I recently had the honor of being asked to speak at the Cyber Nation and TruMethods workshop on Cyber Resilience. As Managed Service Providers grow and become bigger targets, it's very important that Security becomes more than just Patch Management and Anti-Virus.
Security threats come at all companies every day. As the threat actors become more sophisticated, the types of attacks that they launch against their enemies also get better. I've long been of the mindset that it's very difficult to defend against an attack by a skilled actor where you are specifically targeted. Most of the security work and footing we see deployed is designed to make you JUST harder to attack than the guy next door.
You can think about this in the same way as in your own house. In reality, the lock or deadbolt on your front door provides minimal defense for your house. There are numerous windows that can be used for entry in a destructive method. If we search, we can find other methods such as shimming a door, under door entry, or other methods that may be used to enter non-destructively. The fact that your house can easily be broken into doesn't prevent you from locking it, nor should it.
We face the same challenges as service providers. We do a lot of virtual "locking the door" for our clients, but increasingly that isn't enough - we need to install anti-tamper deadbolts and other tools.
This function is geared towards other Service providers such as ourselves, but it's a privilege to be considered enough of an expert in the security focus area to be asked to participate in the event.
During the workshop, Bryson Medlock of Perch security and I will talk about the things all providers could and should be doing to increase their security posture. Many service providers simply approach security as patch management, firewalls, and anti-virus, but these days there is so much more to this process.
On day 1, we'll be exploring why your traditional patch management and Anti-Virus isn't enough. What other threats are hiding on your network you aren't considering? We'll look at vulnerability scanning, vulnerability management, and other tools service providers should be using to improve the security of their clients' networks.
On day 2, Web Applications come to the forefront. There is much training available for web developers on the security of web applications, but what do you as a service provider need to know? We'll explore why web applications get a particular focus, and some of the methods and tools you can use to review them and find vulnerabilities.
The event is free and focused on Managed Service Providers or other IT Service Providers.
If you're interested in learning more or signing up, you can at https://www.trumethods.com/cyber-workshop