Datto’s fourth MSP Technology Day today (March 18) aims to engage MSPs with updates on technologies available and also to encourage them to think beyond established security tools to how to keep their SMB clients’ businesses running when, not if, an incident occurs.
The problem is that the frameworks are large Ryan Weeks, Chief Information Security Officer at Datto tells IT Europa with elements of cybersecurity – protection, detection, response and recovery and management as the parts of this. Many MSPs are uncertain where they stand on any assessment of their abilities in each of these, he agrees.
“In particular it needs a robust response on the response and recovery processes. Datto aims to make the journey more accessible by breaking it down into manageable chunks.”
It is clear that the start point is to assume that bad things have happened and then look at the recovery and isolation of the problem.
The resilience concept is not as hard a sales message as many MSPs believe, he says, particularly as surveys show SMBs intend to increase spending on security this year.
Datto has concentrated on there always being a recovery capability – even if human error or malevolent programmes try to delete the backups, he explains. As part of the MSP Technology Day, he explained how the Datto Cloud Deletion Defense provides an additional layer of defence for Business Continuity and Disaster Recovery (BCDR), protecting backups stored in the Datto Cloud from both accidental and malicious deletion. Cloud Deletion Defense in conjunction with Datto SIRIS thwarts these attacks and lets customers regain access to deleted cloud snapshots – similar to an ‘undelete’ option.
“This deletion of all and any backups is proving to be a major aim of the threat actors, who know that if there is no alternative to paying the ransom, they will succeed,” he says.
As another part of the protection model, Datto now also has a RMM Ransomware Detection solution which complements other security applications such as antivirus to reduce the impact of cyberattacks on MSPs and their clients. This behavioural-based solution monitors endpoints for unusual encryption activity, immediately attempts to terminate the ransomware process and isolate the infected device and prevent the ransomware from spreading through the network.
“We’ve done a lot of external testing on this, and I’m very excited by the possibilities. I think the isolation feature is very effective at preventing the spread of ransomware in an organisation,” he says.
“MSPs are the CIOs of the SMB economy and as such, they are constantly at the frontline of cyber attacks. As attack vectors evolve, MSPs need a new approach to security, incident response, and business continuity so they can protect their clients’ cloud-based workforces from unknown threats, minimise the impact of attacks and reduce downtime. With the right cyber resilience capabilities and with trusted partners at their side, they can set themselves up for success and be prepared for the unexpected.”