In business today, digital security is one of the most important functions that any IT department is responsible for, and the weight of that responsibility is only growing over time. However, your end-users might not know if an element of their IT services operation needs an overhaul until something goes wrong. If you want to maintain trust with your customers, you can’t afford to let it get to that point. To make sure they’re prepared, here is a simple guide on the biggest issues to look out for, and what you can offer your customers if you spot a problem.
1. Weak passwords
One of the most glaring sore spots, if not the most glaring, in an end user’s information security strategy is the strength of passwords. Sadly, despite how much havoc weak passwords can wreak on any network’s resilience against attack, by and large, good password hygiene has not gotten noticeably better in the last ten years.
The first thing you can do is nudge your end-users to include password best practices in the training that their employees receive. High Wire’s Overwatch Holistic Security Platform-as-a-Service makes serving your customers robust security awareness training courses easy, as Overwatch designs training from the ground up. As resellers, you can then offer Overwatch training as-is, or integrate your branding and/or proprietary techniques.
Regardless of how you choose to deliver your customers a refreshed password strategy, password security essentially comes down to end-users setting complex passwords and implementing two-factor authentication. We probably don’t have to tell you how many high-profile breaches boiled down to an easily guessed password being the only safeguard standing between attackers and the keys to the kingdom.
Depending on the industry your end-users operate in, regulations might make passwords at some level or another unavoidable. For those end-users with the flexibility to pivot away from passwords, though, Overwatch gives you the option to provide password-free authentication setups to your customers. If an end-user’s operations can do without passwords, and they can’t fully migrate to high-entropy passwords, you can step in and offer an alternative. This will not only solidify their operations and save you an unnecessary headache from an easily preventable breach, but it shores up their trust in you by showing that you are proactive and responsive to their individual needs.
2. Ignoring “update now” messages
The old adage, “don’t put off until tomorrow what you can do today” applies when it comes to applying software updates and patches. The tangle of software and APIs that go into a modern enterprise operation is so convoluted that end-users can no longer afford to wait for IT staff to notice out-of-date software, get approval from higher-ups to execute an update and go forward with update deployment on their own.
Rather than relying on end-users to always launch updates for everything running on their (or cloud) hardware, wouldn’t it be better if you could present end-users with a unified dashboard of all their software patch levels and instant alerts if a new update drops? Fortunately, this proactive approach is already built directly into Overwatch so you don’t have to leave it to your customers to keep their eyes peeled for software updates.
Along with the constant monitoring of Overwatch’s SOCaaS, our platform also performs periodic vulnerability assessments as well as endpoint security. You, as a channel partner, can effortlessly recommend and pass on these features to, and customize them specifically for, your customers as needed.
3. Not having a tested restoration plan
Although most businesses have a data backup plan, not all of them have a restoration plan in case a breach is severe enough that remediation is insufficient for full operational recovery. Even if an end-user does have a restoration plan in place, it can be functionally useless in actual practice if it is not tested on a regular basis and updated as their business needs evolve.
If your end-users are doing anything less than regularly testing (and updating) a ready-to-deploy restoration plan, it’s time for you to intervene and get them back on track. Formulating a restoration plan where one does not exist or updating an outdated one, is a significant undertaking, and you and your customers should work closely to figure out what kind of response is best for their needs.
However, Overwatch can help reduce the burden of architecting a restoration plan by building and maintaining a complete and organically adapting picture of your end-user’s network. By leveraging machine learning and artificial intelligence (AI), Overwatch powers your solutions to build a per-customer baseline which, beyond being useful for detecting anomalous activity, can also be used as a reference for restoration plans.
Phishing may be unsophisticated, but what makes it dangerous is that it is a low-cost, high-volume attack technique. With phishing, attackers pretend to be an individual from a seemingly legitimate entity in order to trick an end-user’s employee into interacting with malware-delivering content, leading to a network compromise with that employee as patient zero.
As the model implies, it only takes one employee making one misstep to cause a breach that can cost your customers money in remediation, legal compliance, and downtime. Overwatch empowers you to offer your customers an array of mutually reinforcing, concrete preventative measures against phishing. In addition to pre-built security training programs with phishing recognition exercises ready for you to roll out to your clients’ staff, Overwatch lets you deploy user behavioral analysis as well as web-content filtering, letting you keep tabs on what your end-users are receiving and how they are interacting with it.
The AI powering Overwatch, aiSIEM by Seceon kicks in here for added protection as well. If content filtering and behavior tracking don’t catch phishing, the machine learning baked into Overwatch will take in the patterns that led to the infection point to block future traffic from that destination, or future traffic that bears common content or metadata signatures.
Phishing is not likely to stop anytime soon, but by watching your end-users from multiple angles, you can dramatically cut down the time to diagnosis and response, and make your customers a less lucrative target for future phishing campaigns.
5. 24×7 availability
Information security threats are no longer small, isolated or national criminal operations, but sprawling enterprises with global reach. This makes monitoring 24 hours a day, 7 days a week imperative for a sound security strategy–threats don’t take a break while your end-users are off the clock. This is particularly important for your SME customers, as they would not have the resources to watch their network around the clock on their own, making your solution their only recourse against severe compromise.
Between our AI-powered detection and a vigilant team of highly trained professionals, Overwatch saves you the trouble of having to put together a 24×7 monitoring operation for your customers. This lets you deliver network protection to your customers with the assurance that you won’t miss a beat when their staff goes home for the night.
Overwatch’s combination of eyes on glass and machine learning pattern recognition also puts your constant monitoring a cut above competitor solutions that can only offer the former. This dramatically reduces the response time for breaches by cutting down on the noise and giving our (and your) analysts more attention to devote to true threats. Low response time translates directly into breach prevention, and prevention beats remediation every time.
Making Overwatch work for your customers
Security services are an important component of any enterprise IT department, especially for those of SMEs. The solutions offered here, while central to the Overwatch platform, are only the tip of the iceberg for what it can do for your product line. If the issues your customers are facing don’t fall into any of these categories, or another solution is required in order to fit their unique needs, contact us to find out what upgrades you can make to your information security products. Our top priority is ensuring that your brand remains synonymous with trust among your customers, and we are happy to work with you to make sure you give your customers the tools that earn that trust.