Baseline Security (Posture) Monitoring is the New Breach Monitoring

As part of the 2021 MSP 500 project, CRN asked MSPs to describe their most significant challenges for 2021. Their answers ranged from 'finding and hiring highly trained new employees' to 'fulfilling clients' sophisticated IT security needs whilst sustaining business in the saturated MSP market.'

In 2021 the cybersecurity threats have taken different shades and have compelled the MSPs to refine and increase their security offering to stay relevant and thriving in the market. This calls for offering advanced cloud security solutions that will allow MSPs to take care of their client needs and focus on increasing their business revenue.

Through this article, we aim to refocus your attention on solutions that help you attain a CONTINUOUS security journey with minimum efforts. This is where the concept of baselines comes into play.

Silly Bob.  It was his fault.  

When security processes fail, the root cause conclusion is often something like

“Well employee Bob should have reported to us that MFA was off on his account, because I told him on his first day that MFA was a policy at the company”.

Oh well if people only just followed every little documented and non-documented thing we ever told them then security breaches may not happen.  Right?

No!  

There are a few important observations we must make on the above before we can get real with ourselves about security practicalities.  

1. People, have priorities in their lives that may not align with their employers. Health issues are way more important to Bob than your MFA policies.

2. Undocumented policies are commonplace.

3. Documented Policies just gather dust.

4. People are imperfect.  

Maybe we need a security audit to find problems like Bob’s misconfigured account?

‍

Ad-hoc Security Audits are NOT enough

Even when pre-configured correctly, a business’ security configurations (posture) are constantly shifting and deviating because:

1. Employees comes and go.

2. Employees constantly expose data through sharing.

3. Admins reconfigure things for new business needs or exceptions.

4. Mal actors (hackers or disgruntled Employees) leave doors open.

MSPs do not need to want to be MSSPs. The day has come where it is no longer good enough to sell an audit once in a while. MSPs (or better still, their clients) need achievable mechanisms to ensure security posture is:

1. Appropriate

2. Applied

3. Applied consistently.

4. Applied continuously.

The answer.  – Automatic monitoring and continuous remediation of Security Baselines coupled with breach monitoring makes this picture holistic.  

It’s like a continuous Audit.

‍

What is a Security Baseline?

Different organisations like NIST, ITIL, Microsoft, Canadian Centre for Cyber Security etc., have their own definition of security baselines.

‍

It is known by various names like ‘configuration baseline’, ‘security control baseline’, ‘security baselines’ etc. In essence, a security baseline is a set of known ideal configurations that are set and recorded. Changes to any configuration can then be flagged as it will deviate from the baselines. These configurations can be security settings on anything, such as user settings, group membership, permissions, mailbox settings, policies, rules, etc. Put together, they form your security posture (baseline(s)).

‍

What is the purpose of a Security Configuration Baseline?

Automation is a wonderful tool to reduce workload and allow MSPs to perform smarter rather than harder. Security baselines have multiple specific configuration settings to enhance security. However, these configurations become an arduous task when performed manually. They eat up time and effort. They aren't entirely error-free either. Some organisations provide automation for maintaining security configuration baselines that meet the bare minimum standards. As an MSP, you need to question yourself:

1. Is that enough to deliver best practice security to your clients?

2. Is that enough to stay afloat in this demanding MSP market?

3. Is that enough to increase your revenue and client retention?

If your answer to these questions is NO, then the next question is, what do you need exactly?

Automate Baselines – A Continuous Actioned, Audit

Security baseline configuration automation should not just meet the minimum security baseline standards. They should also offer:

• Continuous Audit

• Best Practice Controls

• Continuous Monitoring

• Continuous Remediation

• Change Alerting

All rolled up into AUTOMATION

‍

Luckily, at Octiga we offer a new, fully automated, solution which couples the monitoring and remediation of breaches with the managing and monitoring of security postures using automated baselines. It enhances your security offering through the following steps:

1. We provide the IT Admin with a set of best practice baselines templates.  

2. The IT Admin applies these to the tenant, and groups.

3. Business goes on.  Changes of concern to settings, users, groups are flagged.

4. The IT admin either

- Remediates

- Or accepts the change as a baselines change

Want to learn more about how Octiga’ s Automated Security Baselines can fit your unique business needs? Drop a line or schedule a one on one session with us now!