Advertisement

Security News

Kaseya Ransomware Attack: 10 Things MSPs Must Do To Protect Themselves

Michael Novinson

From scrutinizing the security of acquired assets and pen testing software development environments to limiting how much access MSPs have to customers, here’s what Black Hat 2021 attendees said MSPs should do following the Kaseya ransomware attack.

East-West Segmentation To Stop Lateral Movement

MSPs need to keep their customers separate so that hackers can’t attack all their customers if they compromise the RMM software they use, according to John Maddison, Fortinet’s chief marketing officer and executive vice president of products. Traditional segmentation needs to be augmented by east-west micro-segmentation to keep an adversary from hopping across the MSP’s servers, he said.

Even if something gets through, Maddison said micro-segmentation isolates the incident by preventing horizontal spread from the RMM tool, which can typically see all customers and is connected to everything. MSPs traditionally have a very flat network, which means an adversary would have access to everything if they’re able to get into the MSPs’ systems, according to Maddison.

Both MSPs and their customers need to re-architect their networks to minimize the damage if they’re attacked, which Maddison cautioned is a big project. From there, Maddison said its all about how quickly an MSP can recognize that a customer has been compromised and activating their mitigation plan, which hopefully is already ready to go in the company’s Security Operations Center (SOC).

 
Learn More:
Advertisement
Advertisement
Sponsored Post
Advertisement
Advertisement