Vulnerability scanning - A light in the darkness

21:23 completely wrong time zone, 32,000 feet over the most remote part of the North Atlantic – If we thought 2015 was an epic failure on the IT security front, then the first quarter of 2016 is panning out pretty badly already. More than 700 million records were breached in 2015, according to security researchers at Gemalto, and there were 1,673 hacking incidents recorded.

Those figures are surprisingly smaller than 2014 with data breach of records falling by 39% and breach incidents by 3.4%, according to the company's 2014 report.

This is an encouraging sign that things could be about to turnaround. I say this because most of us who wear the ubiquitous black T-shirt of technology companies (because black is a sliming colour) need a win.

The pessimistic view says the growth in ransomware has actually reduced the number of data breaches, but let’s approach this topic with a bit more of an optimistic view. By any measure, the breaches of the past 15 months have been relentless and catastrophic. Millions of dollars have been lost and countless jobs terminated across the board, from CEOs to operations folks. Some totally justified, others the inevitable collateral damage of a mega breach. So how do we strike back and echo the sentiments of eighties glam rock heroes Twisted Sister; “We’re not Going to Take it”?

Making a difference for security professionals in 2016

For 2016, I’m heading out on a six country, 15 event tour, which will take in to France, Canada, West Coast USA, New Zealand, Australia and, of course, the UK. From the contact I have had with the elite group of MSPs and IT Admins that are picking up what I am putting down, I think we’re making a difference. In fact, I know we are making a difference – layered security is working, we are killing bad guys.

To change the game for the folks on the frontlines, we’re going to make it easier.

I have been working alongside a team – with over a 100 years of collective IT security experience – to seal a deal that I believe will be a game changer, a shift, a seminal event in the history of MSP and IT Admin tools. We, the elite and gifted team of executives that control the navigation of LOGICnow, are going to give IT admins and MSPs the tools to take it to the bad guys.

LOGICcards was just the start of an aggressive campaign to degrade, disorganise, disrupt, discombobulate and destroy (the 5Ds) the cybercriminals. Pair this with vulnerability scanning from our new MAX Risk Intelligence solution – which highlights issues like the lack of a patch, data that is unprotected, a messed up configuration, an exposed port or a piece of stealth malware with an indication of compromise – and you have a real game changer.

You’re probably confused, here. How can one part of the layered defence strategy LOGICnow advocates and supplies be so important? I will tell you why – money.

At the end of the day MSPs and IT admins have a common problem. How does a good team, a motivated and competent team, internal or external, demonstrate value when the business model demands minimal interaction? Move the discussion to money, that’s how.

Vulnerability scanning offers MSPs a killer feature

The killer feature of the vulnerability scanner our CEO, GM and executives signed off on was this: the ability to equate risk in real dollar terms. How much does the lack of a patch cost? What’s at risk? Who has access? And what is that exposure worth? For the first time MSPs and IT Admins are going to have those important answers at their fingertips. Can a single PC have $2 million in liability? Sure, we found one in the LOGICnow infrastructure and fixed that problem. That’s effective, that’s real. No BS.

My CEO likes to say “numbers are bullshit” when it comes to risk. I agree with him, but I listen to the thousands of small and medium business customers that have IT admins or MSPs doing the hard work of securing countless environments. At the end of the day, risk calculations are just math, but they mean something important. The distance between calculated risk and sales is not that far.

Let me elaborate.

You scan a network and determine there is $10 million at risk. How do we mitigate that risk? You patch and secure – it’s that simple. But you need to know what to patch and what data to secure. Imagine a future where on a monthly or weekly basis you can demonstrate the monetary value you provide in terms of real risk reduction. It’s awesome and probably the most important step in selling your services, securing your customer’s environment and cementing the relationship. By adding this to our platform, we will be ensuring that MSPs and IT Admins punch above their weight when it comes to saving the Internet for SMB/SME customers.

More tools on the way…

Oh, and one more thing. We are not done. More tools, enhanced tools, better tools and major capabilities, capabilities that were only found in enterprise are coming to your hands. Stick with us in 2016. Grow your business save the Internet and look after those PCs AND Macs by being #hard2hack.

Ok, and really just one more thing. Our team put together a piece of content that has been described as the best thing we have produced in the past three years. We are calling it our Cyber Threat Manual and it’s available here for download. Check it out and let me know what you think!

 

Ian Thornton-Trump, CSA+, CD, CEH, CNDA is CTO at Octopi Managed Services Inc. Ian is an ITIL certified Information Technology (IT) consultant with more than 20 years of experience in IT security and information technology. He enjoys and maintains a strong commitment to the security community. From 1989 to 1992, Ian served with the Canadian Forces (CF), Military Intelligence Branch; in 2002, he joined the CF Military Police Reserves and retired as a Public Affairs Officer in 2013.

You can follow Ian on Twitter® at @phat_hobbit.