security, technology

Vulnerability Management Best Process & Practice for MSPs

Any security leader must be able to provide a standard for due care and help to build a comprehensive security program that is good for the entire business. This is no easy feat.FearlessSecurityLeaderWith increased threats and security breaches on the rise, it comes as no surprise that security is today’s top buzzword. And with all the security buzz on the minds of business leaders, we see an increase in security initiatives. And as leaders at small to medium-sized businesses look to their in-house staff to implement, they are discovering a lack of skills and resources. This often leads to a conversation with their trusted Managed Service Provider to help close the gap.

Often, we hear that MSP clients assume security is included as part of the standard of services already provided. We have also uncovered through interviews that organizations and MSPs alike often have a hard time getting their users to adopt better security practices, even simple ones to implement, like multi-factor authentication and password policies. One thing they all have in common however is that they want to be better at security.

Let’s start by stating that achieving ‘better security’ is all about the layers of security that can be established to protect the organization, its users, and most of all, its data. We also conclude that there is no ‘security bliss’ where all levels have been laid and there is no longer any risk.

Security can best be established as a framework for users and the data they share. When we break down security into manageable layers we can create the following categories.  Each category has its own standards and processes to be documented and carried out by a security leader or a team of security leaders.

  • Governance
  • Policy Management
  • Awareness & Education
  • Identity & Access Management
  • Vulnerability Management

Each topic can be quite involved, so our focus for this article will be vulnerability management as it becomes the foundational layer to the organization’s threat defense strategy. Most MSPs are already offering services for managing vulnerabilities through patching operating systems and third-party products. Vulnerability Management is just one part of the security process in identifying, assessing and resolving security weaknesses in the organization. Often there is a focus on the technical infrastructure, like updating endpoints and managing components of a network, like the configuration of firewalls.

Let’s take a closer look at the process and practice of vulnerability management in these 6 steps:

  1. Policy – Your first step should include defining the desired state for device configurations. This also includes understanding the users and their minimum access to data sources in the organization. This policy discovery process should consider any compliance measures like PCI, HIPPA, or GDPR that may exist. Document your policy and your users’ access.
  2. Standardize – Next, standardize devices and operating environments to properly identify any existing vulnerabilities and to meet compliance needs noted during the policy discovery process. When you standardize on your devices, you also streamline the remediation process. If users are all operating on the same type of hardware/software setup, steps 3-6 have the propensity to be more effective and the process more efficient.
  3. Prioritize — During remediation of a threat, any activities conducted must be properly prioritized based on the threat itself, the organization’s internal security posture, and how important the data residing on the asset is. Having a full understanding of your assets and the roles they play in the organization will play a critical role when prioritizing active threats. Document and classify your assets so you can easily prioritize when there is a threat.
  4. Quarantine – Have a plan in place to circumvent or shield the asset from being a bigger threat to the organization once compromised.
  5. Mitigate – Identify root cause and close the security vulnerability.
  6. Maintain – It is important to continually monitor the environment for anomalies or changes to policy, patch for known threats, and use antivirus and malware tools to help identify new vulnerabilities.

vulnerabilityVulnerability management is an essential operational function that requires coordination and cooperation with the business as a whole. Having the entire business buy into better security is paramount to the success of the program. The team must also have a set of supporting tools with underlying technologies that enable the security team’s success. Operational functions include vulnerability scanning, penetration testing, incident response and orchestration.  Remedial action can take many different forms: application of an operating system patch, a network configuration change, a change to a custom-built application, a simple change in process, awareness and education for users who consume and share organizational data. Tools can range from RMM to SEIM, to simple AV/Malware and backup toolsets.

Better vulnerability management practices start with a superhero who promotes security consciousness and helps to innovate solutions and services that make the business thrive!

security, technology

Don’t Ignore Security Activity That Could Help the Most

We tend to think of security as the tools in place like email scanning, malware and anti-virus protection, but did you know that the process of asset management helps you minimize the threat landscape too?threat-intelligence-security-processes

While the management of software and hardware has historically been treated as a cost minimizing function, where tracking hardware and software could be the difference between driving value or reducing it from an organizational perspective.  However, even the best security plan can be as strong as its weakest link, and if IT administrators are unaware where assets reside, the software running on them, and who has access, they are at risk.

Understanding the device as well as the data is what matters here.  Having an in-depth knowledge of the network of devices and their data is the first step in the futile attempts to protect it. Often organizations have the tools in place to support and maintain the device, but once in place on the network, it can be easy to set it and forget it until it needs repair, replacement, or up for the annual review.  Conducting asset management on a reoccurring basis should be a foundational function for your security plan. It can strengthen the already-in-place security tools. Remember, it must be continuous to be truly effective.

When you are conducting continuous asset management you can always answer the following the questions should an incident occur:

  • What’s currently facing the internet?
  • How many total systems do you have?
  • Where is your data?
  • How many vendors do you have?
  • Which vendors have what kind of your data?

Companies struggle with consistent and mature asset management because they often don’t have the time or dedicated resources to stay on top of it. However, an IT asset management program can add value by means of reducing costs, improving operational efficiency, determining full cost and providing a forecast for future investments.  Oversight and governance help to solidify policies and procedures already in place.

Find tools that compliment and strengthen business processes by significantly improving the ability to discover, inventory, manage, and report. Additional tool sets like antivirus, malware, email protection, and user training must be added to help further protect users and their data which will ultimately reduce business operational risk.