August 31, 2021
How to protect endpoints with Multi-level Security Strategy
Tech Beats is a series on The MSP Beat blog that features insights from the technical minds on the Datto team and other members of the IT channel. In this series, you’ll find how-tos, product details, and more. Mathew Smith is a Senior Solutions Engineer at Datto, Inc.
Malware and ransomware infection rates are increasing, this year alone, malware increased by 358% overall, and ransomware increased by 435% as compared to 2019. To see their partners are fully secure, MSPs are looking towards user laptops and desktops. It is important that MSPs have visibility of user devices and often turn to an RMM solution, especially as the workforce becomes further separated from the corporate network.
Multi-level defense is about adding layers of security to endpoints to ensure they are operating most securely. A typical security stack would look like this:
- Web filtering
- Email filtering
- Software firewalls
- Operating System patching
- 3rd party software patching
- Ransomware detection
- Encrypted storage
- Standard user account permissions
Datto RMM can be used to monitor and enforce security policies, patch not only the Operating System but also 3rd party applications, ensure antivirus is installed, up to date, and actively scanning and add a second “pair of eyes” using the built-in Datto RMM Ransomware Detection to detect and stop ransomware infections.
MSP’s can use Datto RMM to automatically and silently deploy security tools like Antivirus or web filtering agents such as Cisco Umbrella to endpoints as they are added to sites in RMM to ensure there are no unprotected devices in the environment. Partners often use components to randomize local admin passwords, disable guest accounts and automatically review and limit how many accounts have local admin rights on devices
Dashboards in Datto RMM can be used to see a quick overall view of the security state of the managed devices and is the MSP’s window into the current security status of devices under management.
RMM’s are very good at alerting MSPs to issues, but the goal should not be just to alert but also to attempt the “first fix” so security issues can be automatically resolved quickly.
Datto RMM can run components in response to alerts. In its simplest form, this could be to run a full AV scan if the installed AV cannot automatically quarantine malware right through to automatically isolating machines from the local network if ransomware is detected.
Automated responses are where MSPs can start enforcing security policies, take care of security-related issues, and installing patches to operating systems and 3rd party applications.
The key is not to rely on a single point of defense. Antivirus installed on workstations should not be the only level of protection; it is part of a multi-level security stance.