Webroot: MSPs Need To Take Layered Security Approach

Webroot’s breakout session at XChange 2019 focused on the array of security threats—from phishing and DNS attacks to cryptojacking—and the layered approach MSPs need to take to protect their customers.

Sarah Morgan, MSP channel account manager at Webroot, the Broomfield, Colo.-based security vendor, told the room of MSPs that there is no “silver bullet” when it comes to protecting their customers’ networks.

“There’s no one end all, be all,” Morgan said. “There’s no silver bullet. If any vendor stands up here and tells you, ‘Hey, we’ve got the perfect solution, we’ll protect you from everything—run as fast as you can in the other direction. It’s simply not true. The threats are evolving so quickly and the sheer magnitude is impossible for any one vendor to keep up with them.”

[RELATED: How 'Moneyball For Business' Can Solve Your Employee Engagement Woes]

Key best practices include cloud-based, real-time intelligent endpoint security, robust artificial intelligence, support for the security team, as well as network protection from cryptojacking and DNS cache poisoning as a second line of defense, and user protection.

“A number of these things, we’re using different vendors for,” said Imtiaz Allie, principal at Innovative Network Solutions, a Stamford, Conn.-based MSP. “For DNS we’re using Cisco Umbrella. Endpoint, we’re using N-able, so we use all these tools from different vendors, so I’m interested in going to the booth and checking [Webroot] out.”

Morgan said cryptojacking is essentially three lines of Java script that give a criminal the ability to purchase cryptocurrency with a victim’s computer. She said it is lucrative, low effort, and very dangerous. The software detects when a machine is dormant and goes to work mining cryptocurrency, and then when a user returns, it pulls back, returning control of the computer to the user, making it hard to discover.

“Of all the things we saw in 2018, cryptojacking took the cake,” Morgan told the crowd. “It dethroned ransomware for the No. 1 spot for the biggest, baddest, nastiest threat out there. That’s no easy task. … It’s highly profitable. That $6 trillion number that I threw out that we’re looking at as far as cybercrime, this is contributing a lot to that bottom line. Without a whole lot of work, you have cyber criminals able to install cryptojacking software and they’re able to install that on hundreds if not thousands of computers. So in the background they now have all of these victims working on their behalf, mining cryptocurrency.”

Daniel Graham, president of Versatile Computer Services, Park Forest, Ill., said he was glad to see cryptojacking covered as it was an issue he hoped to learn more about for his business.

“It’s all about security. That’s a big thing for my clientele—making sure they’re secure,” Graham said.