Managed Service Providers

Thoughtful Design in the Age of Cybersecurity AI

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design...

Cybersecurity in Schools: What Families Need to Know

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents...

Out from the Shadows: The Dark Web

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Webroot DNS Protection: Now Leveraging the Google Cloud Platform

Reading Time: ~ 2 min.

We are  excited to announce Webroot® DNS Protection now runs on Google Cloud Platform (GCP). Leveraging GCP in this way will provide Webroot customers with security, performance, and reliability. 

Security

Preventing denial of service (DoS) attacks is a core benefit of Webroot DNS Protection. Now, the solution benefits from Google Cloud load balancers with built-in DoS protection and mitigation, enabling the prevention of attack traffic before it ever hits the agent core. 

“The big thing about Google Cloud is that it dynamically manages denial of service (DoS) attacks,” said Webroot Sales Engineer Jonathan Barnett. “That happens automatically, and we know Google has that figured out.”

Click here to learn why businesses need DNS protection.

Performance

With this release, Webroot DNS Protection now runs on the Google Cloud’s high-redundancy, low-latency networks in 16 regions worldwide. That means there’s no need for a Webroot customer in Australia to have a DNS request resolved in Los Angeles, when more convenient infrastructure exists close by.  

“Google Cloud provides the ability to scale by adding new regions or new servers whenever necessary as load or need determines, nationally or internationally,” said Barnett. “This allows us to provide geolocation-appropriate answers for our customers, maximizing performance.”

Reliability

Because of GCP’s global infrastructure footprint, Webroot can quickly and easily provision more of Google’s servers in any region to ensure latency times remain low. 

And because those regional deployments can be programmed to auto-scale with spikes in traffic, even drastically increasing loads won’t increase wait times for requests.

According to Barnett, “Even if Webroot were to take on a large number of customers in a short time period, say with the closing of a deal to offer DNS solutions to an enterprise-level client with a number of subsidiaries, our environments would automatically scale with the additional load.”

One more note on the release 

Another key feature of the April DNS agent update regards switching communications from port 53, which is typically associated with DNS requests, to port 443, which is more commonly associated with SSL certificates.

The reason for this change is that, given port 443’s relevance to routine requests like banking sites and those accepting payment information, it is rarely constrained, modified, or controlled. This will reduce the need to configure firewalls or make other admin adjustments in order for Webroot DNS Protection to function as intended. 

It’s good to be in good company

With Webroot DNS Protection now leveraging the GCP will power your network-level protection. Fewer outages, latency, and bottlenecks. Ready to experience Webroot DNS Protection for yourself? Try it free for 30-days here. 

The Importance of the MSP Sales Process

Reading Time: ~ 3 min.

I’ve been in this business a long time, and I can honestly say that many MSPs lack a concrete sales process structure. That’s pretty worrisome because, let’s face it, you have to have a plan in order to succeed at just about anything. Imagine you’re an engineer working on server maintenance or a network infrastructure build—you wouldn’t do that without a plan, would you? Your sales strategy should be handled no differently. 

Dos and Don’ts for your Sales Process

First, let’s talk about some don’ts. Avoid taking a call and immediately giving a quote over the phone, as well as going straight to the customer site to conduct ad hoc assessments and sales presentations in the same breath. To build value, you need to stretch this into multiple touches, by which I mean multiple meetings. Sure, that’s more work for you up front, but it’s crucial for establishing trust with the client. You need to open and sustain a dialog about their needs so you can tailor a unique solution for them, without diving right into a pitch. By leading with careful consideration and attention to their needs, you can begin building a lasting relationship and, eventually, bring them a better offering.

Here’s how I recommend you structure your process.

Schedule an on-site strategy session with your client.

Meeting with a prospect face-to-face will demonstrate your investment in a trust relationship. Now, you have to listen to them. Don’t lead with a pitch. Let them tell you what their problems are, pay close attention to them as they express their needs, and take note of all their pain points.

This is also the ideal opportunity to truly grasp of whether the demands are excessive or unreasonable for your capabilities. Each relationship you enter into with clients is a partnership that comes with shared responsibilities. Be more than a fulfull/deliver shop. 

Perform an in-depth assessment and discovery.

You need to discover everything that’s on the client’s network and assess exactly where they stand. Don’t do this on the same day as that initial meet; schedule a second one. Take the extra time between the meetings to prepare more specific questions that will delve more deeply into the needs your prospect expressed. This will help show the client that you’re invested in their unique challenges.

When you come back, bring an engineer or assistant with you. You need someone with you who can interview different staff members and find out about the specific issues they face. Ask basic questions to understand how the employees feel about where the company’s IT stands, like: What kind of issues are you having?; What do you see wrong with your computer network?; How could your network be improved?; and What things would you like to see change? 

As you’re doing your assessment and discovery, make sure to bring cybersecurity into the discussion. Managed cybersecurity is often a poor experience, so this is your chance to feel out how else you can alleviate their pains (and set yourself apart from their current provider.) 

And, finally, book the third meeting. 

Make the pitch.

Ideally, your third meeting would be at your location. If there’s some reason you can’t do it in your own shop, take the prospect off-site for lunch at a restaurant that has private meeting rooms. Essentially, you want to avoid doing the presentation in their office, where they can easily get interrupted.

In this case, it will pay to be overly prepared. Again, if you listened closely, the prospect would’ve already told you what to focus on to help them succeed. Use that knowledge to craft the right message to deliver during this meeting. 

Start by walking through the pain points they and their employees revealed. Talk over anything else you found in your discovery/assessment that could be improved. Have an itemized list, and then ask them if they agree with all the issues you’ve found.

Once you get agreement, then you can go into your sales pitch and present them with a well-tailored offering that can actually solve their challenges and help them grow. 

Ultimately, by listening to your prospect, exhibiting an understanding of their needs, and demonstrating your level of commitment to providing value and nurturing the relationship itself, you’ll be well on your way to building a meaningful, successful business partnership.

Download my Multi-Million Dollar MSP Sales Process that will guide you through the above steps like a pro. The last few pages of the document include links to helpful templates as well as worksheets for you to hit the ground running on this process.   

Keep crushing it!

Why Simplified Security Awareness Training Matters for MSPs and SMBs

Reading Time: ~ 3 min.

In a recent report by the firm 451 Research, 62 percent of SMBs reported having a security awareness training program in place for their employees, with half being “homegrown” training courses. The report also found that most complained their programs were difficult to implement, track, and manage.

Like those weights in the garage you’ve been meaning to lift or the foreign language textbook you’ve been meaning to study, even our most well-intentioned efforts flounder if we’re not willing to put to use the tools that can help us achieve our goals.

So it goes with cybersecurity training. If it’s cumbersome to deploy and manage, or isn’t able to clearly display its benefits, it will be cast aside like so many barbells and Spanish-language dictionaries. But unfortunately, until now, centralized management and streamlined workflows across client sites have eluded the security awareness training industry.

The Importance of Effective Security Awareness Training

The effectiveness of end user cybersecurity training in preventing data breaches and downtime has been demonstrated repeatedly. Webroot’s own research found security awareness training cut clicks on phishing links by 70 percent, when delivered with regularity. And according to the 2018 Data Breach Investigation Report by Verizon, 93 percent of all breaches were the result of social engineering attacks like phishing.

With the average cost of a breach at around $3.62 million, low-overhead and effective solutions should be in high demand. But while 76 percent of MSPs reported using some type of security awareness tool, many still rely on in-house solutions that are siloed from the rest of their cybersecurity monitoring and reporting.

“MSPs should consider security awareness training from vendors with cybersecurity focus and expertise, and who have deep visibility and insights into the changing threat landscape,” says 451 Research Senior Analyst Aaron Sherrill.

“Ideally, training should be integrated into the overall security services delivery platform to provide a unified and cohesive approach for greater efficacy.”

Simple Security Training is Effective Security Training

Security awareness training that integrates with other cybersecurity solutions—like DNS and endpoint protection—is a good first step in making sure the material isn’t brushed aside like other implements of our best intentions.

Global management of security awareness training—the ability to initiate, monitor, and report on the effectiveness of these programs from a single pane of glass across all of your customers —is the next.

When MSPs can save time by say, rolling out a simulated phishing campaign or training course to one, many or allclient’s sites across the globe with only a few clicks, they both save time and money in management overhead, and are more likely to offer it as a service to their clients. Everyone wins.

With a console that delivers intuitive monitoring of click-through rates for phishing campaigns or completion rates for courses like compliance training, across all client sites, management is simplified. And easily exportable phishing and campaign reports help drive home a client’s progress.

“Automation and orchestration are the force multipliers MSPs need to keep up with today’s threats and provide the best service possible to their clients,” says Webroot SVP of Product Strategy and Technology Alliances Chad Bacher.”

So as a growing number of MSPs begin to offer security awareness training as a part of their bundled services, and more small and medium-sized businesses are convinced of its necessity, choosing a product that’s easy to implement and manage becomes key.

Otherwise, the tool that could save a business from a breach becomes just another cob-webbed weight bench waiting for its day.

To learn about security training that’s effective, efficient, and easy to use, read about our new Webroot® Security Awareness Training release.

MSPs: Your Security Vendor Should Integrate with More Than Just Your RMM and PSA

Reading Time: ~ 2 min.

For many MSPs, integrating their security solution with their remote monitoring and management (RMM) and professional service automation (PSA) platforms is essential for doing business. Together, these platforms help lower the cost of keeping up with each client, ensuring profitable margins for a healthy, growing business.

For true providers of IT services—MSPs that sell services rather than licenses and take a holistic approach to client IT health—RMM and PSA integrations are critical for keeping track of hundreds or even thousands of unique endpoints and automating recurring operations for numerous clients.

Like many of the other features of our security solutions, our RMM and PSA integrations are custom-built with the needs of MSPs in mind. They’re designed to help MSPs create the most efficient, well-oiled versions of their businesses possible so that service is prompt, solutions are effective, and profit is preserved.   

Here’s what you should expect from your RMM and PSA security integrations:

  1. Faster rollouts- One of the core benefits of RMM-assisted deployments, expect rollouts to new endpoints to be fast and hassle-free with well-designed integrations. New endpoints should be easy to set up with protection turned on in just a few clicks.
  2. Simplified management- Efficiency is key to profitability. So a centralized dashboard displaying what’s running, what’s broken and how, infection statuses, endpoints requiring attention, and more helps increase the number of endpoints a single technician can manage, boosting efficiency and, ultimately, profitability. 
  3. The data you need- The best RMM and PSA integrations make it possible to get the data you need to run a successful business. Whether it’s per-client data for calculating a client’s cost to you, information on policy settings for sites and endpoints, or additional reporting delivered to clients to promote peace-of-mind, having access to allof your data empowers decision-making. 

Integrations don’t have to end there

Integrating disparate products can be a laborious, time-intensive process. For that reason, many security vendors are reluctant to coordinate too closely with customers to automate functions unique to their businesses. But it doesn’t have to be that way. 

Advanced plugins and tools allow for complete customization of dashboards, reporting, and data tracking. Each can be customized to track the metrics most useful to the organization. Critical processes, like issuing periodic reports, can be fully automated. This can be extremely beneficial when it comes to communicating with customers. Weekly or monthly reports demonstrate that, despite a lack of any major security incidents, it wasn’t for lack of trying on the part of cybercriminals. 

More than simply allowing different business platforms to talk to one another, integration plugins can be used for running commands and performing actions. This includes creating, modifying, or deleting licenses, removing duplicate endpoints, or quickly creating new console sites. 

Insist on better integrations

So when considering which cybersecurity vendor offers the most for your MSP, consider not only whether the solution allows you to communicate with your RMM and PSA platforms, but also how deeply. Does the vendor have a dedicated integrations team? Do they offer tools for the customization of business-specific reporting? Can essential, recurring business processes be automated?

The answers to the questions above will help you determine how much value RMM and PSA integrations add for your business. In a market where margins can be razor thin and built-in efficiencies can make or break the bottom line, the answers may make all the difference.

Responding to Risk in an Evolving Threat Landscape

Reading Time: ~ 3 min.There’s a reason major industry players have been discussing cybersecurity more and more: the stakes are at an all-time high for virtually every business today. Cybersecurity is not a matter businesses can afford to push off or misunderstand—especially small and medium-sized businesses (SMBs), which have emerged as prime targets for cyberattacks. The risk level for this group in particular has increased exponentially, with 57% of SMBs reporting an increase in attack volume over the past 12 months, and the current reality—while serious—is actually quite straightforward for managed service providers (MSPs):

  • Your SMB clients will be attacked.
  • Basic security will not stop an attack.
  • The MSP will be held accountable.

While MSPs may have historically set up clients with “effective” security measures, the threat landscape is changing and the evolution of risk needs to be properly, and immediately, addressed. This means redefining how your clients think about risk and encouraging them to respond to the significant increase in attack volume with security measures that will actually prove effective in today’s threat environment.

Even if the security tools you’ve been leveraging are 99.99% effective, risk has evolved from minimal to material due simply to the fact that there are far more security events per year than ever before.

Again, the state of cybersecurity today is pretty straightforward: with advanced threats like rapidly evolving and hyper-targeted malware, ransomware, and user-enabled breaches, foundational security tools aren’t enough to keep SMB clients secure. Their data is valuable, and there is real risk of a breach if they remain vulnerable.Additional layers of security need to be added to the equation to provide holistic protection. Otherwise, your opportunity to fulfill the role as your clients’ managed security services providerwill be missed, and your SMB clients could be exposed to existential risk.

Steps for Responding to Heightened Risk as an MSP

Step 1: Understand Risk

Start by discussing “acceptable risk.” Your client should understand that there will always be some level of risk in today’s cyber landscape. Working together to define a businesses’ acceptable risk, and to determine what it will take to maintain an acceptable risk level, will solidify your partnership. Keep in mind that security needs to be both proactive and reactive in its capabilities for risk levels to remain in check.

Step 2: Establish Your Security Strategy

Once you’ve identified where the gaps in your client’s protection lie, map them to the type of security services that will keep those risks constantly managed. Providing regular visibility into security gaps, offering cybersecurity training,and leveraging more advanced and comprehensive security tools will ultimately get the client to their desired state of protection—and that should be clearly communicated upfront.

Step 3: Prepare for the Worst

At this point, it’s not a question of ifSMBs will experience a cyberattack, but when. That’s why it’s important to establish ongoing, communicative relationships with all clients. Assure clients that your security services will improve their risk level over time, and that you will maintain acceptable risk levels by consistently identifying, prioritizing, and mitigating gaps in coverage. This essentially justifies additional costs and opens you to upsell opportunities over the course of your relationship.

Step 4: Live up to Your Promises Through People, Processes, and Technology

Keeping your security solutions well-defined and client communication clear will help validate your offering. Through a combination of advanced software and services, you can build a framework that maps to your clients’ specific security needs so you’re providing the technologies that are now essential for securing their business from modern attacks.

Once you understand how to effectively respond to new and shifting risks, you’ll be in the best possible position to keep your clients secure and avoid potentially debilitating breaches.

6 Steps to Build an Incident Response Plan

Reading Time: ~ 4 min.According to the Identity Theft Research Center, 2017 saw 1,579 data breaches—a record high, and an almost 45 percent increase from the previous year. Like many IT service providers, you’re probably getting desensitized to statistics like this. But you still have to face facts: organizations will experience a security incident sooner or later. What’s important is that you are prepared so that the impact doesn’t harm your customers or disrupt their business.

Although, there’s a new element that organizations—both large and small—have to worry about: the “what.” What will happen when I get hacked? What information will be stolen or exposed? What will the consequences look like?

While definitive answers to these questions are tough to pin down, the best way to survive a data breach is to preemptively build and implement an incident response plan. An incident response plan is a detailed document that helps organizations respond to and recover from potential—and, in some cases, inevitable—security incidents. As small- and medium-sized businesses turn to managed services providers (MSPs) like you for protection and guidance, use these six steps to build a solid incident response plan to ensure your clients can handle a breach quickly, efficiently, and with minimal damage.

Step 1: Prepare

The first phase of building an incident response plan is to define, analyze, identify, and prepare. How will your client define a security incident? For example, is an attempted attack an incident, or does the attacker need to be successful to warrant response? Next, analyze the company’s IT environment and determine which system components, services, and applications are the most critical to maintaining operations in the event of the incident you’ve defined. Similarly, identify what essential data will need to be protected in the event of an incident. What data exists and where is it stored? What’s its value, both to the business and to a potential intruder? When you understand the various layers and nuances of importance to your client’s IT systems, you will be better suited to prepare a templatized response plan so that data can be quickly recovered.

Treat the preparation phase as a risk assessment. Be realistic about the potential weak points within the client’s systems; any component that has the potential for failure needs to be addressed. By performing this assessment early on, you’ll ensure these systems are maintained and protected, and be able to allocate the necessary resources for response, both staff and equipment—which brings us to our next step.

Step 2: Build a Response Team

Now it’s time to assemble a response team—a group of specialists within your and/or your clients’ business. This team comprises the key people who will work to mitigate the immediate issues concerning a data breach, protecting the elements you’ve identified in step one, and responding to any consequences that spiral out of such an incident.

As an MSP, one of your key functions will sit between the technical aspects of incident resolution and communication between other partners. In an effort to be the virtual CISO (vCISO) for your clients’ businesses, you’ll likely play the role of Incident Response Manager who will oversee and coordinate the response from a technical and procedural perspective.

Pro Tip: For a list of internal and external members needed on a client’s incident response team, check out this in-depth guide.

Step 3: Outline Response Requirements and Resolution Times

From the team you assembled in step two, each member will play a role in detecting, responding, mitigating damage, and resolving the incident within a set time frame. These response and resolution times may vary depending on the type of incident and its level of severity. Regardless, you’ll want to establish these time frames up front to ensure everyone is on the same page.

Ask your clients: “What will we need to contain a breach in the short term and long term? How long can you afford to be out of commission?” The answers to these questions will help you outline the specific requirements and time frame required to respond to and resolve a security incident.

If you want to take this a step further, you can create quick response guides that outline the team’s required actions and associated response times. Document what steps need to be taken to correct the damage and to restore your clients’ systems to full operation in a timely manner. If you choose to provide these guides, we suggest printing them out for your clients in case of a complete network or systems failure.

Step 4: Establish a Disaster Recovery Strategy

When all else fails, you need a plan for disaster recovery. This is the process of restoring and returning affected systems, devices, and data back onto your client’s business environment.

A reliable backup and disaster recovery (BDR) solution can help maximize your clients’ chances of surviving a breach by enabling frequent backups and recovery processes to mitigate data loss and future damage. Planning for disaster recovery in an incident response plan can ensure a quick and optimal recovery point, while allowing you to troubleshoot issues and prevent them from occurring again. Not every security incident will lead to a disaster recovery scenario, but it’s certainly a good idea to have a BDR solution in place if it’s needed.

Step 5: Run a Fire Drill

Once you’ve completed these first four steps of building an incident response plan, it’s vital that you test it. Put your team through a practice “fire drill.” When your drill (or incident) kicks off, your communications tree should go into effect, starting with notifying the PR, legal, executive leadership, and other teams that there is an incident in play. As it progresses, the incident response manager will make periodic reports to the entire group of stakeholders to establish how you will notify your customers, regulators, partners, and law enforcement, if necessary. Remember that, depending on the client’s industry, notifying the authorities and/or forensics activities may be a legal requirement. It’s important that the response team takes this seriously, because it will help you identify what works and which areas need improvement to optimize your plan for a real scenario.

Step 6: Plan for Debriefing

Lastly, you should come full circle with a debriefing. During a real security incident, this step should focus on dealing with the aftermath and identifying areas for continuous improvement. Take is this opportunity for your team to tackle items such as filling out an incident report, completing a gap analysis with the full team,  and keeping tabs on post-incident activity.

No company wants to go through a data breach, but it’s essential to plan for one. With these six steps, you and your clients will be well-equipped to face disaster, handle it when it happens, and learn all that you can to adapt for the future.

Parsing the Distinction Between AI & Machine Learning

Reading Time: ~ 4 min.I had the privilege of giving a keynote on one of my favorite topics, busting myths around artificial intelligence (AI) and machine learning (ML), during DattoCon 2018 this week.

Webroot has been doing machine learning for more than a decade and consider this aspect one of our key differentiators for our solutions. However, for many small and medium-sized businesses (SMBs), that might not matter. They may have heard the terms AI or ML but aren’t sure how these advancements can help keep their company safe. Additionally, the managed service providers (MSPs) who provide millions of SMBs with security protection, might not know how this technology can help their customers either.

AI and ML are not the same thing. Marketing campaigns and news articles oftentimes confuse people into thinking that they are—and my insistence on clarifying their nuance might be overkill—but I think it’s important to know the difference so you can understand how each can help make cybersecurity stronger.

What is artificial intelligence?

Artificial intelligence interacts with people, whether emulating a human (think about chat bots) or pets. The AI component is that interactive component—the thing you can touch, feel, and see. AI technology is very nascent, and I expect great things to come in the near future.

What is machine learning?

Machine learning is artificial intelligence’s nerdy cousin. ML models are designed to analyze all of the data collected, behind the sciences, with no human interface. ML is the heavy science where all the data crunching takes place. This is the part of technology that a few companies, like Webroot, have been working in for a long time.

To dig in further, I decided to take to the streets (or aisles) of DattoCon 2018 in Austin, TX, and see what MSPs were hearing and thinking about in relation to AI and ML. I kicked things off by getting a grasp on what MSPs are being asked by their customers.

“Absolutely nothing,” said Steven Gomes, kloudfyre. “They don’t bring it up; it’s nothing I even talk about. I know AI is the future of processing speed and power — so it’s important to me because it means accuracy and intelligence. But my customers don’t ask.”

That’s the response I got across the board. MSPs know it is something key for the future of security, but their customers don’t ask about it at all. I’m heartened to learn MSPs understand the importance, but can they tell marketing hype from reality? I want to make sure they understand what’s important or key differentiators for AI and ML.

Identifying the problem, data and consumability are key.

First, you need to know what problem you’re trying to solve before you can engage ML models. Next is having substantial data to feed the models. Webroot analyzes 500 billion data elements a day that we link and push through our models to enhance our analysis. We have a lot of access to information that new players in the space simply do not. Data is key to training up a model. Finally, consumability is getting the ML models into the hands of the customer so that the solution can be actionable. It’s pretty easy to tune new models, but it’s not easy to get the models deployed and allow customers to get meaningful, actionable data from it.

What do MSPs hear from customers around what’s key with ML?

The general sentiment was that it’s a checkbox in that they know the words, and it’s a must, but there is no real data or understanding of the why. SMBs don’t know what it means or how it applies to their business other than making security generally better.Going one-step further, I get concerned people are enamored with the idea of the tech but not clear on the value it can provide.

AI and ML should help in three areas for customers.

First, it should help create new capabilities for the security stack while at the same time decreasing their costs and reducing their cycle time to detect and remediate threats. Second, it should help detect emergent, unexpected threat behaviors quickly enabling the security team or an orchestration solution to take action. Third, it should deliver value around people augmentation. It could be automation of remedial tasks or simply working around the clock while your human employees go home and sleep.

“MSPs are technologists. They have to take complex stuff for their clients and their clients have blind faith. So MSPs focus on effectiveness.” -Cameron Stone, sales, Webroot

When I dug in more about benefits, a recent MSP owner chimed in, “Almost all decisions are based on whether it reduces headaches and is an innovative tool for my customers; so if machine learning does that, I’m all for learning more. I’d be happy to read up on it, but my customers don’t have time to read or care about it.”

As a passionate fan of ML, I realized there is a lot more we in the industry need to do to help educate and make this technology easy to consume.

Machine learning’s super power is that the amount of data it can take it has no limits. Think about it the context of healthcare: what if the best doctors in the world could work on your issue, around the clock? ML can provide that value to cybersecurity.

I appreciate Datto letting me talk on my soapbox for a few minutes and hope to continue this conversation with more MSP partners.

3 MSP Best Practices for Protecting Users

Reading Time: ~ 3 min.Cyberattacks are on the rise, with UK firms being hit, on average, by over 230,000 attacksin 2017. Managed service providers (MSPs) need to make security a priority in 2018, or they will risk souring their relationships with clients. By following 3 simple MSP best practices consisting of user education, backup and recovery, and patch management, your MSP can enhance security, mitigate overall client risk, and grow revenue.

User Education

An effective anti-virus is essential to keeping businesses safe; however, It isn’t enough anymore. Educating end users through security awareness training can reduce the cost and impact of user-generated infections and breaches, while also helping clients meet the EU’s new GDPR compliance requirements. Cybercriminals’ tactics are evolving and increasingly relying on user error to circumvent security protocols. Targeting businesses through end users via social engineering is a rising favorite among new methods of attack.

Common social engineering attacks include:

  • An email from a trusted friend, colleague or contact—whose account has been compromised—containing a compelling story with a malicious link/download is very popular. For example, a managing director’s email gets hacked and the finance department receives an email to pay an outstanding “invoice”.
  • A phishing email, comment, or text message that appears to come from a legitimate company or institution. The messages may ask you to donate to charity, ‘verify’ information, or notify you that you’re the winner in a competition you never entered.
  • A fraudster leaving a USB around a company’s premises hoping a curious employee will insert it into a computer providing access to company data.

Highly topical, relevant, and timely real-life educational content can minimize the impact of security breaches caused by user error. By training clients on social engineering and other topics including ransomware, email, passwords, and data protection, you can help foster a culture of security while adding serious value for your clients.

Backup and Disaster Recovery Plans

It’s important for your MSP to stress the importance of backups. If hit with ransomware without a secure backup, clients face the unsavory options of either paying up or losing important data. Offering clients automated, cloud-based backup makes it virtually impossible to infect backup data and provides additional benefits, like a simplified backup process, offsite data storage, and anytime/anywhere access. In the case of a disaster, there should be a recovery plan in place. Even the most secure systems can be infiltrated. Build your plan around business-critical data, a disaster recovery timeline, and protocol for disaster communications.

Things to consider for your disaster communications

  • Who declares the disaster?
  • How are employees informed?
  • How will you communicate with customers?

Once a plan is in place, it is important to monitor and test that it has been implemented effectively. A common failure with a company’s backup strategy occurs when companies fail to test their backups. Then, disaster strikes and only then do they discover they cannot restore their data. A disaster recovery plan should be tested regularly and updated as needed. Once a plan is developed, it doesn’t mean that it’s effective or set in stone.

Patch Management

Consider it an iron law; patch and update everything immediately following a release. As soon as patches/updates are released and tested, they should be applied for maximum protection. The vast majority of updates are security related and need to be kept up-to-date. Outdated technology–especially an operating system (OS)–is one of the most common weaknesses exploited in a cyberattack. Without updates, you leave browsers and other software open to ransomware and exploit kits. By staying on top of OS updates, you can prevent extremely costly cyberattacks. For example, in 2017 Windows 10 saw only 15% of total files deemed to be malware, while Windows 7 saw 63%. These figures and more can be found in Webroot’s 2018 Threat Report.

Patching Process

Patching is a never-ending cycle, and it’s good practice to audit your existing environment by creating a complete inventory of all production systems used. Remember to standardize systems to use the same operating systems and application software. This makes the patching process easier. Additionally, assess vulnerabilities against inventory/control lists by separating the vulnerabilities that affect your systems from those that don’t. This will make it easier for your business to classify and prioritize vulnerabilities, as each risk should be assessed by the likelihood of the threat occurring, the level of vulnerability, and the cost of recovery. Once it’s determined which vulnerabilities are of the highest importance, develop and test the patch. The patch should then deploy without disrupting uptime—an automated patch system can help with the process.

Follow these best practices and your MSP can go a lot further toward delivering the security that your customers increasingly need and demand. Not only you improve customer relationships, but you’ll also position your MSP as a higher-value player in the market, ultimately fueling growth. Security is truly an investment MSPs with an eye toward growth can’t afford to ignore.

Re-Thinking ‘Patch and Pray’

Reading Time: ~ 3 min.

When WannaCry ransomware spread throughout the world last year by exploiting vulnerabilities for which there were patches, we security “pundits” stepped up the call to patch, as we always do. In a post on LinkedIn Greg Thompson, Vice President of Global Operational Risk & Governance at Scotiabank expressed his frustration with the status quo.

Greg isn’t wrong. Deploying patches in an enterprise department requires extensive testing prior to roll out. However, most of us can patch pretty quickly after an announced patch is made available. And we should do it!

There is a much larger issue here, though. A vulnerability can be known to attackers but not to the general public. Managing and controlling vulnerabilities means that we need to prevent the successful exploitation of a vulnerability from doing serious harm. We also need to prevent exploits from arriving at a victim’s machine as a layer of defense. We need a layered approach that does not include a single point of failure–patching.

A Layered Approach

First off, implementing a security awareness training program can help prevent successful phishing attacks from occurring in the first place. The 2017 Verizon Data Breach Investigations Report indicated that 66% of data breaches started with a malicious attachment in an email—i.e. phishing. Properly trained employees are far less likely to open attachments or click on links from phishing email. I like to say that the most effective antimalware product is the one used by the best educated employees.

In order to help prevent malware from getting to the users to begin with, we use reputation systems. If almost everything coming from http://www.yyy.zzz is malicious, we can block the entire domain. If much of everything coming from an IP address in a legitimate domain is bad, then we can block the IP address. URLs can be blocked based upon a number of attributes, including the actual structure of the URL. Some malware will make it past any reputation system, and past users. This is where controlling and managing vulnerabilities comes into play.

The vulnerability itself does no damage. The exploit does no damage. It is the payload that causes all of the harm. If we can contain the effects of the payload then we are rethinking how we control and manage vulnerabilities. We no longer have to allow patches (still essential) to be a single point of failure.

Outside of offering detection and blocking of malicious files, it is important to stop execution of malware at runtime by monitoring what it’s trying to do. We also log each action the malware performs. When a piece of malware does get past runtime blocking, we can roll back all of the systems changes. This is important. Simply removing malware can result in system instability. Precision rollback can be the difference between business continuity and costly downtime.

Some malware will nevertheless make it onto a system and successfully execute. It’s at this point we observe what the payload is about to do. For example, malware that tries to steal usernames and passwords is identified by the Webroot ID shield. There are behaviors that virtually all keyloggers use, and Webroot ID Shield is able to intercept the request for credentials and returns no data at all. Webroot needn’t have seen the file previously to be able to protect against it. Even when the user is tricked into entering their credentials, the trojan will not receive them.

There is one essential final step. You need to have offline data backups. The damage ransomware does is no different than the damage done by a hard drive crash. Typically, cloud storage is the easiest way to automate and maintain secure backups of your data.

Greg is right. We can no longer allow patches to be a single point of failure. But patching is still a critical part of your defensive strategy. New technology augments patching, it does not replace it and will not for the foreseeable future.

What do you think about patch and pray? Join our discussion in the Webroot Community or in the comments below!

More Automation. More #MSProfits.

Reading Time: ~ 2 min.

Savvy MSPs know that automation improves efficiency and strengthens their bottom line. In a nutshell, automation enables an MSP to reduce the amount of time its technicians spend handling routine or repetitive tasks, thus cutting costs for service delivery and freeing those techs to devote more attention to activities that generate more revenue.

Enabling Creativity Spurs Growth

It’s no secret that computers are more efficient than humans when it comes to performing repetitive work, while humans deliver superior results in situations that require creativity, critical thinking, and decision making. Part of the reason automation is so effective is because it enables MSPs to take advantage of these fundamental truths.

Freeing up your technicians for more appropriate endeavors presents benefits beyond simple cost savings. It also gives you the opportunity to differentiate yourself from other MSPs and position your business for future growth by finally enabling your technicians to see the forest for the trees.

When an MSP’s technicians are mired in routine administration and maintenance responsibilities—such as deploying security upgrades, performing regular disk cleanup, or managing tickets—there’s no time to step back and evaluate the overarching IT challenges that affect that particular client. And that means missed business opportunities.

More Time for Personalization

Proactively identifying a client’s IT challenges will help that client improve their business operations. This will not only differentiate you from other MSPs, it will also establish a foundation of trust upon which you can build long-term relationships with your customers; which, of course, is key to generating recurring, predictable revenue.

But an MSP can only design creative solutions to its clients’ business and IT challenges if its team has the time to identify those challenges. They need the bandwidth to consciously and continuously review each client’s business operations and craft powerful and personalized solutions.

Automation can solve that problem. Not only does it free up your IT team to focus on the specific issues each client faces, it also allows you to deliver a more comprehensive range of services individually tailored to those clients.

Today’s combination of automated and dynamic cloud services let you choose from an array of solutions for each of your clients, while still ensuring management is automated for maximum efficiency. The net result? You’ll boost your profitability by increasing customer satisfaction and long-term patronage, all while significantly reducing your management and operational costs.

Learn More… and Enter for a Chance to Win!

The Webroot #MSProfits Program is dedicated to helping MSPs boost their profitability by automating their business operations. Learn more about the benefits of automation or 5 steps you can take to help automate your MSP business, and enter for a chance to win a sophisticated home technology package.

Talking DNS Protection with ConnectWise

Reading Time: ~ 3 min.

It’s been an exciting week for our partner ConnectWise – they started offering customers Webroot® DNS Protection. To get insight into why this matters, I sat down with George Anderson, Webroot’s product marketing director for business solutions, and Gavin Gamber, vice president of Channel Sales and Alliances at ConnectWise.


Can we start with the basics? What is DNS?

George: DNS stands for Domain Name System. The basic job of DNS is to turn a human-friendly domain name like webroot.com into an Internet Protocol (IP) address like 66.35.53.194. Computers use IP addresses to identify each other. When a user accesses an external website or downloads files, their computer uses a DNS server to look up the domain name and then directs the user to that website.

Ok, kind of like a phone directory for the internet. That helps me understand the power DNS can hold.

George: That’s right. DNS is a powerful part of making the internet work. It also can be an equally powerful avenue for protecting a business. According to our data, many infections are generated through web browsing. Implementing web filtering security at the DNS layer can have a very significant impact on infection rates.

Wow. The internet is a big, beautiful, and scary place.

George: It can be. Using the internet is a high-risk activity for every business, regardless of size. Sometimes good sites can contain bad content. Users can fall victim to drive-by ransomware, employees can click on malvertising, and the list goes on.

Can you give us an example of what security at the DNS layer can stop?

Gavin: Let’s say, for example, you work with medical clients. Most of the end users are protected, but when guests come onto the network there is no way to monitor their web traffic. Since you don’t control the device, you don’t have any antivirus protecting the guest’s endpoint. With DNS filtering, you can protect the network and prevent guests from knowingly or unknowingly going to harmful or sensitive websites.

George: Using a web filtering solution at the DNS layer lets businesses do a few things. First, it creates policies for web usage that can be applied globally or by client. An MSP can decide, for example, whether to block certain content or social media sites. Second, it filters URLs for security risks, preventing infections by automatically sifting out known malicious websites. Finally, it allows a partner to monitor overall web usage and its security risk posture. What’s really different is that this all happens outside the network at the domain layer, so most infections are stopped at the earliest possible stage.

In a nutshell?

George: DNS Protection allows organizations to configure their router or firewall to point to Webroot’s secure DNS resolver servers for granular web filtering. Then, partners simply configure an acceptable internet usage policy. By doing so, they can block malicious URLs, restricted content, social media, or streaming sites they don’t want employees perusing at work.

ConnectWise, what are you hearing from partners about web filtering and its need?

Gavin: This is just one more layer of end user security that is typically time and labor intensive to set up. Our partners and their clients want to mitigate all attack vectors whether they manage all the devices on the network or not. As security risks persist, this is a must-have tool.

So what will all this mean for our ConnectWise partners?

George: First and foremost, it’s simple and easy for ConnectWise partners to deploy and manage. The new DNS Protection service has been fully integrated into the same Global Site Manager (GSM) console they use today for Webroot’s endpoint security. It also benefits from the same pillars of Webroot’s other security services.

  • No hardware or software to install
  • Includes robust reporting options for easy management
  • Direct benefits from Webroot BrightCloud Web Classification Service
ConnectWise, why are you excited for this new product?

Gavin: When we first saw Webroot SecureAnywhere DNS we were blown away by the ease of use and straightforward deployment. Our initial reaction was that our partners would find this incredibly valuable. Additionally, this really leverages the threat intelligence that Webroot has collected over the years and gives that control to our partners in a very powerful and consumable product.


Thank you, both. Glad we could chat all things web filtering.

Interested in learning more? We have additional resources. You also can discover everything Webroot is doing with ConnectWise at Automation Nation, June 19-21 in Orlando, FL. Visit us at booth #201, where you can see a demo of DNS Protection.

Integration Holds the Keys to the Castle

Reading Time: ~ 2 min.

Talks of integration are often met with audible sighs of displeasure. It’s a lot of work. You have to combine various platforms, software, and the list goes on. At Webroot, we decided to take some of the pain out of this process by partnering with Kaseya to deliver a fully integrated endpoint security solution for its customers.

Kaseya, a provider of complete IT management solutions for managed service providers (MSPs) and mid-sized businesses, was looking for ways to reduce complexity and steer its customers in the right security direction.

Charlie Tomeo, vice president of worldwide business sales at Webroot, sat down to answer a few questions about why we chose to integrate.


Webroot: Integration is practically a buzzword today. I think I just ‘integrated’ my winter and spring wardrobes. What does integration mean for Kaseya customers?

Charlie Tomeo: Integrating Webroot status and monitoring into VSA reduces management complexity by presenting this new information into the familiar tools they already use today. This gives technicians a single pane of glass and makes it easier to follow security best practice standards, which increases protection and security for their customers.

That makes sense. I’ve heard complexity is a “hackers best friend,” so any streamlining is good in my book. What can users expect in the module?

The Webroot SecureAnywhere® endpoint product is the easiest solution to deploy and maintain on the market, but our Kaseya module makes it even easier for VSA users through an intuitive, straightforward GUI-driven install/uninstall. Deployment hierarchy can mirror your Kaseya groups with Webroot groups or sites. Once deployed, the combined deployment and status dashboard gives you that single pane of glass view to manage Webroot protection within the VSA dashboard.

Day-to-day management suddenly gets easy with customized alerts that flow directly into Kaseya, creating tickets and executive dashboard reports quickly summarize infection history and endpoints under protection.

What if I’m reading this and thinking, I don’t need that, my customers are too small to have to worry about security threats. What advice would you provide?

Study after study shows that small customers are just as at-risk as any other organization. But providing enterprise level security protection to small customers is expensive without an MSP that uses a system of streamlined processes. These partners provide an affordable solution to their customers without compromising security or margins. Using the Webroot integration inside the Kaseya VSA allows the MSP to manage their Webroot agents and streamline numerous management tasks, like alerting, reporting, deployment, and updates.


That’s a wrap. To learn more or start a free trial of the Webroot Kaseya Module, visit http://wbrt.io/WebrootKaseya .