Today, MSPs are in the driver’s seat when it comes to tailoring an endpoint security solution to best protect themselves and their client’s from harmful malware and data loss. However, this hasn’t always been the case. Many of us can remember a time when finding MSP creature features like multi-tenancy, trial provisioning and granular client-level reporting were hard to come by. Have you ever created a work-around by buying a yearly subscription, adding licenses in blocks and breaking those licenses off in chunks as new clients were on-boarded? As you nod your head in affirmation, we can all reflect on how much times have changed.
As service providers began to shift away from reselling annual contracts with value added services, and into monthly billing, security vendors were made to accommodate by creating MSP-centric endpoint consoles. Manageability, efficiency and third-party integrations became the focus as vendors began building and writing integrations into multiple PSA and RMM platforms to capture a broader piece of the MSP market.
The MSP delivery model is no longer new architecture for most endpoint security companies and certainly not to the ones that have thrived for the past several years. For the better, the focus is moving back onto the technology stack itself, the pipeline of detection and how the technology works under the hood. Modern endpoint security will have features and functionality that offer protection from multiple attack vectors while at the same time providing additional services within the product to add-on.
Network protection stack
Most of the work we do on our computers nowadays involves network connections - loading web pages, of course, but even viewing a Word document will often involve the program reading content from a remote system. Users fetching web pages, applications checking for updates, and also malware downloading exploit code: these all use the global internet and DNS to connect to remote systems and fetch data from them. For this reason, it’s critical to ensure your endpoint solution has DNS filtering as part of the network stack. DNS attacks are on the rise and nearly four out of five organizations (79%) experienced DNS attacks, with the average cost of each attack hovering around $924,000. Some vendors charge additionally for DNS filtering in their products and some include it as part of the base package. Either way, there’s an opportunity for MSPs to sell the service through to customers as a critical component to keeping them protected. Rounding out the network layer protection are features like Intrusion Detection System (IDS), malicious URL blocking, web exploit prevention and browser extension protection. Web access control is a billable feature similarly to the DNS filtering option. Some vendors charge extra and some do not, but an MSP can breakout and charge for the service or include it and strengthen the asking price per seat.
Application protection layers
There are some things applications should never do. Imagine a rogue Word macro, for example, or a malicious bit of JavaScript in a browser. Host Intrusion Prevention System (HIPS) is a simple rule-based system for blocking known common exploit code paths if somehow an attacker manages to get something running in your system. Advanced active protection (AAP) works by watching what processes actually do—their behavior—and therefore no amount of code encryption and obfuscation will make any difference. Once AAP sees a process attempting to do something malicious, it will immediately step in and stop it. Although there are no real services that can be broken out to compliment the application layer, it’s a major attack vector for malicious scripts, web code and social engineering.
File protection layers
The features to look for in the file layer are active protection that checks any file that is actively being touched—if a file is copied, moved, or executed, if a USB stick is inserted, any time a user or system tries to touch a file a quick scan occurs to make sure there isn't any risk. There are a couple of potential add-on services here like Full Disk Encryption (FDE) and device control and encryption. FDE is a simple agent that installs on laptops in case of theft or loss and can be centrally managed. Given today’s remote and mobile workforce, this use case almost sells itself.
Efficacy is king
Endpoint security is a crucial component and foundational to a layered security approach. Make sure the endpoint solution you choose actually works. Online review sites can be helpful but also tend to cause more confusion and noise. A better way to research endpoint efficacy is utilizing independent performance testing. Organizations like AV Comparatives and AV Test put security vendors through rigorous testing for efficacy, resource impact, usability, false positives and more.
Guest blog courtesy of VIPRE Security. Read more guest blogs from VIPRE Security here.
