How MSSPs can reduce the odds

Jonathan Whitley, Vice President for Northern Europe at WatchGuard Technologies, talks to Michelle Winny, Editor of PCR, about the growth in managed security services and how they can help customers to reduce the chances of becoming the victim of a cyberattack.

WatchGuard Technologies specialises in network security, secure Wi-Fi, multi-factor authentication, advanced endpoint protection, and network intelligence. Here we speak with Jonathan Whitley, Vice President for Northern Europe at WatchGuard about the latest threats and how to cope with them.

Why are we seeing an increase in demand for managed security services?
For all businesses great and small, the pandemic has changed the cybersecurity threat landscape forever. The traditional security perimeter, which was already fragmenting, completely disintegrated, as the global workforce moved out of the office to work from home. Suddenly, every endpoint, from corporate laptops to home PCs and mobile devices, had to be protected. And out of the confines of the office, there was also a greater risk that employees would not be so cautious or vigilant when trying to spot phishing emails.

For many SMBs it exposed in-house skills shortages and lack of budgets. As a result, many have turned to their trusted IT partners and resellers for advice and support. In particular, it put the role of managed services in the spotlight and accelerated the shift that was already taking place in the channel. Many managed service providers decided to add the extra S and become an MSSP (Managed Security Service Provider), while a growing number of traditional resellers started their managed services journey.

What are the key benefits of the MSSP model?
For end users, MSSPs with the right cloud-based platform and tools, can configure, monitor and update security defences round-the-clock, all remotely. Many SMBs do not have visibility into what resources are being consumed, where they reside, and how they potentially interact. But MSSPs can provide all this, and as IT infrastructures grow in size and complexity, this granular visibility is crucial to recognise patterns, threats and security gaps, and to respond before damage occurs. And with a multi-tier, multi-tenant design, MSSPs can view and manage multiple customers from one screen or drill drown through multiple account layers, as well as reduce the need for a time-consuming and costly site visit.

A complete unified security platform must include protection for networks and endpoints along with other services. The more offerings you can adopt from a single vendor while ensuring that customers get the services they need, the easier it is to keep your total vendor count down.

Every network needs a full arsenal of scanning engines to provide visibility, threat intelligence, and protection against spyware and viruses, malicious apps and data leakage – all the way through to ransomware, botnets, advanced persistent threats and zero-day malware. Multi Factor Authentication (MFA) is also an essential service to replace simple passwords, while education and awareness training also need to be delivered as a managed service. Most breaches start with a simple click on a malicious link or document so without an understanding of how attacks happen and a commitment to behaviours and processes that reduce their likelihood, businesses are left exposed.

How can traditional resellers move to a new MSSPs billing model?
Technology aside, the other biggest challenge when migrating to an MSSP is the shift in business and billing models. Recurring revenues are a great attraction but processing payments and managing invoicing is far from simple, and the way you transact with vendors will be different from traditional customer billing models where most of the revenue is upfront.

The best way to avoid this complexity is for vendors to offer flexible pricing models, which could include fixed term contracts paid upfront or monthly, pay-as-you-go setups, or pre-pay points to enable security on a monthly basis. The aim is to make it easy to purchase products in the same way you sell and deliver them, with the ability to scale up and down instantly to meet changing requirements.

What are the challenges for MSSPs?
The shift from a traditional reseller model to an MSSP is a major step. Building a successful and sustainable managed services business takes thought and planning. There are a variety of elements that need to be considered, including customer base, staff expertise, management infrastructure, financial goals and resource constraints.

First, you need to clearly define your service bundles around customer needs and limit the number of vendors in each offering to increase margins. Next, as already mentioned, you’ll want to consider the option to bill customers monthly as a single per user/per-device fee. The important thing is to keep it simple and consistent. Lastly, make sure to learn and fully utilise all the functionality in both infrastructure tools and offered services. This can not only ensure customer retention but also lead to higher margins. And once your service delivery, management infrastructure and core services are solid, you can look to add new service categories to support evolving customer needs.

What is the main cyber security challenge facing businesses in 2022?
Even before the pandemic, limited time and resources were making IT security feel like an insurmountable challenge for many businesses. Now, with new work from home mandates and a growing threat landscape, delivering a robust security posture and reducing the odds of becoming another cyberattack statistic are even greater.

Threats will vary dependent on your size and type of business, but one thing is clear is that ransomware is rampant and is the threat that keeps most CISOs awake at night. With low risk, high returns and a virtually unlimited supply of victims, it’s a no brainer for cyber criminals. The arrival of Ransomware-as-a-Service (RaaS) that lowers the bar for would-be attackers, has only served to increase the scale of the problem. And as larger corporations get better at protecting themselves, smaller businesses become more attractive targets.

There is no silver bullet to preventing ransomware attacks but there are basic measures that everyone should implement and observe. For example, every network needs a strong firewall, along with an arsenal of scanning engines to provide visibility and protection against spyware and viruses, malicious apps, data leakage and unknown zero-day threats.

Most ransomware attacks start with a phishing or social engineering attack. It is increasingly difficult to spot a sophisticated attack but good phishing education programmes can reduce click rates on malicious links from 40-50% down to below 10%. These programmes should intrinsically link technical controls with human behaviour and interaction to learn from mistakes and move away from the blame culture.

Are we still talking about the problems of passwords?
Despite reports of their demise, passwords are still alive and kicking – and still often too simple to guess or steal. As we all struggle with remembering long, complex passwords, the use of multi-factor authentication (MFA) is compelling. MFA simply requires more than one method of authentication. While traditional MFA solutions can be costly and complex, cloud-based MFA cuts down on costly deployment and management, while a choice of authentication methods such as push notifications, one-time-passwords or QR codes sent to a mobile device provides good security and user experience. Furthermore, MFA delivered through an MSSP removes all the headaches for the end user as everything is managed and automated remotely.

Last year Microsoft introduced password-less authentication for Windows for digital validation but continued focus on single-factor authentication logins. Microsoft could have truly solved the digital identity validation problem by making MFA mandatory, but if Microsoft does not force companies to embrace MFA, the growing cyber insurance industry may do it instead. As cyber security insurers realise that the pay-out costs to cover ransomware threats have increased dramatically, they are not just demanding higher premiums but also now actively scan and audit the security of clients before providing cover. In 2022, if you don’t have the proper protections in place, including MFA, you may not get the cyber insurance you need at the price you would like.

Are companies getting the other basics right?
While many are doing better at measures such as backing up, others are still leaving their businesses exposed to attacks by not doing the simple stuff. According to a recent Gartner report, 99% of the vulnerabilities exploited would have been known to security professionals and IT administrators at the time of the incident. In fact, 80% of successful attacks exploit vulnerabilities that have known patches to fix bugs and vulnerabilities in software.

Software patches are a necessary inconvenience for IT administrators, as they are time-consuming and can cause disruption for users. But hackers don’t waste time and have been known to exploit vulnerabilities just days after a patch is released. One of the main reasons why smaller companies fail to regularly patch their systems is a lack of technical staff and know how. But with cloud-based managed security services, there is no excuse or blame game.

Read the latest edition of PCR’s monthly magazine here:

Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.