January 22, 2021
Security Monitoring: Four Policies MSPs Should Review
It's the start of a new year full of goals, resolutions and cleaning out the old for a fresh start. And let’s face it, after 2020 we are in need of a fresh start! With most companies continuing remote work in 2021, it might be a good time for MSPs to review security monitoring policies and adjust configurations as needed. The difference between having security monitoring and having security monitoring that works for you is essential. Additionally, being able to answer a client's question “did this happen?” with clarity and conviction is critical.
At a minimum, reviewing patch management monitoring policies ensures systems are updated with most recent code to protect from the latest known threats, is a good place to start. By reviewing your patching policies you help ensure that systems are updated in accordance with best practices to protect against the most recent threats. While zero-day threats are certainly scary and headline grabbing, the overwhelming majority of breaches involve known exploits attacking long un-patched systems.
Questions to ask as you review include:
- Do your patch policies help ensure that critical patches are applied in a timely manner?
- Do your reports and dashboards verify that these patches are installed successfully? Are your monitoring policies alerting you if they aren’t?
Bitlocker and USB Storage
A recent Data Breach Investigation Report by Verizon Enterprises showed “67% of attacks come from credential theft, errors, and social attacks”.
As people make mistakes from time to time, they are often the weakest link in your security chain. Be sure that your monitoring policies are configured to detect tell-tale evidence of recent high-profile attacks (such as the use of the stolen FireEye tools), as well as what can be thought of as well-intentioned vulnerabilities. For example, an employee working from home may have installed an unauthorized remote control or file syncing application that can expose your business to risk.
With examples such as these becoming all too common, it is worth taking steps to limit these opportunities for an attack by reviewing the monitoring to ensure Bitlocker is enabled on individual devices, and that USB storage is disabled to prevent data theft or vectors for malware infection.
2020 saw an accelerated use of ransomware, and it is predicted that this will only grow in 2021. In our recent State of the Channel Ransomware Report, 95% of MSP respondents agreed they are being increasingly targeted by ransomware attacks. In these attacks, hackers use MSP credentials to access and spread ransomware to their clients, so offering the ability to monitor for and detect crypto-ransomware, and automatically attempt to stop the ransomware process and isolating the device from the network to prevent the spread to other devices helps reduce the impact of a ransomware attack.
Each client's needs will be unique to their networks, problems, and business goals-and they will change from year to year. Providing a yearly review of how your monitoring security ensures that with ever changing network structures the proper settings are in place. Datto RMM offers many preconfigured monitoring policies to help you in making this task easier and less time consuming.
To learn more about how Datto RMM can improve your service delivery, schedule a free demo today.