I use an MSP. Am I secure?

Many businesses outsource their IT to Managed Services Providers (MSPs). MSPs play a critical role in business by providing services such as help desk, server management, hardware and software procurement, and others. Essentially, many businesses rely on their MSP for their technology needs. With regard to cybersecurity as a whole, there may be gaps in what the business assumes an MSP provides versus what actually takes place. Bound Planet helps to close these gaps. We are here to work with your business and your MSP to increase the overall maturity of your cybersecurity program.

Here are some of items for businesses to consider, however this is not a complete list:

  1. MSPs are targets. MSPs have become juicy targets for bad actors. If you consider the amount and type of information an MSP possesses on any given customer, it is easy to see why. MSPs have user lists, administrative credentials, IP addresses, remote access, and more. The strength and maturity of an MSP’s cybersecurity program is critical in protecting this data. Not too long ago, the Cybersecurity and Infrastructure Security Agency (CISA) issued an awareness briefing relating to observed malicious activity indicating that Chinese cyber attackers are targeting MSPs. Find out how your MSP protects your data. Think of your MSP’s cybersecurity practices as a supplement to your own. Does your MSP continuously assess it’s own environment? Conduct penetration tests? Employ a SIEM tool? Ingrain cybersecurity in its culture?
  2. Vulnerability Management. MSPs often install a Remote Monitoring and Management (RMM) tool to manage Microsoft Windows systems. These agents allow for remote access, monitor system stats like CPU, memory, and disk utilization, install operating system patches, gather operating system logs, and others. A disconnect that we have observed over the years relates to overall vulnerability management within an organization. Networks are made up of many types of devices: servers, computers, printers, switches, routers, firewalls, cameras, and many more. All of these devices need to be considered when assessing an organization, since they require continuous patching, fixes, and configuration updates. An MSP’s management tool typically only covers operating system patches on Windows computers. In some cases, application patching may be provided as well. What this means is that when we conduct a vulnerability assessment, we will find that devices and applications outside of the MSP’s RMM coverage often have critical vulnerabilities that require patching. This is no fault to the MSP since they often don’t necessarily state that they will perform these types of services, but the business may be under the impression that this type of scanning and remediation is taking place. We recommend that organizations build a continuous vulnerability scanning and remediation program, which is something Bound Planet can assist with.
  3. Monitoring. Another aspect to cybersecurity where we have seen differences in a business’s understanding vs. services provided by the MSP relates to audit logging and threat monitoring. Referring to the RMM tool above, it typically gathers Windows operating system logs. Some useful information may be obtained such as failed login attempts, and it can also indicate when a host has gone offline. If your MSP deploys and manages your anti-malware solution, they typically have a process around monitoring computers for malicious activity related to that tool. Devices and applications generate copious amounts of log data, and from those logs, cybersecurity tools can use this information to identify indicators of compromise. The average business lacks something that aggregates these log sources, parses them for malicious activity, and notifies the appropriate resources for action. Often, we have seen that businesses are under the impression that their MSP has this covered. Again, this is no fault to the MSP! These practices are part of a robust cybersecurity program, and businesses should consider adopting them as a standard.

This list is by no means comprehensive, however hopefully it sparks some discussion. We are here to help with this process, and a simple way to get started in identifying gaps would be to work with us to conduct a Cybersecurity Assessment.