Rawpixel - Fotolia

What does modern SMB cybersecurity entail?

Modern SMB cybersecurity increasingly involves managed detection and response services, improved zero-day attack spotting and better management of connected devices.

SMB cybersecurity is increasingly critical, as hackers target smaller organizations. Modern IT teams need to contend...

with increased risks from ransomware and malware, an increasingly large attack surface and added vulnerabilities from new technologies, such as the internet of things.

Preventing zero-day attacks, securing and managing endpoints and forms of connected devices isn't easy, but by adopting the right strategies, Current Analysis analyst Amy Larsen DeCarlo, in a series of Ask the Expert responses examining data protection, wrote IT teams can boost SMB cybersecurity in the face of myriad threats.

Using managed detection and response services

SMBs typically lack the extensive resources of large enterprises to confront cybersecurity threats. Instead, these organizations must extract the most benefit from their existing cybersecurity infrastructure. All too often, IT teams are swamped with alerts and sometimes miss the signs of a new threat to security, Larsen DeCarlo said.

Filling the gap in capabilities, a new group of vendors is marketing managed detection and response services (MDR). The new systems gather data from endpoints within the firewall and assemble a picture of activity on the network. Other MDR vendors, such as Rapid7, FireEye, Red Canary and Raytheon Foreground, mine and analyze network performance data, rather than device management data, to form a threat intelligence picture.

MDR systems are typically offered as a managed service, though a subset of vendors offer a self-service approach. SMB cybersecurity can benefit from triage offered by MDR providers, which goes a step beyond on the services offered by most monitoring services. Large vendors, such as Cisco, are beginning to move into the field, making acquisitions of MDR capabilities.

Preventing zero-day attacks

Larsen DeCarlo also said zero-day exploits pose a particularly stubborn threat to enterprises of all sizes, but particularly SMBs with limited resources to respond to an attack. Finding and fixing vulnerabilities rapidly is the new priority for IT departments, as cybercriminals now even launch zero-hour attacks.

Machine learning is one area in which security vendors are making major improvements. Cognitive technologies are able to spot traffic patterns and set a network baseline, spotting activity that doesn't add up. Machine learning is also offering a boost to threat intelligence, allowing vendors to monitor activity on the darknet and deep web, where criminals swap malware and exploit kits.

Additionally, managed security service providers also deploy their own networks of sensors to track global activity, thereby gleaning data that can be used for zero-day attack prevention. All too often, however, cybercriminals can appear to be one step ahead of vendors. For SMBs caught in the crossfire, machine learning offerings and managed security services can be a way to hedge bets.

Managing connected devices

Finally, Larsen DeCarlo said SMBs are particularly vulnerable to the proliferation of connected devices, associated with internet-of-things technology. Modern companies increasingly link up devices, ranging from cameras to HVAC systems and medical devices to the network.

Along with their traditional roles, IT teams are being asked to manage and secure connected devices without disrupting performance. Unfortunately, many connected devices are inherently less secure, increasing vulnerabilities.

Setting clear policies and taking a broad, multilayered approach is the first step toward secure management, Larsen DeCarlo said. IT teams can make simple tweaks, whether updating firmware or reconfiguring devices away from a simple, default password.

Organizations need to be on top of what devices are running on their networks and set a clear BYOD policy. Such a policy might fold over some wearable devices onto a guest network to keep the primary network safe.

As more SMB assets come under threat, these organizations need a defined plan going forward.

Next Steps

Endpoint threat detection becomes more responsive

Steps to prevent zero-day attacks

IoT device management poses IT challenge

This was last published in November 2017

Dig Deeper on Network Access Control