Cybersecurity and defending clients' networks and endpoints are key responsibilities of many managed services providers....
As a result, MSPs are regularly assessing tools for cybersecurity with the goal of staying ahead of malware, ransomware and hackers.
We asked MSPs to discuss a cybersecurity tool they deem essential to their business practices. Here are the security products they said they cannot do without.
What is one important product among your tools for cybersecurity?
Ken May, CEO of Swift Chip, an MSP based in Culver City, Calif.: We use Passportal for secure client documentation so we can keep all of our clients' logins and passwords secured. That's absolutely critical. In terms of our overall security client environment, I would say the firewalls we roll out. We use SonicWall firewalls.
Amy Kardel, co-founder of Clever Ducks, a San Luis Obispo, Calif., MSP: I would say KnowBe4 with its whole [end-user security awareness] training message. All the shiny boxes in the world won't help if your staff lets a stranger in the side door.
John Burgess, president of MSP Mainstream Technologies, headquartered in Little Rock, Ark.: You very much have to have a basket of tools [for MSP cybersecurity] because the threats are coming in from so many places. We absolutely love our email filtering tool EdgeWave. That's a good, basic first line of defense. As you work up the stack ... we really depend on our Cisco Umbrella, which is a cloud-based internet security gateway.
How is the tool used, and what differentiates this particular product from other tools in MSP cybersecurity market?
May: The majority of our clients are in the small-to-midsized business [SMB] market, and SonicWall is very focused in that area. The capabilities it has have been really excellent at a reasonable price. The support is fantastic, and you're hard-pressed to find a better feature set focused on the SMB market at that price.
SonicWall can do sandboxing, where someone gets an email attachment or tries to download a file and [the software] can take it and unzip it or run the executable and check to see if it does anything nasty. If it suspects it is a malicious file, it blocks it, or you can give users the capability to let it through anyway. Typically, we have it block [the file] flat out, and that's really great because something like 80% of breaches at small businesses are based on email getting compromised.
Kardel: We have [KnowBe4] bundled into all new agreements, so it reaches all clients. It targets the biggest vulnerability on the network: people.
Burgess: We picked Cisco Umbrella primarily because of the brand. It's hard to go against Cisco, and we already deployed their AnyConnect VPN client. And because both are coming from Cisco, they're obviously very integrated, so there is ease of [deployment]. We like to look for synergies wherever we can.
What do you see as the greatest benefit and strength of the tool?
May: I would say the greatest strength is [SonicWall is] focused on a very specific demographic: small businesses. The biggest benefit is they're able to tailor the firewall to that. It's not going to be a good solution for the enterprise or home office.
Kardel: [KnowB4] baselines users' security smarts [and] trains and measures the improvement, thus becoming an important part of your company security policy.
Burgess: [Cisco Umbrella] also integrates into our professional services automation tool, ConnectWise [which is] a ticketing and issue-tracking tool. Umbrella integrates well into that and it detects when someone is attempting a ransomware attack. A lot of malware installs try to call back home after they download the payload to finish the attack. The key value-add of Umbrella is they have a registry of those known malware hosts ... and it generates a ticket in the software, so we can respond to it and do other incident response to mitigate the attack. It has prevented 100% of the attacks.
What similar tools for cybersecurity have you used in the past?
May: We used [a different vendor] briefly. We found that support was so lacking it wasn't a good fit. That's pretty much it.
Kardel: Ad hoc security blog posts and email advisories shared with clients.
Burgess: It is the first of that class we have used. We've used other web-filtering software. ... It's been a couple of years now with Umbrella, and we really like it. There's no reason to look at other providers.
What was the experience of integrating the product into your MSP cybersecurity practice?
May: There was a little bit of a learning curve, but once my guys got comfortable with it, there were no problems. We use it internally as well.
John Burgesspresident, Mainstream Technologies
Burgess: If we deploy Umbrella to a customer -- any machine that tries to connect with one of our connected networks -- Umbrella deploys the client to it. It's a good thing, but it causes some unintended consequences in that the Umbrella client gets deployed to any endpoint on a customer's network.
We have a BYOD policy here and for our customers, so if someone is working from home and is using a personal tablet to connect to company resources ... Umbrella gets deployed. You don't realize anything then, but when you disconnect from the network and do personal things, all of the policies from Cisco are still active. It's still super-configurable and its primary [function] is blocking malicious traffic, but the side effect is it's a content filter. So I can configure it to say, 'I don't want any sites that are gambling, dark web or human trafficking.' Those policies stay on the endpoint after it's disconnected to the network, and an individual may want to do some browsing that they can't do anymore.
[Cisco was] super-helpful in helping us navigate that and understanding what was happening and if the user doesn't want [the filters] there permanently, how we can remove it.
Are there any drawbacks to using the cybersecurity tool?
May: I wouldn't say so.
Kardel: An uptick in spam reporting tickets.
Burgess: It's hard to classify [network policies staying on a personal device] as a pure drawback, but it's something to be aware of.