It’s unpleasant but true—all businesses, no matter their size, are susceptible to the same kinds of cybersecurity threats that we see hitting enterprise organizations.
Cybersecurity for small to mid-sized businesses (SMBs) can be a confusing space, which is why we recently sat down with Ian Alexander of Syncro to clear the air and talk shop about all things cybersecurity for SMBs. We also learned what managed service providers (MSPs) can do to protect themselves and their clients now and in the future.
You can catch that webinar here, but for all our reading junkies, here’s a taste of what went down during this lively chat between Huntress’s Henry Washburn and Syncro’s Ian Alexander.
Breaking Down Cybersecurity Terminology
EDR, XDR, MDP…with all the three-letter acronyms floating around, which ones really matter and which actually mean something?
When it comes to explaining these terms, Henry likes to look at them in a Venn-diagram-esque manner, starting with AV and NGAV.
AV is the acronym for antivirus, and Henry says in its most basic form, AV can identify a known good and a known bad. That worked 15 years ago, but it made the fundamental mistake of assuming you’ll never be compromised.
You have to assume compromise; your walls can only be so thick. Inevitably, somebody will do something and get in.
This brings us to NGAV and EDR, which are essentially the same thing. NGAV is next-generation antivirus and EDR is the acronym for endpoint detection and response. So, EDR is Next Generation Antivirus, also referred to as NGAV.
Then there's XDR, extended endpoint detection. XDR essentially adds layers to your existing EDR. Henry said this is where it gets muddy because he's seen EDR offered as XDR and XDR offered as XDR+.
Makes total sense, right? (Just kidding.)
This led Ian and Henry to discuss which tools MSPs should have in their security stack and how to use the ones they already have.
Cybersecurity Stacks for MSPs
While there are certainly base-level tools all MSPs should have in their security stack, it really depends on the needs of each individual MSP.
Henry shared how he tends to place more focus on addressing the cybersecurity framework (in this case, the NIST framework). NIST is comprised of five pillars: identify, protect, detect, respond and recover. He recommends following this framework over adding a bunch of tools you don't necessarily need or use.
This way, MSPs can identify how the tools they already have can be used to fulfill the framework without additional tool creep. Henry pointed out that this also allows you to see in some cases that, yes, you may need an additional tool to answer some of these questions, but also how you can work with what you have.
As an MSP, to make sure you're providing a tuned offering is to understand how the tools you already use allow you to answer some of those requirements under identify, protect, detect, respond and recover.
Henry explained that as you work through the NIST framework, it becomes less tool-based and more people-based. So, while having an EDR is important, watching and understanding what is being delivered is equally important.
If you don't know how to use a tool, or what’s being delivered, what's the point of even having the tool in the first place?
Check out the entire webinar to hear Henry’s other recommendations for MSPs.
Key Takeaways
In Henry's eyes, it all boils down to two things:
- Maintain an incident response plan
- Make sure someone is watching and understanding alerts.
Henry offered some insight into the basics MSPs need to get up and running with an incident response: protect your logs, make and check your backups and make sure you're involving the right people in these conversations. He also explained that testing is one of the best things to do because you can go back in and assess the gaps.
We also talked about practical incident response planning in another Huntress webinar. We’ll leave that here for those who are interested.
Ian and Henry wrapped up the webinar with a pretty juicy question about what vendors should be doing when reporting on detections and breaches. So, make sure to go check out the full webinar to hear Henry’s candid answer about what he believes cybersecurity vendors could do better when reporting on incidents!
