Saa$y MSP Community Call | 12.05.24

Описание к видео Saa$y MSP Community Call | 12.05.24

Phishing Attempt and SaaS Alerts
Eric and Andrew discussed a recent phishing attempt that was identified and contained without any breach. They also discussed the automatic provision of SaaS Alerts to clients. Gary shared an incident where one of their nonprofit clients was targeted in a phishing attempt, but the issue was quickly identified and resolved. The client was very appreciative of the team's quick response and professionalism. Andrew suggested that the team should follow up with the client's other contacts who may have fallen for the phishing attempt.

Security Breach and SaaS Alerts Update
Gary shares details about a recent security breach at one of their clients where SentinelOne failed to contain the threat, resulting in the encryption of several servers. Despite SentinelOne firing alerts, it did not prevent lateral movement, allowing the threat actor to spread across the network. Gary suspects the initial entry point was through the Fortinet VPN vulnerability. While frustrating, Gary appreciates the learning experience to improve their security posture.

Product Updates
Amanda presented a new feature in SaaS Alerts, allowing email notifications for rule triggers, which is expected to be available soon. Andrew asked if this feature would also trigger alerts in the PSA, to which Amanda confirmed it would, depending on the configuration. Enrique asked if they could set the alert levels, to which Amanda clarified that the feature is rule-specific and not dependent on the severity configuration.

New Features for Respond Functionality
Amanda and Adam provided updates on new features related to the Respond functionality. Amanda announced that a new "Impossible Travel" event from Microsoft Defender will be ingested and shown in the platform soon. Adam introduced a new "fire hose" feature that will email the individual underlying events that triggered a Respond rule, in addition to the standard Respond event email. This provides more detail on what caused the rule to trigger.

IP Address Provider and New Features
Liran confirmed that they use a third-party IP address provider due to the unreliability of Microsoft's IP data. They also mentioned that IP address data tends to change slowly. Adam then discussed a new feature allowing the mapping of all accounts over a confidence score to create shared devices automatically. Ben asked about the default setting for this feature, which Adam promised to confirm. Adam also mentioned the release of Datto EDR and SentinelOne in beta mode. Lastly, Adam explained a new enhancement in reporting the operating system from Microsoft events.

Phishing Tactic Exploits Word Documents
Andrew discussed a new phishing tactic involving corrupt Word documents that bypass security measures. He highlighted the psychological aspect of the tactic, which creates a sense of urgency and trust among users. Chip agreed, noting the tactic's success and its potential for future variants. They both emphasized the importance of educating users about the risks of QR code authentication and the need for a mandatory policy against it. Chip also shared his personal experience of being prompted to reauthenticate due to system timeouts. Andrew concluded by sharing a URL for a report from Vanta, a company that provides security solutions.

Focusing on Revenue and Compliance
Andrew discussed the importance of focusing on revenue and customer acquisition, rather than solely on cyber threats. He suggested that companies should prepare for upcoming compliance and regulation requirements from their largest customers to ensure their continued success. Eric agreed, noting that customers want to be operational without roadblocks. Andrew also highlighted the increasing use of AI and the need for companies to ensure their data handling practices align with their largest customers' requirements. He proposed a different approach to business, focusing on the potential issues companies may face in the next 6-24 months.

Security Spending and MSP Opportunities
Andrew discussed the importance of security spending in relation to employee size and the potential for increased spending to protect large clients. He highlighted the average number of applications that a company has, which aligns with the number of applications that MSPs are running. Andrew also emphasized the need for businesses to scale with their security needs and to view security as a business enabler. He suggested that MSPs could build in-house skillsets in compliance and automation to offer as a service to multiple customers. Chip agreed with Andrew's points and suggested the potential for MSPs to build a virtual compliance officer role.

Комментарии

Информация по комментариям в разработке