Editors Note: 3/13/2023: This article has turned into a 2-part series. In Part 1 below we explore the minimum essential cybersecurity tools every MSP needs. In Part 2 we dive into Cybersecurity tools that focus on 1) attack detection, 2) incident response, and 3) limiting the impact of a breach.
Top 10 tools every MSP needs in their toolbox (Part 1)
This article dives into the top 10 tools every MSP needs in their toolbox. Without these tools you may be leaving your company or your clients exposed to compromise. Address these items in your technology stack to create a robust, defense-in-depth cybersecurity program. It’s important to note that even with these tools, not all risks may be completely eliminated. Nonetheless, integrating each of these tools into your cybersecurity program is crucial.
Administrative Tools:
- Awareness Training: hacker threats continue to evolve both in sophistication and the damage they inflict. Ransomware no longer just encrypts your files because hackers know they can be restored with versioned backups. Instead, ransomware exfiltrates your data and releases it online creating major cybersecurity nightmares for everyone involved.
- Governance Policies and Processes: every company needs to govern employees with policies and processes that guide their behavior when technology cannot. You need a password policy and an information handling policy. You also need a vulnerability alert process and a cybersecurity incident handling process. These policies and processes guide you with repeatable step-by-step handling of potential incidents.
- Interactive Phish Testing and Attack-based Phish Testing Exercises: traditional attack-based phish testing is difficult to execute and leads to poor outcomes and experiences for your end users. They are not designed to help your employees learn. However, new interactive phish testing exercises can provide you more positive, educational outcomes. They also give you robust metrics to report to your board of advisors and CFO/CEO. They track to 100% compliance proving everyone in your company completed the exercise. Lastly, they do this without you having to spend hours configuring allow listing, X-Headers, or PowerShell scripts. it is important to test users with real-world attack-based phish testing scenarios. This sanity check ensures your employees apply the knowledge they gained in phish training videos or from interactive exercises.
Technical Tools:
- Antivirus and Endpoint Detection and Response: next generation endpoint protection tools are a cybersecurity staple. Real-time monitoring helps you quickly identify when hackers threaten to circumvent your technical controls. SOC monitoring and rapid incident response might help mitigate a breach before it has a chance to take hold.
- Versioned Backups: backing up critical data requires that you know where it is and why it matters. This ties into your governance policies (Information Handling Policy). These dictate protections for your most sensitive and critical data including backing it up. Make sure your cloud providers are doing versioned backups to protect against ransomware encryption events.
- Multi-Factor Authentication (See Microsoft infographic Statistic below): multi-factor authentication (MFA) also known as two-factor authentication is a staple of robust cybersecurity programs. Even employees required to use a password manager will reuse passwords. The only line of defense that works is MFA. Use it on every SaaS and Internet accessible account you have.
- Password Manager: cybersecurity professionals tell us that 90% or more of breaches are tied back to human error. Fully 63% of those can be tied to poor password hygiene with your employees. The only way to address this risk is through Password Manager adoption. However, please be sure you pick a solution subjected to multiple external 3rd party audits and penetration tests as outlined in this article.
- DNS Protection from Zero Days, Content Filtering, and Malicious Websites: users will click on any interesting link that lands in front of them. DNS or Domain Name Services are how users reach a website of interest. DNS protections from vendors like Cisco (Umbrella) and Webroot (built into their AV product) can help. They prevent users from visiting compromised or malicious websites when a DNS request comes in for such off-limits sites. This defense-in-depth protection also provides content filtering preventing users from accidentally inappropriate websites.
- Automated Patch Management: automated tools known as Remote Monitoring and Management (RMM) are critical for automated patch deployment. Having this tool in toolbox is critical to effective patch management. These tools give you a rapid response to critical vulnerabilities that could compromise your network. The ability to act quickly and automatically, across impacted systems, by patching is like having your seatbelt on in a car before an accident. It needs to be there before you know you need it.
The Most Powerful Tool in the Toolbox:
- vCISO: a virtual Chief Information Security Officer’s sole job is to oversee your defense-in-depth cybersecurity program development. vCISOs help you focus your limited time and budget on the most urgent gaps in your security program. Hiring a full-time CISO is beyond the budget of most mid-market firms and MSPs. This is compounded by a national shortage of qualified cybersecurity professionals. Consequently, a part-time fractional or virtual CISO is the answer for you. A vCISO helps you build your cybersecurity program. You receive guidance from a seasoned professional experiencing in designing robust cybersecurity programs at companies like yours.
Conclusions:
This is by no means an exhaustive list of technical and cybersecurity tools available to companies today. There are certainly dozens more tools out there. Vulnerability scanners is one tool that would make many lists. Think of this article as a conversation starter. Have it with your IT provider and determine their thoughts and their technology stack for accomplishing these items. You’ll be glad you did.