3. New Partnering Opportunities: One conse-quence of security’s expanded scope is that it becomes much more difficult for a single team to cover all the bases. At an enterprise level, a team with various specialties provides compre-hensive coverage. This is not the case for SMBs, which tend to have small, internal IT teams or work with smaller solution providers. Either way, knowing everything that is happening in cybersecurity is a major challenge. For channel firms, focusing solely on securi-ty and becoming a managed security solutions provider (MSSP) is an option. However, a more likely scenario is that channel firms will find new ways to collaborate. A given company

may choose to focus on one piece of IT and understand the security implications around that piece, then work with other companies to provide the full range of security options for a client. Likewise, client companies that have been handling security internally may start looking for outside help in areas that they don’t understand as well.

No company wants to be the next security headline, but the fact that so many of these headlines are caused by routine security missteps shows that the current methods need to be overhauled. As business-es become more reliant on digital tools and data, best practices in cybersecurity will evolve to better protect assets, ensure continuity, and preserve reputation.

SETH ROBINSON is senior director of technology analysis at industry association CompTIA.

7POWERED BY




Why Provide Network Assessments?With assessments, you can win new deals, grow revenues, and produce valuable network reports. Here’s how. By Michael Mittel

At this point, most companies in the SMB space understand security risks. Many have already adopted solutions in categories such as BDR, intrusion detec-tion, and mobile device management. Fewer com-panies, however, are aware of the unique benefits of network assessments. Although assessments support an overall security program, they represent a separate and key discipline that performs functions not attain-able by other existing secu-rity categories. Since market awareness is still building, managed service providers have a window of opportunity to gain incremental revenues if they understand and can communicate the value of these services.

What Differentiates Assessments?A network assessment involves gathering a great vol-ume of data from a company’s network, then analyz-ing that information to uncover issues that place the end-user company at risk, based upon the likelihood of an issue’s occurrence and the severity of its impact. Unlike network monitoring, which focuses on the per-formance of individual devices, network assessments look more holistically at overall network risk based upon the total issues affecting the network.

A network assessment tool reports on issues such as when and how users access the network, what security rules apply to each user, unusual user patterns or behavior, and changes to critical net-work configurations. They point out weaknesses and identify red flags that could indicate misuse or abuse. Network assessments take an all-encom-passing snapshot of the state of the customer’s

network and not only document assets and config-urations associated with the system, but also pro-vide a baseline for ongoing “change reports” that reveal what happens on the network from quarter to quarter, or even month to month. One benefit for the MSP: This substantiates network activities that otherwise are “invisible” to the customer, and are easily taken for granted.

An Objective Network ViewAn end-user company can gain notable advantage from having ongoing, objective network assess-ment reports delivered by an MSP partner. An out-sourced MSP is removed from the internal employ-ee politics of an organization. This becomes crucial, for instance, when a company’s IT manager departs abruptly or under negative circumstances—a far too common occurrence.

Business owners entrust some of their greatest re-sources to IT personnel. Once that relationship is compromised, it is sometimes next to impossible for them to regain network sovereignty. Companies can find themselves locked out of their own systems, scrounging for passwords and system information to which they suddenly no longer have access.

HIPAA and PCI ComplianceNetwork assessments are key in industries that are subject to major government regulations. These in-clude PCI compliance in the retail and consumer mar-

Network assessments look holistically at overall network risk based upon the total issues affecting the network.

8POWERED BY




kets and HIPAA compliance in the healthcare vertical.

Companies that accept credit card information are subject to PCI DSS regulations (Payment Card Indus-try Data Security Standards), and any caught out of compliance are subject to penalties that can amount to thousands of dollars per transaction. Similarly, end-user companies that collect electronic protected health information—or provide any kind of goods or services to healthcare-related companies—are subject to HIPAA regulations. The scope of these affected companies is in the millions, representing a vast opportunity. To maintain compliance, an organi-zation must prove that it has taken action to secure network data.

Assessing RiskMost security breaches occur from within. Through

a “deep dive” internal examination, assessments can uncover and measure risk associated with anal-ysis of the data collected. The assessment can ex-pose such potential threats as someone accessing or transmitting certain data or it can reveal when users have gained access to otherwise restricted parts of the network.

In short, if shrewd MSPs know how to use network assessments to differentiate their businesses, they can capture new opportunities, increase revenues, and document their own ongoing activities—while producing valuable network reports and deliverables.

MICHAEL MITTEL is CEO and president of Atlan-ta-based RapidFire Tools Inc., the developer of the award-winning Network Detective network assess-ment modules.

9POWERED BY




Info Security: Focus on the Simple Steps FirstAbsolute Network Solutions advises SMBs on the simple steps they can take to boost information security and reduce financial risk. By Steve Weltman, CISSP

To reduce risk you have to do something different than what you’re doing today. And that can be simple, low-cost or no-cost actions that will help boost your information security posture. It’s important to re-member, particularly for SMBs, that size means nothing to an attacker. Everyone is a target.

Intellectual property is the new currency in today’s envi-ronment, and when I talk with clients about financial risk, information security has to be

10POWERED BY


PEER PROFILESteve Weltman, CISSP/Absolute Network Solutions Inc. FOUNDED 2014

LOCATION Torrance, Calif.

NUMBER OF EMPLOYEES 1

WEBSITE www.absolutenets.net

COMPANY FOCUS Keeping your data safe by making security the underpinning of your managed IT

FAVORITE PART OF MY JOB Being in front of the client and report-ing findings

LEAST FAVORITE PART Billing

WHAT PEOPLE WOULD BE SURPRISED TO KNOW ABOUT ME I am an autocross racer and a practitioner of Muay Thai, a Thai form of mixed martial arts.

Steve Weltman, CISSPFounder and CEOAbsolute Network Solutions Inc.

PHOTO: TERI WEBER



a component of that discussion. As a managed services and managed security services provider (MSSP), you cannot take a purely technology point of view. You’re not just fixing or monitoring some-thing, you’re adding value to a business by identifying the risks, the things that keep them up at night: How do we prevent Cryp-toWall ransomware? How do we prevent virus outbreaks? How do we prevent content or phishing scams? And how do we get awareness of these things quickly?

While the physical-logical implementation of fire-walls and intrusion prevention solutions is import-ant, security is not solely about technology. It’s the system and the process built around it, and more important, it’s the SMBs’ business strategy of what they want to protect. So my main focus is to talk to the business owners and the business decision makers about the risks they have, and to think in terms of their brand and their market value.

The 80/20 RuleAs an MSP/MSSP, the biggest hurdle to InfoSec education and awareness is the common misper-ception that either InfoSec can be done easily, or it is overwhelmingly difficult. Neither extreme is the reality. I advise SMBs to follow the 80/20 rule: As-sume you’re targeted 80 percent of the time, so do 80 percent of the basics. Doing some simple things well often mitigates the 20 percent risk.

Here are some of the simple steps we should be advising our SMB clients to take to improve their security posture:

1. Stop ignoring email threats. In addition to employee training, utilize email filtering at the server level. Office 365, Hosted Exchange, and Gmail have this feature, so use it.

2. Assume your websites are vulnerable. Look for free or commercial website vulnerabil-ity scanners, and consider contracting a securi-ty tester for a few hundred dollars a month.

3. Disable high-risk desktop and server soft-ware. The biggest offenders include Flash and video plug-ins for browsers. Remove them and you remove a good percentage of risk for very little cost to your user.

4. Use data encryption. It can still be complex to manage keys, but costs are coming down. Also, business laptops are always offered with Full Disk Encryption (FDE) as an option—one SMBs should always utilize. That, and USB sticks with corporate data should always be encrypted.

5. Secure access to online financials. There is no universal countermeasure for this attack, but one option is to use a dedicated VM running a minimal install to access these services. Most SMBs taking this approach either use a Linux machine or a stripped-down PC, but another option is to use a cheap Google Chromebook.

6. Get serious about passwords. The best prac-tice is simply changing administrator passwords often. Automating the process with a password manager is the only way to change and manage all of your critical passwords consistently.

7. Embrace system and software patching. While enterprises buy complex solutions to man-age patching to defined timetables and policies, small businesses can use simpler patching scan-ning tools such as Microsoft’s Baseline Security

11POWERED BY


“When I talk with clients about financial risk, information security has to be a component of that discussion.”STEVE WELTMAN, Founder and CEO, Absolute Network Solutions Inc.



Analyzer (MBSA) or ManageEngine Desktop Central. And don’t forget about remote systems.

8. Reduce admin rights use. You need appro-priate controls over your system changes, even at the desktop level.

9. Monitor cloud storage. Know who is sharing what, and with whom. Monitor who has access to modify, create, and add domain names in your portfolio and how they are used in your company. And don’t confuse cloud storage with backup and recovery.

10. Dispose of old hardware securely. Use a reliable wiping process.

Once your SMB clients are on the right side of

the 80/20 equation, you can talk with them about moving from free or home versions of their pro-ductivity solutions to commercial versions, which have more built-in security, as well as implementing some advanced security products. As part of your security offering provide a vulnerability assessment with some tools that create automated reports, and then provide them with quarterly reports to discuss their data systems and data at risk internally and externally. It doesn’t require high complexity or a lot of learning to offer this as a business value add. The key is to have data protection top of mind while dealing with day-to-day IT services.

Teaching your SMB clients to do the small things when it comes to security will not only reduce their security risk, but also their financial risk. And that’s the ultimate value add.

12POWERED BY




FOR IT PROFESSIONALS€¦ · tional opportunity to add security services to your practice—solving...

Documents

Transcript of FOR IT PROFESSIONALS€¦ · tional opportunity to add security services to your practice—solving...