Technology changes at the blink of an eye, disrupting markets with new opportunities and challenges. One of the biggest challenges is keeping up with cybercriminals and their ability to adapt.
Put a database on the internet that is unpatched or uses weak passwords, and it will be attacked minutes later. Phishing is getting more sophisticated and harder to prevent as well. Perpetrators don’t have to use malware for phishing, so long as humans are willing to click on scam emails.
Other threats such as ransomware and cryptomining keep creating headaches for cybersecurity professionals whose job often feels like putting a finger in the dam. Thankfully, as the bad guys evolve, so does the technology to combat them. Advances in data analytics, automation, and machine learning are creating new cybersecurity solutions that give the good guys a fighting chance.
Here are four security trends managed services providers (MSPs) and managed security services providers (MSSPs) need to keep an eye on:
1. Security Analytics and Automation
Data volumes have become so massive that it’s impossible for humans to review them with the naked eye. Sifting through the data to identify threats requires added capabilities. Combined with automation and data analytics, machine learning algorithms are enabling the creation of cybersecurity tools that will eventually spot anomalies and determine whether they are threats to automatically trigger appropriate responses. These systems remain in their infancy, but will increase in sophistication in the near future, giving better tools to protect data and networks. Start today by collecting data and implementing automated responses for well-known events. If a client connects to a known bad command and control server, don’t just log the event, start your remediation process.
2. Endpoint Evolution
Endpoints are numerous and increasingly varied, especially as the Internet of Things (IoT) takes off. A number of IoT devices have been found to be vulnerable and difficult to update. This includes baby monitors and cameras but also includes industrial control systems. For desktops, laptops, and mobile devices we have been able to install software on the device to help protect them. We can’t install software on IoT devices, so they need to be looked at differently.
Many IoT devices are “dark”—you can’t see into them and can’t add protection software on them. To protect them, you have to segment them off and limit their communications to only the things they absolutely need access to. Eventually, we will have the capability to monitor behavior patterns of IoT devices and predict when a device may be compromised but, in the meantime, harden them as much as possible through isolation.
3. Managing Identity
User identities, their roles, and rights are typically set up once and changed infrequently. This is no longer enough. Organizations should start implementing zero-trust identities. In this model, you get access when you need it. This process is often dismissed as too complex but in reality, it only requires some infrastructure and planning to make it work.
A number of government agencies take this approach, and so do some universities. If a user doesn’t access a resource for a certain amount of time, they lose access to it. For low-risk resources, they can regain access through a process that lets them self-attest who they are. For other higher-risk resources, they must get approval and work through an automated flow. With this approach, the overall attack aperture is reduced with only the active users presenting a risk. This approach may not work in all settings, but it’s worth exploring.
4. Privacy Regulations
Privacy is a major challenge. Think about where we would be if we didn’t give up our privacy. Instead of paying for software like Facebook, Twitter, Google, and Waze, we have given up our privacy and been given great products in return. These and many services like them understand our habits, understand where we go, who we communicate with, and what we search for. Instead of charging the consumer for the service, they sell the data they have about the consumer to buyers. It’s a model that has spawned an incredible set of applications and changed the way we live.
Mapping and location data can certainly be used for good—where would we be without Google Maps and how would emergency services get to your location without geolocation? But it can also be used for bad. The map data can show you visit a health clinic weekly, drive too fast, or participate in risky behaviors. Should this data be available and shared? This is the big debate we are currently in and why regulations are changing.
Expect to see more privacy regulations such as Europe’s General Data Privacy Regulation (GDPR), which has led to greater attention to security. Most vendors dealing with personal data have to explain to partners how they handle privacy and security. As more regulations are enacted, there will be a mix of good and bad laws. You have to be aware of these changes and prepare your clients for compliance.
As technology continues to change, security will remain a big challenge. As an MSP or MSSP, this makes your job harder but also creates opportunity. The better you keep up with security developments, the more you stand to gain, both in terms of providing greater value to your clients and in building your business.
Tim Brown is VP of security at SolarWinds MSP and parent company SolarWinds. Read more SolarWinds MSP blogs here.