Hardening the Endpoint
Endpoint security is one of the fastest growing revenue drivers for MSPs as the endpoint continues to be the Achilles heel for most organizations. Thirty percent (30%) of all breaches last year were driven by malware via the endpoint. Worse, in healthcare, 85% of the malware was ransomware, and the primary vector for delivering this malware was via email.
From a services planning/delivery perspective, the continual addition of endpoint technologies (e.g., AV, anti-malware, firewalls, IDS/IPS, authentication services, backup, disk encryption, content control, artificial intelligence, and machine learning) and continually changing nomenclature for these technologies (e.g., endpoint security, endpoint protection platforms (EPP), endpoint detection and response (EDR) platforms) is challenging for MSP customers. The question on every MSP business development person’s mind is what is the next technology/service we need to deliver and how do we describe this technology so that our customers will understand the value and be willing to pay for it? The purpose of this report is to take a step back and focus on meeting underlying goals that all MSPs have:
- Delivering high-value, high-growth multi-tenant services that are scalable, and modular
- Meeting customer needs for remote monitoring/support and endpoint security matching their unique business/industry requirements,
including meeting privacy and Industry regulations including HIPAA, HITECH, GDPR, and PCI DSS
- Delivering maximum security, minimum impact, and maximum return for the customer
Rather than bolting on the hottest endpoint security technology and justifying the next endpoint security acronym, we propose a pragmatic and strategic approach. This future-proof approach leverages the internationally acclaimed NIST Cybersecurity Framework (NCSF) to map out a plan for hardening the endpoint. This approach empowers MSPs to deliver the highest levels of endpoint security and regulatory/ industry compliance in a practical, layered, logical, and infinitely expandable way.
The NCSF: Breaking the Cyber Kill Chain
First published in 2014, the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity is the defacto framework for organizations in critical infrastructure – including government, financial services, and healthcare. More commonly known as the NIST Cybersecurity Framework (NCSF), the NCSF focuses on “using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management
For MSPs, the NCSF applicability goes well beyond critical infrastructure organizations. As NIST states, “the Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience”. Underscoring the broad applicability of the NCSF, many trade associations including financial services, healthcare, legal, manufacturing, professional services, and retail have jumped onto the NCSF bandwagon.
The NCSF is perfect for MSPs looking to raise the endpoint protection discussion from point solutions to a risk-based, longer-range, more comprehensive approach. As discussed in this report, hardening the endpoint via a layered approach meets today’s endpoint security needs while laying out a framework for continual renewal and expansion as new threats, vulnerabilities, and technologies emerge.
When taken together, building an endpoint hardening solution based on the NCSF gives MSPs the ability to deliver a customizable solution with the following key customer benefits:
- Seamless Integration reduces cost and complexity. Following a layered model provides the MSP with the flexibility to integrate endpoint hardening solutions with existing platforms: security information event managers (SIEM), remote monitoring and maintenance (RMM),
and professional services automation (PSA) systems. Also, by offering environment agnostic solutions (e.g., cloud, data center, virtual server, physical server, and desktop), the MSP guarantees universal endpoint coverage with minimal impact on employee productivity.
- Modular approach adds flexibility. Following the five-layer model gives the MSP the ability to layer in specific technologies and services. For example, adding advanced Protect and Detect solutions to catch polymorphic and file-less malware. Or, adding identity management, patch management, disk encryption, and advanced detection capabilities (e.g., pre- and post- exploit detection) to meet specific compliance requirements.
- Advanced detection reduces dwell time and cost. The Detection function underlies all other services. Size matters when it comes to detection and having a global reach database of active threats, vulnerabilities and exploits provides the fuel that advanced AI/ML engines
require to quickly discern malicious from anomalous and false positive from false negative. The more accurate the detection, the more effective the response and lower the risk and cost of a breach.
- Planning for regulatory and industry requirements early to guarantee compliance. MSP customers are overrun with compliance requirements. The NCSF is explicit that compliance requirements – typically protecting private, financial, and protected health data – be part of the initial Identify discussion. By focusing on compliance early, all follow-on endpoint hardening layers (Protect, Detect, Respond, and Recover) will include the necessary controls and procedures to support the compliance requirements.
Delivering an endpoint hardening solution based on the NCSF empowers MSPs to provide high-value, high-growth multi-tenant services that are scalable, and modular while meeting customer needs for remote monitoring/support. Following the NCSF layered approach offers security that matches MSP customer unique business/industry regulatory requirements with maximum security, minimum impact, and maximum return.