The COVID-19 pandemic resulted in tectonic shifts in the way we interacted with technology in 2020. We convened on Zoom or Teams instead of face-to-face, held virtual events, and logged into our corporate networks from home instead of company headquarters. Technology disruptions like these have a way of creating opportunities for managed service providers (MSPs) and IT organizations that are able to adapt to changes. With an eye toward emerging trends for 2021, we talked with Webroot™ Product Marketing Director, George Anderson, to get his take on what to expect over the next year and beyond.
How would you summarize what we saw in 2020 in terms of the threat landscape?
The threat landscape in 2020 was pretty bad. Everything got worse. A phrase That was mentioned and I quite like is the cyber-demic. And that’s the reality. We can see that there are not only cybercriminals at work but state actors as well.
None of us are immune to being attacked or compromised. That’s just the reality. As an MSP, there are risks two ways. There’s the risk of you being compromised and there’s the risk of your clients being compromised. The things you were doing to protect yourself, you’ve got to be doing them for your clients. The risks are nearly the same. So it’s important to understand those risks and ways to address them. So, from an MSP perspective, I would be looking at how I mitigate the risk for myself and for my clients in a more orderly way, like the adoption of pragmatic frameworks such as CIS.
From a threat intelligence perspective, we see a lot of what are called intelligence breadcrumbs. These are pieces of indicators of compromise happening on the internet. We can see malicious things, whether it’s a malicious IP or a domain, where malicious files are coming from, and supposedly safe website URLs that change between being benign and malicious. We’re continually contextualizing, categorizing and scoring all of that data and if you're accepting those categorizations and scores from us, and blocking them, there is a good chance you're cutting out a lot of nefarious things that bad actors are doing to compromise users and networks.
What are some of the areas of protection that IT organizations should be focusing on in the coming year?
A lot of MSPs and IT organizations have been asking us, when you going to offer endpoint detection and response (EDR)? When are you going to give me an EDR-type solution? Way back in 2014, we sat down and looked at whether we should provide EDR as part of what we did. We could have done it, but it would have meant raising prices. So, the thought then was we already automate this. Also, the value of lots of incident data and telemetry to our customers was minimal as you really required a security analyst to look at the data to then mitigate things in your environment and network.
Of course, EDR has become better and better at what it does. Nonetheless, it's an expense that only provides you with a partial security insight as it’s looking at things from an endpoint perspective.
So, we've got a big emphasis this year in getting MSPs and IT organizations to look at managed detection and response (MDR) in a more serious way. With all the MDR players – whether that's Arctic Wolf, Blackpoint, Perch or whoever that happens to be – we're making a deliberate effort to integrate with those products so they are able to take our detection and response data from DNS and our endpoint telemetry information and use that data in their more holistic security approaches.
MSPs using Webroot can now look at MDR as a way of saving money because they don't have to pay for EDR but skip directly to MDR. It’s going to give them a far wider protection of their whole network, as MDR takes log data from everywhere and uses that to continuously monitor and protect your entire IT infrastructure. It can correlate and contextualize and have visibility within a network, very much the way we do with our internet threat intelligence. If you see a lot of indicators starting to act maliciously, then obviously it gives you a more accurate way of using machine learning and various other techniques to accurately predict and either stop or isolate attacks.
So, I think one big trend is that MSPs who have not already gone to EDR will start to look at jumping directly to MDR and see the additional benefit it brings, and realize it will give them some of the sophisticated air cover they lack at the moment against persistent attacks.
Switching from technology solutions for a moment, what are some of the human factors in the threat landscape and ways to address them?
Security awareness training is something we've done a huge amount of work with over the past 18 months. We've done a lot of work to make training much easier and cooler instead of cookie cutter. We've also made sure the training is very relevant, especially for younger employees and millennials. And it doesn't take up much time to do the training, which is important for the company.
The challenge is getting the client to understand the value of it and commit to it. I think this year, the trend will be to spend a lot more time talking to clients or helping MSPs talk to clients about why this is something they should be adopting and why it’s such a necessary part of their defenses. The organizations that have security awareness training see 90% fewer infections than they would just with endpoint protection on its own. Phishing simulations can also have a huge impact. The deceptive tactics cybercriminals are using can look pretty much like the real thing. Most of our courses are what we call micro-learning, which are under five minutes. You can do that at your leisure and even from a mobile device.
One of the things beginning next quarter is something called episodic training. One of our content providers has Hollywood writers on staff who write content that’s very involving and entertaining and content-inclusive, so it gets everybody involved. And by delivering the training in short episodes that work together, like watching a mini-TV series, it’s even more effective.
Last year we were very concerned about the time it took MSPs to set up and administer the training. All the evidence shows that it’s so straightforward and not a big cost for them. This year we will be looking at helping MSPs get even more automated and able to demonstrate the value of security awareness training to their clients for a far more secure business.
We are also very focused on having a complete and effective training content library that we keep constantly refreshed with relevant material. If you're properly using training on a continuous and ongoing basis, you've always got to have new content to send to your users to keep them up to date, informed and aware. And that training value doesn't stop at work. It helps your employees everywhere, especially in being secure at home where we are often working from these days.
Any more final tips for MSPs and IT organizations in the year ahead?
One of the things I found a little bit surprising is that MSPs and IT organizations sometimes don't pay much attention to the technology they've already got. They buy stuff, switch it on and then basically forget about it. We are so automated in most of what we do that once you set it up, you can probably leave it for a year and never worry about it. Just get the alerts and reports. It’s very effective but not a very healthy situation when we release brand new capabilities and features.
Cloud-based products are constantly being updated, tweaked and improved, with new things added and other things taken away. So, one of the things I think MSPs and IT organizations should really do is audit what they've got, making sure it works as best as it can, and making sure there’s a process in place for seeing the “new” things that are released.
The reason I say that is because we've got a new user interface coming this year. So people are going to see a new way of operating our software. And we’ll be delivering a lot of things that our customers have been asking about.
We've got some new features that we don't switch on because it could have an impact on the client's environment. For example, Script Shield, which is going to look for a malicious scripts – not an insignificant thing to protect against.
I’d like MSPs and IT organizations to just invest a little bit more time understanding what they bought and how easy it is to use. We'll do a lot of work on our side to help them understand and make it as easy as possible, because we realize time is money and there are conflicting priorities when you're running an MSP business. We’d also like them to be to be a little bit more aware of the things that are being added to the solution. We're doing that now. We tell people what's new and what we're doing so people can keep up with it.
We also want MSPs to be able to build their own stacks, and we give them the tools to make it easy for them to integrate, like reporting. Every MSP wants a different report for the client. You can't create a standard reporting engine because there's no standard. So the ability to tailor is huge.