MSSP Expert: Visibility Is The Key To Security Success

The most effective thing MSSPs can do to identify indicators of compromise and secure the environments of their customers is provide basic visibility, according to one expert.

Cybersecurity industry veteran Michael Knight said customers should know who's connecting to their network, what applications these people are using, and what types of information is flowing out to the internet. Visibility makes it possible for businesses to identify shadow IT and more effectively block malware and spyware from infecting machines in their network, according to Knight.

"By providing full visibility, you're putting customers in a much better position than they most likely are in today," Knight said Saturday during XChange University: IT Security, hosted by CRN parent The Channel Company. Knight served as president and CTO of Encore Technology Group, a solution provider in Greenville, S.C. until last week and is set to start a new job at a major IT vendor soon.

[Related: MSSP Superstar Michael Knight: Slow And Steady Wins The Managed Security Services Race]

Better visibility makes it possible for businesses to have conversations with the specific employee or employees who keep falling for phishing attacks or clicking on suspicious links, Knight said.

Visibility also requires promptly tracking any and all alerts that come in regardless of the time of day or day of the week, according to Stephone Darby, CEO of Florence, Ala.-based solution provider Advanced Information Technologies. Since SMB customers often lack their own IT department, Darby said the onus for monitoring and tracking alerts often ends up falling on the solution provider.

"We get more data than we can process in a day," Darby said.

Darby said he'd like to put new policies in place to ensure that his company doesn't miss any more alerts.

Sometimes the indicators that customers have been compromised by crytomining or a cryptjacking attack go unnoticed, particularly in this age of virtualization, where bandwith and processing power is readily available, Knight said.

"Most of us would not notice if our computers were 20 to 30 percent slower," Knight said. "Our indicators of compromise are becoming less and less apparent."

This becomes even more problematic amid the rise in weaponized platforms that don't require the threat actor to make any upfront investment but still pay handsomely for a successful exploit.

"You don't even have to be a large nation-state, mafia-based organization, or whatever [to use these platforms]," Knight said. "You can legitimately make a ton of money by using somebody else's platform."

Plus Knight said the threat surface has expanded exponentially as more and more IoT devices come online

As a result, cybercrime continues to be a very lucrative business, Knight said. For example, the exposure of new student identifies is worth $300 a piece. And global cybersecurity spending will reach nearly $232 billion in 2022 as more and more devices connect to the internet and more and more sensitive information ends up in the hands of adversaries.

"We're having to overcorrect now," Knight said. "You had this major delay occur where we weren't spending enough on security. We were connecting everything, and now we're having to over-rotate to re-secure all of the platforms."