George Anderson has been at Webroot for over the past 8 years as their Business Division Product Marketing Director where he covers Webroot’s Endpoint, Mobile, DNS Protection, Network Behavioral Analytics and Security Awareness Training solutions. George has spent over 20 years in the IT Security industry. His past roles have included Business Development (Sales), Strategic Alliances and Marketing roles at Computacenter a leading independent provider of IT infrastructure services where he helped set up their IT Security business unit.
Now under Carbonite, Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. Webroot provides the number one security solution for managed service providers and small businesses for endpoint protection, network protection, and security awareness training. Webroot's mission is to make cybersecurity comprehensive, effective and simple, so MSPs can all focus on the things that are really important, not security.
Faced with an increasingly hostile online threat landscape, today’s businesses and managed service providers (MSPs) already understand the value and importance of a security stack. But these days, anti-malware solutions and firewalls may not be enough.
When developing a cybersecurity strategy for your business—or, in the case of MSPs, your clients’ businesses—you need to look beyond traditional solutions if you want to stay safe from sophisticated cyberattacks. It’s important to find solutions that aren’t just effective, but are also easy to manage, integrate with your existing management platforms, and won’t break the bank. What’s more, they should help you streamline your operations to help reduce costs.
Below are some key considerations to keep in mind when selecting solutions for your security stack.
Although the need for endpoint protection is nothing new, not all solutions are created equal. Some are significantly easier to manage or more effective against threats than others. Unfortunately, it can be difficult to differentiate true efficacy from marketing hype, particularly when most security vendors are throwing around the same buzzwords.
When evaluating endpoint protection solutions, you need to look for technologies that decrease costs, reduce time to detect and remediate threats, and increase efficiency by automating time consuming tasks. That means looking into solutions that leverage machine learning and artificial intelligence. Machine learning and AI not only alleviate skills shortages, they also drive value, and, ultimately, strengthen your (or your clients’) overall security posture.
There’s no doubt about it; endpoint protection is necessary for everyone. But what if you could stop up to 90% of web-based attacks before they even hit your endpoints? That extra layer of protection and peace of mind would certainly be worth the price of admission. That’s where DNS-layer protection comes in. DNS filtering solutions can stop known phishing and malicious internet traffic requests. By classifying and filtering URLs across the internet, DNS security tools can not only block known malicious sites, they can also put MSPs and businesses in control of the types of sites their employees can view, improving productivity. All that adds up to more peace of mind for MSPs and businesses alike.
As we examine the data around social engineering attacks, it’s obvious “human patch management” and cybersecurity awareness is vital for organizations of all sizes. According to the 2018 Verizon Data Breach Investigations Report, phishing is responsible for 93% of successful breaches. And with the rise of compliance regulations such as GDPR, not to mention the significant fines for noncompliance, today’s businesses simply can’t afford to have an under-trained and under-aware workforce.
Of course, not all cybersecurity education is created equal. When selecting a training vendor, it’s important to choose one that can correlate individual user data with web traffic and threat trends to provide the most effective, relevant, and timely training. Additionally, security and compliance training should never be regarded as a one-time thing. Threats change daily—sometimes hourly—so training must continue throughout an employee’s tenure with a given organization, or else it won’ be effective.
Password and Documentation Management
In a recent interview, a US-based MSP admin reported that password resets make up 40% of his help desk support calls. That’s a huge service cost, and he’s not alone. Password management has been an IT security issue for some time; even more so when it comes to changing default settings in operating systems and their features, such as Remote Desktop Protocol (RDP). Brute force attacks are increasingly prevalent, indicating that it’s more important than ever to address more vulnerabilities than the common firewall ports.
You need a password management solution that automates password security for MSPs and business IT administrators alike. It should offer a high level of automation in which passwords change themselves, related configurations update automatically, and admins are responsible for remembering fewer and fewer passwords to perform their roles. Not only should it tackle and solve password management and reset issues, it should also provide multi-factor authentication (very important for things like RDP), and single sign-on. Finally, your password management system should offer full documentation, auditing, and reporting.
It is important for MSPs to build out a comprehensive, layered cybersecurity strategy. When was the last time your MSP assessed this? There is no better time then now.
A Carbonite Company. Read the announcement here.