WHO really knows the minds of hackers? The motives behind the so-called “black hat” attacks which hit the headlines every day tend to be caused by two driving factors.

The rarer of the duo is political, or socio-anarchic. These attacks range from state bodies (allegedly) attempting to influence elections, down to driven individuals who wish to expose data to a broader public.

The overriding motives of hackers, in just about all attacks, is as old as currency itself – money. Online crime is less risky in terms of detection & the criminal’s personal safety, and a deal more profitable than robbing a bank.

Techniques of online crime are continually evolving, shifting and changing their nature & attack vectors. The hacker wages a constant battle with the security experts, aka the white-hats, and the battlegrounds comprise the flow of zeros and ones up and down copper & optical cables. This is the digital world in which we live.

Because of this malleable scene which the warring factions are creating, it is difficult to categorize methods and targets of cyber attacks. While there have been well-known DNS spoofing operations (which change the lookup details of destinations like Gmail, causing massive traffic diversions) and man-in-the-middle attacks which inspect traffic, (or present DRM warnings), the leading threats businesses will encounter are directed at their networks.

At a network’s outer rim, there are several layers of protection available. Devices such as firewalls, secure routers, packet inspection devices & routines, and intrusion detection systems (IDS) are the gatekeepers to the inner workings of an organization. Behind these barriers, users should feel secure that they can conduct their work without fear of compromised data or cyber breach.

Gateway devices tend to rely on a mixture of cyber breach mitigation methods. Among these are whitelists and blacklists of specific internet presences, malware and virus signature detectors, traffic filters & shapers, denial of service protections and the ability to be updated by pro-active researchers working for either the enterprise or their partners. The security partner is often a managed service provider (MSP), whose specialties include the 24/7 monitoring, updating and exacting configuration of security measures.

MSPs form a vital layer of service-based protection for their clients: few organizations of even middling size can afford to employ, equip and train specialist staff to keep the organization secure.

The MSP can provide the very highest protection through economies of scale. By disseminating their collective knowledge, on-going research, and battle scars with multiple clients, not only are client organizations getting the very best skills, but also the most up to date defense methods and, importantly, round-the-clock cover.

Skilled in cyber defense methods, MSPs also extend their coverage to endpoints: these used to be termed “clients,” in the topological sense of server-client models. But while endpoints/clients used to be fixed, desktop machines, in today’s business environment an endpoint can just as easily be a remote worker’s laptop or a C-level executive’s mobile currently halfway across the globe.

Endpoint security management is a vital component of cybersecurity, because many hacking attacks are explicitly directed at the endpoint. Typical examples of such attacks include:

• Data deletion: ransomware extracts bounty payment in exchange for data not to be encrypted rendering it unusable.
• Human misdirection: phishing attacks purport to be (for instance) from ASOS, Etsy, banks, and money transfer companies.
• Resource enslavement: creating a bot (slave device) of an endpoint used in larger, more profitable crimes, such as distributed denial of service (DDoS) attacks.
• Resource utilization: using the infected endpoint to mine for cryptocurrencies, act as data node, or host all manner of unpleasantness for use by others.
• Data exfiltration: by far the most common reason for infection, data is extracted and leaves the network vulnerable to the attackers. This category includes identity theft, commercial espionage, password theft, keystroke captures, banking detail theft, and so forth.

Unfortunately, the weakest link in any security fence is often the human element. Even the most cynical of online security experts will have opened a suspect email attachment or at least started to click a link purporting to be from PayPal or TNG Wallet.

A first-rate managed security organization providing its services to today’s MSPs will, therefore, combine all of the following abilities and provisions:

• Pro-active activity (the break-fix paradigm of IT support is insufficient), including monitoring, updating, patching and data monitoring.
• Academic research, involving skilled, certified staff who are learning the latest hacking techniques, and ways around them.
• Endpoint protection, for all the varieties of endpoints which currently exist: desktop operating systems (Windows, Mac, Linux), server OSes (Windows, UNIX, Linux), mobile endpoints (iOS, Android, Windows, Blackberry), and even system-on-chip systems (Raspberry Pi-type devices, internet of things devices {IoT})

Managed service providers operating services in the cybersecurity space have to evolve quickly to be effective against the enemies ranged against networks and beyond. But also, MSPs need to change; that critical one step ahead also can give them a unique selling point to attract new clients.

Therefore MSPs need to use the very best cybersecurity provisions out there. Because if an MSP allows a security breach, then the blame will not fall on the MSP’s data security provider, but rather the MSP itself.

To stay one step in front of the competition, and one step ahead of the black hats, MSPs looking for a total, cross-network security provider who can cover the full endpoint to gateway gamut, might like to consider either of the following suppliers, as chosen by us here at Tech Wire Asia.

KASEYA

Kaseya’s security solutions are very much driven by their approach to ensure that MSPs get the tools they need to secure clients’ networks.

The company’s offerings are somewhat broader than pure security, offering network management-as-a-service, for instance, which MSPs can use to power their overall offerings.

For many years, Kaseya has partnered with endpoint specialist Webroot, with whom the company is currently roadshowing the very latest in security technologies: look out for their appearances at ASEAN based events from April 19 – 26 and AU/NZ based events from May 22 – June 6.

The length of the two companies’ association means that Webroot SecureAnywhere® Business Endpoint Protection (WSAB) is a seamlessly-integrated module in Kaseya’s remote monitoring and management service, VSA. As well as a host of integrated, cutting-edge security features, VSA also offers backup, inventory audits, patch management and network performance tuning.

Kaseya’s security-as-a-service solutions represent the market standard in the new wave of service-based solutions, combining useful pay-as-you-use pricing with enterprise-grade protection, 24/7.

Real-time security updates across managed systems: this is the generation on from “traditional”, fire-and-forget antivirus. The Kaseya-Webroot combination offers network protection & traffic management, remote control, restore points available as needed and endpoint protection even for die-hard Blackberry users. This is security and management which evolves with the same fluidity as emerging threats.

To find out more about Kaseya’s offering, read the full profile here.

WATCHGUARD

Available as a physical install of discrete hardware devices or cloud-based so they can be accessed as-a-service, WatchGuard’s Unified Threat Management (UTM) devices range from single pieces of tabletop technology suitable for small businesses, up to modular, stacking, rack-mounted powerhouses which offer enterprise-wide protection.

WatchGuard FireBoxes offer intrusion protection and detection, LAN-edge antivirus, application control behind NAT translation and even antispam filters on email traffic.

Every FireBox comes with Dimension, a software layer offering the enterprise a range of visualization tools of real-time network traffic & flow levels right across an organization, plus a host of click-in configuration options.

Then, either as a paid-for addition or as part of the higher offering tiers, Dimension Command allows on-the-fly configuration changes, rollback to previous configurations, direct access to Watchguard appliances via a web interface, and a simple interface making the murky complexity of VPN tunneling more easily implemented and available to clients not running VPN software.

This presentation of complex underpinning technology continues in the Watchguard Access Portal, which aggregates connections to cloud apps and internal resources over RDP or SSH. Standard authentication methods can be used to validate users, including full Active Directory integration and RADIUS.

The network security market used to be more strictly divided between next-generation firewall devices (configurable on a rule- or policy-basis) and UTM (unified threat management) systems, which were sold on their ease of use. FireBox’s UTM solutions & hardware blur this distinction, with enterprise-class protection available, plus if required, user tools which ease deployment and monitoring. Ease does not necessarily, therefore equal poor integrity in a security sense; in Watchguard’s case, quite the opposite is true.