Mastering the five stages of cybersecurity evolution takes a reliable partner. We’re proud of our relationship with Arctic Wolf and will use their convenient step-by-step framework to simplify IT planning.
Arctic Wolf is a security operations company that empowers its MSP partners to optimize cybersecurity for their SMB and mid-market clients.
This collaborative arrangement creates a force-multiplier effect with three tangible benefits for MSPs and their clients:
- Lower capital expenditures and training costs
- Decreased insurance and compliance risk
- Enhanced trust and marketing appeal
Cybersecurity mastery starts with a realistic assessment of your present status. We’ll break down the terminology and highlight its business impact with relatable anecdotes.
This blog is a basic breakdown of stages for simple planning purposes and learning definitions. Some product mentions and services fit into more than one stage and category.
Mastering Stage One of Cybersecurity Evolution
Let’s start with a few cybersecurity basics. Every organization needs Active Directory (AD). AD is a directory and identity management platform that connects users to databases and services on their corporate domain.
Accessing AD (logging into the network) requires authentication with a user ID and password. Passwords should be complex, unique for every account, and changed frequently.
This recommendation prevents hackers from taking advantage of the human tendency to use the same user ID and password for every account.
Patch Management is the process of identifying and updating weaknesses and vulnerabilities in software. Since software is a common thread that runs through servers, clouds, computers, cellphones, carrier networks, and everything else in the world, there is no margin for error.
Lapses in one endpoint will take down entire companies, electrical grids, and defense systems. Amazingly, large public companies with multi-million dollar IT budgets have patching gaps.
According to Black Kite, “In 2021, Accenture received a “D” in patch management after a ransomware gang breached their systems and stole over six terabytes of data.”
Cybercriminals will take any opening they can find, which makes Backup a foundational aspect of security mastery.
Backup and its companion solution, Disaster Recovery, is an evolving discipline versus a final destination. There is always room for improvement and reinvention.
Mastering Stage Two of Cybersecurity Evolution
Physical devices, software, and web tools protect the perimeter of your IT environment. Each combines to form digital barriers that inspect, approve, reject, set qualifying conditions, and more for inbound and outbound traffic.
Firewalls evolve in sophistication, performance, and integration with related and complementary technologies. For the non-technical evaluator, every firewall you consider should have “next-generation” in its technical specifications.
Cisco characterizes a device as next-generation as follows: “It includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.”
SPAM protection and Web Filtering are integral to this conversation. Why? Both solutions have functionality native to firewalls. Capabilities are expandable by purchasing additional modules from firewall vendors and third-party providers.
For example, Microsoft 365 has a portfolio of email, web, and content filtering tools. However, most businesses require augmentation with expanded security feature sets from other vendors to compensate for gaps.
The process is similar to buying a car then enhancing the vehicle with after-market add-ons and customizations.
Our final recommendation for mastering the second stage of cybersecurity evolution is the Web Application Firewall or WAF.
A WAF is not the same thing as a firewall. While firewalls protect your network against attacks, WAFs protect websites from vulnerabilities and malicious threats. WAFs create a shield between web applications and the internet.
Mastering Stage Three of Cybersecurity Evolution
Arctic Wolf puts most companies at stage three. This section and stage four represent the gap your MSP and Arctic Wolf can fill as an alternative to building an in-house Security Operations Center or SOC.
Welcome to Advanced Endpoint Protection or AEP. Also referred to as Endpoint Detection Response or EDR, AEP is an autonomous solution that employs artificial intelligence (AI), machine learning, and behavioral analysis to prevent, detect, and respond to threats in real-time.
This portfolio of capabilities allows AEP to address all-new “zero-day” threats and anomalies across every device in your company, with speeds unmatched by legacy antivirus solutions.
SentinelOne can quickly identify ransomware and prevent it from encrypting devices. Even better, if your devices get encrypted, SentinelOne can roll back Windows machines to recover data.
Encryption is a hot topic as cyber attackers increasingly utilize Secure Socket Layer or SSL encryption to launch attacks. SSL Inspection is a powerful way to respond.
According to Zscaler, a cybersecurity integration partner of SentinelOne, “…[encryption] is a great thing for privacy, but it presents a challenge to IT security.”
They continue, “Decrypting, inspecting, and re-encrypting traffic are nontrivial, causing significant performance degradation on traditional security appliances, and most organizations can’t inspect encrypted traffic at scale.”
Every business needs policies for Data Loss Prevention or DLP. DLP solutions control what users can send or share outside of their organization.
For instance, DLP settings prevent users from backing up corporate data to their personal Google Drive or sending a confidential company business plan as an attachment to a webmail account.
To protect your network from unauthorized traffic and mischief, you’ll need an Intrusion Prevention System or IPS. IPS systems perform three primary functions:
- Monitor your network for Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, worms, viruses, and more
- Notify IT administrators when problems arise
- Take corrective actions like adjusting the settings on your firewall
DDoS attacks are a hot and scary topic these days. These deliberate, automated assaults flood and disable critical systems with internet traffic and large-scale malware payloads.
Military satellites, government networks, telecom infrastructure, eCommerce websites, and other foundational technology are prime targets.
HermeticWiper Malware is hitting targets in Ukraine as part of a coordinated attack by Russian forces. Incidents like this are afflicting organizations worldwide and driving demand for Distributed Denial of Service (DOS) Protection.
With the proliferation of cloud services AKA Software as a Service (SaaS), you’ll need a Cloud Access Security Broker or CASB to protect your data in third-party clouds. For instance, when your team uses HubSpot, Microsoft 365, Salesforce, etc., your data is processed and stored on someone else’s infrastructure.
Companies like Forcepoint, Microsoft, Netskope, and Proofpoint have CASB solutions that consolidate all of your cloud services into a central location for visibility, policy management, governance, enterprise-wide user, and device control.
Mastering Stage Four of Cybersecurity Evolution
This elevated stage of cybersecurity mastery ties everything together to form a complete Managed Detection and Response (MDR) solution.
Sometimes referred to as security operations center as a service or SOCaaS, MDR closes the gap on operating failures. Remember all the acronyms, definitions, and products we mentioned in the first three stages?
The marketplace has a glut of firewalls, network, cloud, and endpoint tools. Each security product generates an endless stream of alerts and requires diligent monitoring.
No wonder IT administrators and many MSPs are overwhelmed and fatigued by the noise:
- They don’t always respond to urgent notifications
- Critical patches get delayed
- It’s easy to miss warnings about cloud breaches
- Users may be reluctant to self-report their role in clicking on phishing emails
MDR controls the chaos with 24/7 Log Aggregation and Correlation, Human/Threat Intelligence, and Incident Detection and Response. When combined, you gain the ability to continuously monitor vulnerabilities, respond to alerts, and identify advanced threats.
Mastering Stage Five of Cybersecurity Evolution
“Mastering” is probably the wrong word for the title of this section. However, knowing you’re not a master reflects a certain level of mastery and wisdom.
Stage five is an elusive goalpost, and most companies struggle here. A 2018 Verizon Enterprise Breach Report states (and I quote verbatim):
- Security engineers are difficult to hire, expensive to support, and hard to retain
- One 24/7 position requires four or five full-time employees when factoring in eight-hour shifts and PTO
- A complete SOC requires up to 12 engineers
How do you advance your cybersecurity evolution?
Your MSP can hook you up for less than the cost of one full-time security engineer. This arrangement has benefits that include but is not limited to:
- Continuously improving your security posture
- Dynamic security policy updates
- Accelerating remediations
Figuring out precisely what you need to master cybersecurity can be confusing. But it doesn’t have to be.