MSPs face many challenges when protecting their customers' work environments, and the COVID-19 pandemic and increased cybersecurity threats have made their jobs even more difficult.
An MSP might support hundreds, or even thousands, of client systems and must be able to ensure their continued safety. But the pandemic has made this more difficult because so many people are now working from home. MSPs require strong cybersecurity strategies that ensure both the infrastructure and data can withstand cyberattacks and other threats, even as those threats increase in prevalence and sophistication.
Many MSPs are stretched thin and need tools that can help them manage security and compliance as efficiently as possible. Some security vendors offer integrated product suites that address multiple types of protection. Additionally, MSP software vendors such as ConnectWise and Kaseya Corp. have integrated various security capabilities into their platforms. For example, ConnectWise Fortify includes tools to prevent email attacks, deliver endpoint protection, maintain network security, assess client-facing vulnerabilities and address other MSP cybersecurity concerns.
In contrast, many vendors offer products to help improve cybersecurity for MSPs that target specific types of protections, such as email security or DNS filtering, leaving MSPs with a bewildering number of options. Here we examine six categories of security tools and provide examples of products in each group. These are by no means the only products available, but they can offer MSPs a good starting point for evaluating their security needs.
Email security tools protect against spam, malware, ransomware, identity spoofing and other risks. Some products also include features such as encryption, archiving or advanced threat protection. These features are especially important with so many people working at home. Remote workers can be more susceptible to potential threats because home environments are typically not as secure as office settings. In addition, people at home might not be as careful about security. Yet, even under these circumstances, MSPs should be able to protect users from email-borne threats without impacting their ability to conduct business.
Here are several examples of email security products:
- Barracuda Essentials for Email Security is a cloud-based email security and compliance offering that provides MSPs with advanced targeted attack protection. It helps safeguard their customers against spam, phishing emails, email-borne viruses, email-based malware, denial-of-service attacks and other risks. MSPs get real-time threat detection, PST file management, archiving services for compliance and eDiscovery, and integrated end-user training.
- Kaseya recently acquired Graphus and integrated the Graphus phishing defense product into its IT Complete management platform. Graphus for MSPs provides automated protections against phishing, compromised emails, account takeovers, identity spoofing and credential theft. It uses machine learning technology to protect against new and emerging threats and AI to analyze employee communications and create profiles of trusted relationships.
- SolarWinds Mail Assure offers MSPs cloud-based email security tools and products to protect their customers' inbound and outbound email. Mail Assure includes an intelligent protection and filtering engine that safeguards against spam, viruses, malware, ransomware, social engineering attacks and other email-borne threats. It also provides real-time pattern threat recognition and web-based networking tools for diagnosing issues.
Endpoint protection provides the services necessary to safeguard end-user environments from a range of threats. A product might include antivirus and antimalware features, configuration management capabilities, software patching or other services that protect user systems. An endpoint protection platform might also integrate with remote monitoring and management (RMM) tools or professional services automation (PSA) tools, helping to streamline MSP management operations.
Here are examples of products:
- Kaspersky Lab provides a suite of tools to help improve cybersecurity for MSPs that secure, monitor and manage customer infrastructure. MSPs can offer their customers core endpoint protection or advanced managed detection and response, including threat hunting. The suite supports both multi-tenancy and role-based access control, and it provides RMM and PSA integration. Kaspersky also offers a multi-tenant product console that manages multiple clients from a single window.
- Sophos offers a complete cybersecurity system that MSPs can use to provide their customers with cloud-native protection from a single console. The platform is backed by AI technologies and includes anti-exploit, anti-ransomware and root cause analysis capabilities that safeguard endpoints from advanced threats. The platform also provides firewall and web protection and can integrate with key RMM, PSA and IT documentation products.
DNS filtering tools use the Domain Name System to block malicious websites and questionable content. These tools help improve cybersecurity for MSPs by enabling their customers to control employee access to specific material, while minimizing risks from phishing, malware, ransomware and other threats. DNS filtering tools might also include features such as category-based filtering, real-time monitoring or bandwidth management. In addition, some tools incorporate AI-based intelligence to provide additional protections against potential security threats.
Examples of DNS filtering tools include the following:
- DNSFilter enables MSPs to offer their customers real-time protection from security threats and undesirable content. DNSFilter detects and prevents malware and other threats, using more than 66 data sources and global cloud intelligence for threat prevention. It also makes it possible to block access to specific domains or high-bandwidth sites such as for gaming, social media or streaming music.
- SafeDNS provides comprehensive web filtering that blocks unwanted sites to prevent users from accessing them. It can restrict accesses to specific HTTP and HTTPS addresses, and it provides category-based filtering, which enables MSPs to determine which categories of content to allow or block. SafeDNS also provides filtering statistics and reports for monitoring online activities.
- TitanHQ WebTitan offers a DNS web filtering product that's purpose-built to integrate into an MSP's existing security stack. WebTitan uses advanced content filtering and antivirus capabilities to provide real-time protection. MSPs can host WebTitan in their own environments or use TitanHQ hosting on AWS. TitanHQ maintains an active database of 650 million users to support AI-driven protection.
Unified threat management
A unified threat management (UTM) offering is usually delivered as a hardware appliance, virtual appliance or cloud service, although it might also be available as on-premises software, which MSPs can install on their own servers. A UTM product helps to protect networks against combined threats, including spam, malware and simultaneous attacks. It might also provide software-defined WAN (SD-WAN) capabilities that enable secure connectivity across multiple locations. In addition, a UTM tool might include firewall protections, intrusion prevention, content filtering, VPN functionality or other features.
Here are several examples of UTM products:
- MSPs can use the Cisco Meraki MX line of security and SD-WAN enterprise appliances to support hub-centric connectivity. The appliances are fully cloud-managed and natively integrated with a suite of secure network and assurance capabilities. They also include features such as content filtering, intrusion detection, application-based firewalling and Cisco Advanced Malware Protection (AMP).
- Fortinet Secure SD-WAN offers a unified SD-WAN tool that enables MSPs to safely connect locations using the public internet rather than expensive multiprotocol label switching. It incorporates the Fortinet Security Fabric platform, which provides integration and automation across the security infrastructure. The platform uses AI and machine learning to provide protection and visibility into network segments, devices and appliances.
- Sophos UTM is a threat management tool that provides firewall protection, endpoint email encryption, data loss prevention and other features. The platform also offers reusable network object definitions and a real-time dashboard that includes details about usage trends and web activity. Sophos UTM is available as either software or an appliance and provides integration with Sophos Sandstorm, a deep learning neural network that detects known and unknown malware.
Security information and event management
A security information and event management (SIEM) platform combines security information management and security event management into a single platform that offers real-time visibility across an organization's security landscape. SIEM can help MSPs detect threats throughout their managed networks and then correlate and analyze those threats to locate and mitigate potential problems. A tool might also include features such as advanced log search, event log archiving, network forensics or regulatory compliance auditing.
SIEM tool examples include:
- LogRhythm delivers an enterprise-class security intelligence platform that combines SIEM with log management, file integrity monitoring, machine analytics, and host and network forensics. The platform includes a set of high-performance tools for security, compliance and operations, while offering actionable insights into the IT environment. LogRhythm is available as hardware, software or a virtual appliance.
- SolarWinds Threat Monitor is a cloud-based SIEM tool that enables MSPs to detect and respond to threats in their managed networks. The platform includes threat intelligence, advanced log search, monitoring and reporting, network and host intrusion detection, and numerous other features. Threat Monitor also provides a centralized dashboard for managing multiple customers in different locations.
- Vijilan Security offers SIEM as a service. The tool monitors and analyzes security events, as well as collects and analyzes log data. It retrieves data from firewalls, devices and other infrastructure within the network and then analyzes the data for abnormalities. The data is forwarded to expert staff who are responsible for the remediation process.
Security awareness training
MSPs can offer security awareness training to customers to help end users better understand and respond to the security and compliance risks they face when carrying out their day-to-day operations. Security awareness training educates users on how to reduce risks and spot potential threats, often using simulations based on real-world scenarios. Many training tools can also track user progress in order to understand their levels of cyber-awareness and the training's effectiveness.
Security training courses include these examples:
- Barracuda PhishLine can teach MSP customers how to identify and respond to potential security risks. The program uses Barracuda's threat intelligence to create training content and real-world simulations. Users learn how to spot threats such as impersonation and business email compromise and how to meet compliance requirements. PhishLine also offers insights into user behavior.
- KnowBe4 Inc. combines security awareness training with fully automated phishing simulations. The program includes the Managed Phishing feature, which enables MSPs to target specific users across multiple accounts, making it possible to create, schedule and edit phishing campaigns from a single interface. The service also provides several free tools, such as a phishing security test and domain spoof test.
- Webroot training offers ongoing education that provides users with relevant security information, as well as tests their cyber-awareness. Webroot designs courses to address employee behavior and user error, with the goal of improving a customer's security posture and meeting compliance regulations. The courses help users identify phishing scams, malware behavior, social engineering attacks and other potential threats.