usingcybersecurityto grow&your&managed&...
TRANSCRIPT
Using Cybersecurity to Grow Your Managed Services Business
• I enjoy doing a good job for my customers
• I want their systems to run smoothly
• I want to ensure they are protected
• I want to sleep at night
• I want to grow my business CompTIA -‐ Interna<onal Trends in CyberSecurity 2016 PWC -‐ Global State of Informa<on Security Survey 2016 Symantec -‐ 2016 Internet Security Threat Report
Introduc<on
• CompTIA Resources -‐ Me
• 3 Levels of Service Offering • Founda<onal -‐ Me • Comprehensive -‐ Ken • Advanced – Ken
• IT Security Community – ScoO
• Security Assessment Wizard -‐ ScoO
• Panel Discussion
Agenda
CompTIA Resources
CompTIA Resources
CompTIA Resources
CompTIA Resources
CompTIA Resources
Using Cyber Security to Grow Your MSP
Three stages
• Data Backups • Desktop Antivirus • Email AV/AS • Basic access control • Software updates/patch
management • Wireless control • Physical access control
• Gateway UTM • Disaster recovery • Remote access/VPN • Basic awareness training • Awareness/Education • Verification of security testing • Policy • Wireless/BYOD • Asset control • System harderning
• Governance/Compliance • Incident response • Monitoring/SIEM • Pen Testing • Risk Assessment • WAP • Other
Foundational Security Comprehensive Security Advanced Security
David Watson Ken Bagnall Ken Bagnall
https://www.comptia.org/resources/comptia-quick-start-guide-to-physical-security-uk
Copyright (c) 2015 CompTIA Proper<es, LLC. All Rights Reserved. | CompTIA.org
Comprehensive Security Comprehensive security is the next step to provide a solid all around protec<on for any type of business. This is not ver<cal or customer specific focused, but is a comprehensive checklist of what can be used across the board for any type of business. Addi<onal layers, procedures and technologies would be required for a complete solu<on in some specific ver<cals or that are specific to some businesses.
10
Comprehensive Security Checklist BDR solu<on Backup and disaster recovery technology and business con<nuity plan Gateway/Perimeter UTM Complete UTM to detect and prevent threats Remote access/VPN Avoid port forwarding for remote access, instead use VPN access Awareness/Educa<on Simple awareness training (don’t trust/click/open) Can be automated Verifica<on of security Test current security setup. Vulnerability scans in/out. Review logs/reports Policies Create and enforce policies such as password, internet usage, access to
resources Wireless Usage policy and BYOD control Asset control Catalog all sodware/hardware, manage updates and control System hardening Disable all unused sodware, services and ports on all systems.
Copyright (c) 2015 CompTIA Proper<es, LLC. All Rights Reserved. | CompTIA.org
Advanced Security You may wish to offer addi<onal security, such as governance/compliance, incident response, monitoring, penetra<on tes<ng and risk assessment. However, these tend to be either ver<cal focused or service orienta<on focused, which means it might make more sense for you to partner with a provider that offer these type of advanced services instead of trying to build them yourself. In some cases you may even want to outsource some of the comprehensive items. Regardless of how you offer your customers security whether in house or outsourced, the most important thing is that every business has comprehensive protec<on.
Beyond Comprehensive Security Op@ons Governance/compliance Providing PCI/HIPAA or other consulta<on to cer<fy compliance Incident response Providing remote and/or on site remedia<on services to breaches Monitoring SIEM log correla<on and eyes in SOC on events Pen Tes<ng Manual penetra<on tes<ng/audi<ng of network/systems Risk assessment Full audit of company and business con<nuity, providing risk analysis and plan
IT Security Community
Who are we? • The CompTIA IT Security is
a group focused on the changing security issues of today.
Who should join? • Anyone looking to stay
current with the ever-‐changing security landscape.
• Join the community • Join our
CompTIA IT Security LinkedIn Group
Complete Ini@a@ves
• Watch Security Tech Tools Videos • Take a look at the Security Research Webinar (on-‐demand)
• Always connected, but all Wi-‐Fi is not GOOD Wi-‐Fi Webinar (on-‐demand)
• Security Code of Ethics • Security Trustmark + • Cybersecurity Standard • Try the IT Security Assessment Wizard
CompTIA Security Assessment Wizard
Our Panel
• Ken Bagnall, Managing Director, The Email Laundry
• ScoD Barlow, Vice President, Global MSP, Sophos
• Terry Galvin, Owner, Indigo IT
• Moderator: David Watson, Managing Director, Evolve Computers
• 14.15: Internet of Things in Prac@ce: End-‐to-‐End Partner Opportuni@es • Broadgate 2
• 16.00: Closing Keynote: Keep on Pushing – An Olympic Athlete’s Message of Persistence • Broadgate Suite
• 17.00: CompTIA EMEA Conference Closing Recep@on • Galleria
Up Next