Started in 1991 and held in San Francisco, the RSA conference is one of the premier cybersecurity events worldwide. The event hosts tens of thousands of people per year (42,000 in 2018, for example) and acts as a central location for people to come together and dissect the latest security trends. 2019 was the first year SolarWinds exhibited. Our cybersecurity team attended to show off the full breadth of our portfolio, and I was lucky enough to go. Here are some of my takeaways.
One topic that kept resurfacing was the human element of security. Attendees—and many of the key talks—focused on people as a weak link.
Phishing and social engineering were central to many of the talks. It makes sense—some studies have shown that a successful phishing attack could cost a mid-sized company an average of $1.6 million. Technologies like SolarWinds® Mail Assure can help fight against malicious phishing and spear-phishing campaigns, but security providers and MSPs will still need to offer training to their customers as part of their defenses.
Many of the security professionals I spoke with brought up insider attacks; unfortunately, insider attacks make up a sizeable chunk of security breaches. To help protect your clients, put in additional checks and balances to prevent malicious or accidental breaches. Make sure to regularly audit permissions for your clients to help ensure no one has excessive permissions that could lead to a data breach. Additionally, consider deploying tools to help monitor for suspicious behavior—such as users making changes to Active Directory or deleting files or data in bulk at a given time.
On the tech side, there was a lot of buzz around advanced tools, like endpoint-detection-and-response (EDR) and security-information-and-event-management (SIEM). SIEM tools help provide monitoring for networks and endpoints, while EDR tools center on protection and response for endpoints specifically.
Our cloud-based SIEM tool, SolarWinds Threat Monitor, is designed to help you collect and analyze logs across your customer base to detect, respond to, and report on threats. SolarWinds MSP also offers additional elements for a layered security strategy. In fact, people who stopped by to talk often said they were surprised by the breadth of our security portfolio. SolarWinds RMM and N-central® both include features to help you protect customers and prevent attacks, such as antivirus, integrated backup and recovery, web protection and filtering, and email protection to help against spam and phishing—all from a single system.
Security conferences would be incomplete without talking about the latest (or most important) attack patterns. As I mentioned in the human element section, both phishing and insider attacks were mentioned quite a bit.
However, I also saw a major emphasis on ransomware. These attacks continue to plague the industry. Businesses need to focus on protection, detection, and response. A strong backup tool, like SolarWinds Backup, can help you restore order quickly. If one of your clients does get hit with a ransomware attack, it helps to have a SIEM tool like Threat Monitor in place to make sure the ransomware isn’t part of a larger attack aimed at destruction. (For instance, a recent SentinelOne survey found that 38% of attacks were aimed at business disruption. If criminals can land ransomware on your customers’ systems, they could easily leave a trojan or spyware on the machine that remains after you remove the first threat).
Open vulnerabilities in systems were also frequently discussed in presentations. Closing these vulnerabilities should be the basic “blocking and tackling” of any security program. Your RMM tool—like SolarWinds RMM or N-central—can help you automate much of the patch management process and help keep both operating systems and third-party applications up-to-date.
The future of security often starts at the large enterprise level. New ideas and technologies ripple out to the rest of the industry. The RSA conference presents many of the cutting-edge developments in security, and attending can help you keep your MSP business ahead of the security curve. With more customers expecting their MSPs to handle security, the ideas you pick up at RSA could translate into a real competitive advantage.
Marco Muto, Director, Business Development at SolarWinds