The need to consider your IT security from a remote worker perspective is greater than ever in 2020. Bad actors are using the pandemic to their advantage, even increasing the frequency of their attacks during this period. They continue to be successful against businesses because many still have the mindset that “I will not be the next victim” or “passwords are too difficult” or “security is an IT problem and our MSP will take care of it”.
This viewpoint, along with other factors, increases the risk of a data breach. In our first article we looked at the potential cost of a data breach across legal and other business sectors. Next, we looked at mitigating the risk which highlighted the need to engage with your trusted advisor to discuss a defence-in-depth security strategy. Then, in part 1 of Defence-in-Depth and Mitigating Mechanisms we focused on email, the number one entry point for bad actors. Drilling down further into the layers, we will consider some actionable choices without using too much tech speak by highlighting products or strategies that can help a business owner protect each layer. For practical reasons we may mention specific companies or products in these articles but we receive no payment for doing so.
The Layers
For a truly exhaustive list, you can view this interesting article by Michael Horowitz
We believe the checklist above contains items that go beyond security, but it may spark some ideas and be of value in a more comprehensive security discussion with your MSP. Below are the areas we want to focus on.
Both physical and virtual layers, require security and are illustrated in the graphic below.
They include:
THE OFFICE:
Local Endpoints – these are found in your traditional office network and include desktop or laptop computers, File Servers, Printers, and Networking devices.
Local Perimeter – this separates your local endpoints from the Internet at the edge of the local network and includes equipment such as Internet Service Provider (ISP) equipment and security devices such as a firewall.
WORK FROM HOME:
Remote Worker Endpoints – these are the computers and other devices that your road-warriors and work-from-home staff use.
Remote Worker Perimeter – this separates your remote worker devices from the Internet and may include software or hardware such as a home router that provides a basic level of security.
THE CLOUD:
Cloud Endpoints – these are the servers or systems where data and applications run such as email (Gmail, Microsoft 365, other), file storage, and remote desktops.
Cloud Perimeter – this separates your cloud endpoints from the Internet and includes security software and hardware such as firewalls and sometimes complex artificial intelligence (AI) driven security.
Figure 1 – The layers needing defence-in-depth
Mitigating Mechanisms
There is substantial crossover from the office to home and to the cloud when it comes to security. This makes sense since you only have one email system, one official copy of any matter or document, one database for each business application and, in many cases, just one device to work from no matter where you are. The list of mechanisms below may vary in nature depending on their use at the office, home or in the cloud but these mechanisms will apply everywhere. They consist of procedures, software and hardware and are:
- Antivirus Endpoint Detection and Response (EDR)
- Monitoring, Alerting and Reporting
- Patching and Updating
- Firewall
- VPN
- Staff Education – the Human security system
- Disaster Recovery
- Passwords
The above list is not prioritized and each point includes important security measures that need to be considered regardless of the size of your practice. We will start by considering the first item on the list.
- Endpoint Detection and Response (EDR)
Protecting your devices is no longer a simple matter of buying anti-virus software. Endpoint Detection and Response (EDR) is now the norm and it mitigates viruses, malware, and ransomware. Good EDR software will also include an element of cloud-based AI or machine learning. AI based defences have quickly made their way into IT security. They can intelligently detect an attack rather than just compare a “signature” from a database and match it to a virus. It can see the attacker’s behaviour to figure out if they are indeed an attacker and while a signature may be used, it is no longer relied on as the sole source of deciding whether an attack is underway.
EDR sounds expensive but at the risk upsetting your MSP we are going to give you one recommendation that will get you started for FREE with elements that are paid for if desired. The free one took us back a step when we saw the 2019 EDR Gartner report but it shouldn’t have. Kelvin has been testing this for over 5 years straight on gaming (more prone to viruses) and business systems alike and has caught plenty of viruses and had zero infections to date. We recommend it.
Recommendation:
- Microsoft Defender (free)
- SolarWinds – SentinelOne
Microsoft Defender – Last year’s Gartner report on EDR put Microsoft at number one in their ability to deliver and number two in regard to the maturity of the product. So, use the free built-into-Windows Defender product and have your team monitor it and keep it updated. Take advantage of all its features including ransomware mitigation to get the full benefit. There are other Microsoft EDR components that come at a cost and form a more comprehensive defence as part of your Microsoft 365 Business Premium subscription, but Defender on Windows 10 and Server 2019 is an excellent start.
SolarWinds – SentinelOne – SentinelOne is also standalone product but we recommend the version that is customized in SolarWinds. In the same Gartner report above you will see SentinelOne in fifth place regarding maturity, not bad, but their ability to deliver left something to be desired. In the last 12 months since that report they partnered with SolarWinds to dramatically improve on their ability to deliver. They have a solid product, and we believe it is well worth a look if do not want to rely on Windows Defender alone.
Interestingly, Microsoft also partnered with SolarWinds to enhance monitoring and management of Microsoft devices. This implicitly confirms Sentinel One’s move to user SolarWinds RMM as their delivery mechanism and they would seem to have first mover advantage at this point.
If you just want anti-virus, here is a list of 5 vendors and in the top spot is one that is also built into the SolarWinds cloud RMM delivery engine – BitDefender.
In Part 3 or “Remote Working – Defence-in-Depth and Mitigating Mechanisms” we will cover the next few items from our list starting with “Monitoring, Alerting and Reporting”.
Kelvin Jones from LayerOne Cloud
Kelvin’s experience covers more than two decades in IT infrastructure and Cloud. He has earned over 30 information technology certifications during his career from Microsoft, Mimecast, IBM, ITIL, EMC, Cisco and others. He handles his customers big IT and Cloud problems one small solution at a time.
Vaughan has 25 years of IT support experience. He is skilled problem solver and helps customers find cost-effective, stable long-term solutions that meet or exceed the customers’ requirements. He creatively handles big IT problems one small solution at a time.