Cybercriminals by definition don't play by the rules. They aren’t constrained by org-chart-diagrammed lines of business, carefully guarded network domains, narrowly deployed security solutions or compartmentalized technology teams. They look at your customer’s network as a single entity and will take every opportunity for lateral movement. That means they may have better visibility into an organization's network operations and architecture than many of the folks who actually work there.
This "silo effect" is dangerous. It's also way too prevalent.
As cybersecurity needs have evolved, organizations have deployed one-off security solutions in different areas of the network and cloud infrastructure that often require individual management. As a result, threat intelligence is isolated, so detecting sophisticated attacks requires the sort of manual correlation that most organizations simply do not have the resources to support. For MSPs, the mandate is to break down these walls and provide integrated security solutions.
As to how to convince line-of-business decision-makers, look no further than the shift to a digital business model. Data is the currency of today’s economy. Collecting it, generating it, mining it and finding ways to make it available to both employees and consumers are measures of success. But while workflows and data now move freely between one network ecosystem and the next, the institutional culture building these systems still has hard lines drawn between domains and lines of responsibility, and they protect zones of personal control that have developed over years or even decades. In such an environment, establishing consistent visibility, management and security protocols that span the network can be next to impossible.
Malicious actors know this and use it to their advantage. Fortinet’s first-quarter Threat Landscape report reveals that the number of unique exploit detections grew by over 11 percent, to 6,623. And at the same time, 73 percent of companies experienced a severe exploit during the quarter. Our data seems to indicate that cybercriminals are getting better at matching exploits to their targets. I can attest that organizations with institutionalized controls and rigid hierarchies that isolate personnel and restrict resources to teams with specific silos of responsibility tend to be more vulnerable to today’s sophisticated attack strategies. The fractured infrastructure resulting from this model allows attackers to hide in the gaps between control systems.
Likewise, complex, multivector attacks are difficult to identify when a team has access to only a limited sphere of functionality. And malware that can mimic legitimate traffic is especially difficult to detect when the team responsible for security has no control over the data or resources being consumed or delivered by another team.
Security-focused partners are in a good position to help customers reconsider how they plan to stay ahead of the criminal community that wants to steal, hijack or ransom their data. You are an impartial, outside observer who may see schisms that the company doesn't even realize may be putting its data at risk.
Once you get their attention, there are four steps to begin implementing effective security services help bridge the gap between traditionally isolated security devices.
Cybercrime has evolved faster than the typical piecemeal security strategy can defend against it. Wide-reaching knowledge of the attack landscape and the ability to respond quickly at multiple levels are the only ways to provide the level of security needed now. By providing such services, you will ensure consistent enforcement and security effectiveness, regardless of how complex your customers’ network environments may be.