Webroot Exec: Partners Should Get Back To Security Basics And Double Down on Backup, Patch Management

A Webroot vice president urged solution providers to avoid the hype around far-fetched threats and instead focus on defending against vulnerabilities that can be monetized and automated.

The Broomfield, Colo.-based company said channel partners could get distracted by news reports around Jeep hacks and data exfiltration and lose sight of the more mundane day-to-day threats their customers typically face, according to David Dufour, vice president of engineering and cybersecurity.

"There's all this sensational news, but your goal is to protect your customers at the least cost to you," Dufour said during Autotask Community Live 2017. "Try to get past the sensationalism, and understand what it is you really need to worry about."

[RELATED: Autotask Execs Aim To Help MSPs Prosper With A Platform That Adds Value, Context To Business Data]

Sponsored post

Even providing network security solutions comes at a cost, Dufour said, since solution providers often need to open a Security Operations Center (SOC), manage software, and deploy modeling solutions that handle threat detection to address the entire landscape. Moving from the MSP to managed security space isn't easy, Dufour said, and partners should have a handle on the resources they'll need to hire and the impact to their bottom line before making the leap.

"It's a lot more complicated than you might think," Dufour said. "Make sure you understand what you're getting into, and maybe explore a little bit what your customers are willing to pay."

The first thing all solution providers should do is ensure they're backing up all customer data in a manner that can be quickly restored, Dufour told 1,000 attendees Tuesday at The Diplomat Beach Resort in Hollywood, Fla.

"If you have a backup, don't pay the ransom, wipe the system, restore the backup, and you're done," Dufour said. "Who cares if you got inflected by ransomware because it's simple?"

Channel partners should also have a sound endpoint solution in place to safeguard the end user's machines against phishing websites, bad websites, and erroneously-inserted USB drives, according to Dufour.

"If you can do this, the bulk of your customers are going to be protected," Dufour said.

Ransomware is one of the most pervasive threats faced by channel partners, Dufour said, and is expected to inflict $5 billion of damage on the economy in 2017. It is wonderful for nefarious actors, Dufour said, since it allows them to untraceably gain access to the client's system.

"Once I've exploited a system and I've landed a piece of ransomware on there, I'm done," Dufour said. "You will never catch me, ever, because I will still be able to collect my money in bitcoin, and no one can trace that."

Although bad actors typically find it easy to access data using ransomware, Dufour said it could sometimes be harder to sell that data, particularly in high-profile cases like the Equifax breach announced earlier this month due to the buyer's fear of leaving a trail and getting caught.

"It's like stealing the Mona Lisa," Dufour said. "Who's going to buy it?"

Some 90 percent of all attacks, though, are phishing-based, which Dufour said typically take advantage of end user vulnerabilities. Phishing attacks are highly automated, Dufour said, and usually trick the user into either clicking on a link to get something to install or having them enter credentials so that an attacker can get into their bank account and steal information.

"You're trying to interrupt that automation process, and just prevent it from occurring," Dufour said.

The long-standing notion that patch management has very little to do with security is gradually changing, according to Dufour. The changing perception is partially fueled by the May 2017 WannaCry ransomware attack, which Dufour said could have been prevented by applying a Microsoft Windows patch to any post-2010 Microsoft servers or any Microsoft operating system back in March.

"It shocks me how many people have systems that are unpatched," Dufour said. "But if a patch breaks the software you use to run your business, you can't apply that patch."

If an end user is hit by ransomware and doesn't have a backup, Dufour said that channel partners should leverage Google to identify the strain of ransomware and figure out whether it's a high-quality or low-quality strain.

Ransomware with a good reputation can be decrypted with the proper key, Dufour said, while ransomware with a bad reputation can't be decrypted due to inadequate quality assurance. It might sometimes make sense to pay the ransom for a high-quality strain where there's no backup in place, Dufour said, but there's simply no reason to pay the ransom if the strain can't reliably be decrypted.

"Even if you pay for it, you're out of luck anyways, so you might as well buy flowers or a nice dinner for your significant other," Dufour said.

Many security issues could be avoided simply by having the most up-to-date patches in place, according to Charles Hak, president of C2 Computer Services. Although the Coral Springs, Fla.-based solution provider has patching tools in place, Hak said the company often faces pushback from customers who don't want to deal with the disruption of having their computers or other systems rebooting.

"They'll fight you, but ultimately, they'll understand," Hak said.