NCSAM: Analyzing and Improving Your Security Practice

Over the past few posts, we talked about preventing, detecting, responding to, and recovering from cyberthreats as part of National Cybersecurity Awareness Month (NCSAM). These steps focus on the day-to-day techniques of practicing cybersecurity from a tactical level.

But once you’ve got these parts down, it’s time to take a look at security from a more macro, strategic level. In this final step, we talk about using reports and analysis to consistently improve your customers’ security postures as well as enhancing your own business.

Analyze

Keeping up with security requires you to take stock of your customers’ security postures from time to time. And it’s more important than ever—61% of small- and medium-sized businesses (SMBs) believe the consequences of cyberattacks are increasing in severity.

So here are a few tips to keep in mind:

ANALYZE INCIDENTS

In our previous post, we talked a bit about the incident response  (IR) process. IR involves a mixture of both actions to take (such as triaging, routing responses, quarantining machines or files, and communication) with analysis. Forensic analysis during the IR process allows you to quickly make decisions on how best to proceed with the urgent incident at hand. However, once you’ve resolved a security incident, particularly if the incident was critical, bring the relevant stakeholders on your team together for a post-incident analysis discussion. Try to figure out what went wrong and what steps you can take to help prevent the issue from recurring in the future. Also, try to determine if this was an incident for an individual customer or if it might affect your entire customer base. A good tip here is to avoid blaming anyone involved, as it’ll only cause them to clam up and not offer suggestions. You want objective analysis, so you need to encourage an open atmosphere and prevent finger pointing. Finally, whatever your incident analysis shows, communicate this to your customers so they’re aware you’re actively working to make them stronger.

USE AN EDR SOLUTION

Your security tools often have built-in reports to help you understand the day-to-day information and help with your overall security posture. In particular, a good endpoint detection and response (EDR) tool, like SolarWinds^® EDR, will offer reports and attack timelines to help with forensic analysis. This will be extremely useful as part of understanding the nature of an attack as mentioned in the previous step. However, it’s also useful for demonstrating how your defenses worked to stop an active attack.

RUN REGULAR VULNERABILITY ASSESSMENTS

We’ve mentioned this in other posts as well, but try to use a vulnerability scanner on a semi-regular basis to uncover potential areas for improvement. A simple scan can often reveal unpatched software, misconfigurations, or default passwords lurking somewhere within your customers’ IT infrastructure. You can often fix these issues quickly, which not only helps reduce their security risk, but also demonstrates the value of your work.

TRY PENETRATION TESTING

Penetration testing involves more active work than a vulnerability scan, but it may be worth going the extra mile, particularly for higher-risk clients. While vulnerability scans can be automated, pen testing will require more in-depth security knowledge and skills to execute effectively. It may be worth partnering with an outside firm to perform pen tests on an as-needed basis.

LOOK INTERNALLY

While most of our tips have focused on your customers, don’t forget that as a business partner, your own internal security is a crucial link in the chain of your customers’ security postures. So make sure you’re consistently running your own vulnerability scans and practicing good cyberhygiene. Plus, if you don’t pen test for customers, it’s at least worth hiring penetration testing services for your own MSP since a compromise could lead to a successful attack on your entire customer base.

SHARE YOUR FINDINGS

Finally, make sure to share reports and analysis with your customers on a regular basis. This is most important and urgent after a security incident occurs, but you should also add a security review portion to a quarterly business review update with your customers. Your quarterly meetings should both demonstrate the work you’ve done over the previous quarters—including before-and-after snapshots on vulnerability or penetration tests—as well as recommendations on additional security steps they should take. This can be a perfect opportunity to use data to persuade customers to take on new security steps to further reduce their security risks. This not only helps your bottom line, but ultimately, helps them stay up-to-date with the latest security threats.

Where do you stand?

With National Cybersecurity Awareness Month ending soon, it’s worth making time to take stock of your own internal security and the security postures of your customers. But remember, just because NCSAM is almost over, cybersecurity work never ends. Cybercriminals continue to evolve their threats and often find new angles to compromise systems or steal or encrypt data. Cybercriminals don’t take holidays—neither can your cybersecurity programs. However, if you keep the principles and overall framework we covered in the past few weeks in mind, you should have a good foundational process for staying ahead of the cybercriminals.

 

Over the past few weeks, we covered four important steps in the process of securing your customers. We also put these steps together into an easy-to-digest infographic with some important stats that could be useful in your sales conversation. Get the infographic wrapping up the tips and steps for free—download it now.