MSP-Client Relationship
Managed Service Providers (MSPs) are remote management solutions deployed as software that can help manage a client’s network enterprise. Clients enter into these service-level agreements (SLAs) to address common IT/administration requests to provide uniformity to their networks. Depending on an organization’s architecture, an MSP can be deployed on the premises, in a cloud environment, or through a hybrid of the two. However, each configuration can lend itself to the very vulnerabilities from which the MSP purports to protect the client. The shift of the network security burden to the MSPs and the company’s over-reliance on them have the potential to leave the client exposed to and prime for attacks from ransomware actors like REvil or Gandcrab.
Multiple government agencies, most recently the Secret Service, have repeatedly reported increases in incidents where an attacker breaches the seemingly secure MSP architecture and uses it as a pivot point to attack the client. The client, meanwhile, has no visibility over the security of the MSP even though their own security is bound to it. This outdated security model lacks adaptability and flexibility, especially because it is not a proactive service.
Redpoint Cyber’s professionals have extensive experience providing MSP-bound clients with services to develop a security program that is able to identify, remediate, and hunt down the sources of vulnerability caused by their MSP.
Redpoint is neither an MSP, deployable SOC, nor MDR vendor. Rather, Redpoint is a custom solution for clients who want to anticipate the next attack by obtaining agile, non-intrusive services such as:
Customizable Enterprise/MSP Solutions
- Remote support for remediation and restoration services to improve cybersecurity,
- Internal network traffic encryption with on-premise and cloud-based servers, including those managed through MSPs,
- Securing mail exchange (MX) servers by deploying digital forensic tools to query logs, test authentication, and develop domain-specific rules to safeguard the servers,
- Deploy endpoint protection and increase client visibility and insight into tethered devices;
Penetration Testing
- Human-led, automated internal network testing,
- Efficient and effective endpoint testing,
- Deployment of tests through the lens of an ethical hacker, without disruption to network operations,
- Show stakeholders the test from the attacker’s perspective using the MITRE ATT&CK framework. This is an industry benchmark of tactics and techniques used by threat hunters, red teamers, and defenders to classify attacks and assess an organization’s risk thereby tailoring a security posture for the enterprise;
- Vulnerability hunting using weaknesses found through the penetration test (“pentest”) combined with attacker tactics, techniques, and procedures (TTPs) and threat intelligence,
- Hunting artifacts left behind from attackers,
- Disabling attackers’ abilities to reach back into the network or to neutralize the attacker’s ability to exploit the network,
- Hunting for threats and anomalies to detect and nullify attackers in the early stages of an attack;
Threat Intelligence
- Industry-specific cyber threat intelligence curated for your company
- Open source intelligence, dark web information, and industry data to support early indicators and warnings,
- Insight into cybercriminal and Advanced Persistent Threat (APT) campaigns.
Cybersecurity is no longer solely the responsibility of the CISO/CTO but should be a company-wide concern; MSPs are too big a cybersecurity vulnerability to ignore. Redpoint can provide a comprehensive cybersecurity defense solution to predict, prevent, detect, and respond to breaches by anticipating the adversary and hunting the hunter.