Enhancing network security through visibility

Posted:
12/13/2019
| By:
Guest Author

This content was provided by Auvik Network Inc. as part of the Inside the Industry Interactive Webinar Series by ConnectWise.

As a technology services provider (TSP), your customers have put their trust in you–the expert– when it comes to managing and securing their network. And considering the increasing rise of B2B software-as-a-service (SaaS) applications as the critical driver in business, the network is integral in the day-to-day life of your customers’ businesses.

It’s critical to reduce the two primary risks associated with the network: downtime risk associated with a lack of functionality, and security risk mitigation that comes with hosting an “always on” network.

Your MSP is likely already offering services that improve customer experience, like:

  • Spam filtering
  • Antivirus
  • Security training
  • Multi-factor authentication
  • Firewall

While these are important security measures, they don’t equate to a wholistic strategy. They’re pieces of a large, complex puzzle. Hackers will look for vulnerabilities–the cracks between these puzzle pieces–and if they’re able to find an entry point through the hard outer shell of the network (the firewall) they’ll gain access to your network resulting in potentially devastating consequences.

Learn to spot the anomalies and limit their impact

What you don’t know about the networks you manage is what can hurt you the most. If you look at reports of successful security breaches, you’ll discover that there are often social engineering angles that will make web traffic flowing out of the network look normal. If you don’t have a baseline established, then there won’t be any red flags raised when web traffic patterns differ due to malicious activities.

To create your wholistic network security strategy, start by following security standards like NIST and CIS. Then, gain an understanding of what “normal” network usage behaviors look like in the networks you manage. Establishing optimal visibility into your client networks, including an inventory of both physical hardware and software assets, will help you spot suspicious activity.

Hard and soft asset inventory

Leverage your remote monitoring and management (RMM) solution to identify all the physical endpoints on your network. Keep in mind to factor in the devices that you didn’t come from your MSP originally. Those could be IoT devices, old printers sitting in the corner of your customer’s office, or even switches hidden behind the drywall.

When was the last time you updated the firmware on your customers’ printers? This is an example of the depth of continuous vulnerability analysis involved in a proper software asset inventory. Whether it’s on PCs, IoT devices, or network ports and protocols, it’s important to remember that monitoring for malicious activity when it comes to soft assets isn’t a “point in time” thing; it must be continuous.

Another facet of your network security strategy is end user education. Making sure they’re not using default passwords, turning off ports to machines that aren’t in use, and checking the firewall for inbound access. Most of the traffic to the network should be initiated from inside the network going out, as opposed to the other way around. Instilling fundamental knowledge like this will go a long way.

Secure configuration of network devices

Auvik Networks Inc. is a leader in the network monitoring and management solution arena. Approximately 39% of devices Auvik has scanned across 30,000 networks are using default SNMP strings (they’re using “private” or “public” as their community string for SNMP). 93% of the devices haven’t enabled SNMP V3, a more secure way of communicating information.

Fortunately, only about 11% of devices can be accessed through CalNet and most of their customers have successfully switched over to SSH. Ultimately, putting basic, fundamental measures like updating credentials will go a long way for securing the network and making it less attractive to malicious actors.

Backups and disaster recovery

For MSPs, the age-old saying “better safe than sorry” could be translated as: “it’s not if you’ll be breached it’s when.” A common attack today is known as a crypto locker which can be easily mitigated if you have the right backups in place: configs for network devices and data backups for your endpoints.

A critical step in a solid disaster recovery plan that is often skipped over is testing the recoverability of your backups. Setting up the backup is an excellent first step, but if you don’t test it there’s no way to tell if your system is functioning end to end.

While all these measures are basic, when you apply them to dozens or hundreds of your customers, it can become very time-consuming, and cut into an MSP’s profitability. The key to gaining efficiency in this area is leveraging automation wherever you’re able. For instance, find an integrated network monitoring and management solution that pairs seamlessly with your existing RMM tool to gain deeper insight into the networks you’re responsible for.