SlideShare a Scribd company logo

MSP360 Cybersecurity Master Class part 2

Download as PPTX, PDF
M
MSP360

The webinar focuses on cybersecurity best practices for Managed Service Providers (MSPs), emphasizing key controls to mitigate risks from hackers. Participants are guided on implementing multi-factor authentication (MFA), proper network access configurations, and unique local administrator passwords to enhance security for small businesses. The session stresses the importance of practical advice over academic theories and highlights the necessity of treating vulnerabilities carefully to avoid complacency.

Technology
Related topics:
Data Protection Practices
1 of 63
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
MSP Security Masterclass Webinar 2 of 3 Tyler Wrightson Leet Cyber Security Twitter: @tbwrightson
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
@tbwrightson
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
Takeaway
MSP360 Cybersecurity Master Class part 2
Last Week Recap • Hackers Target MSPs • Risk is Bidirectional 1. Admin policy & Training to avoid password reuse 2. MFA Everything (of value) 3. Minimum Necessary & Least Privilege 4. Complacency
MSP360 Cybersecurity Master Class part 2
Agenda • Pragmatic Guidance on Controls for your clients – No sales pitch, no ‘academic bs’ • Foundations • Top Five controls
MSP360 Cybersecurity Master Class part 2
Small Business Double Edged Sword
Small Business Strength in Size
Small Business is Manageable
Foundations – Pragmatism Quantify Specifics of This Not This
Business Impact
MSP360 Cybersecurity Master Class part 2
Vulnerability != Risk
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
MSP360 Cybersecurity Master Class part 2
What do you think of X control?
Top Five Controls
Top Five Controls - 1
MFA
https://bit.ly/LCS-Legacy
MFA – “Other Sites” • Wiki, Project Management, CRM, etc • Don’t forget forgotten sites (pun intended) – Assume adversary can find everything • DNS, public records, social engineering
Top Five Controls - 1 MFA – Email & VPN – Legacy Protocols • https://bit.ly/LCS-Legacy – “Other Sites” • Wiki, Project Management, CRM, etc • Don’t forget forgotten sites (pun intended) – Assume adversary can find everything • DNS, public records, social engineering
Top Five Controls - 2
Important App Internal Network Junk App Internal App DC Access Everything – Bad
Important App Internal Network Junk App Internal App DC Access Servers Only - Good
Important App Internal Network Junk App Internal App DC Access Only Necessary - Best
Important App Internal Network Junk App Internal App DC Access Workstation RDP - Bad
Important App Internal Network Junk App Internal App DC Access Workstation RDP – Better TCP Port 3389
Important App Internal Network Junk App Internal App DC Access Workstation RDP – Best TCP Port 3389
Internal Network Most Networks Internet DMZ App
DMZ Good Internet DMZ App Internal Network
DMZ Good – No Internal Access from DMZ Internet DMZ App Internal Network Nothing Inbound
DMZ Good – No Internal Access from DMZ Internet DMZ App Internal Network Nothing Inbound
DMZ Better – No WKS Access from Servers Internet DMZ App Servers Nothing Inbound Workstations Minimal Inbound
DMZ Better – No WKS to WKS Internet DMZ App Servers Nothing Inbound Workstations Private VLAN Minimal Inbound
DMZ Better – No WKS to WKS Internet DMZ App Servers Nothing Inbound High Priv Low Priv
DMZ Better – No WKS to WKS Internet DMZ App Servers Nothing Inbound General Pop Finance Manufacturing
Poll – VPN Configuration
Top Five Controls - 4
Local Administrators Group
Local Administrators Group Domain Users
Local Administrators Group Primary User
Credential Reuse
SuperSecretPass99$$ Most Networks SuperSecretPass99$$
SuperSecretPass99$$ Same Local Admin Everywhere SuperSecretPass99$$
aad3b435b51404eeaad3b435b51404ee Pass The Hash aad3b435b51404eeaad3b435b51404ee$$
ServerManagerPass1! Not Much Better WorkstationPass99$$
Credential Reuse - LAPS
Microsoft PAWs
Privileged Users • Less is More • ANY privileges • Domain Admins, Enterprise Admin, Schema Admins • Password Reset
Top Five Controls - 4 • Local Administrator Configuration • Local Administrative Passwords – Unique for each host • LAPS & PAWS • Limit priv users – DAs (ent admins, schema admins)
Top Five Controls - 5 MDR – Specifically Managed – Not NSM
Questions
MSP360 Cybersecurity Master Class part 2

More Related Content

PPTX
Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your F...
MSP360
 
PPTX
providenetworksystemadministration.pptxhnnhgcbdjckk
kebimesay23
 
PPTX
chp unit 1 Provide Network System Administration.pptx
TadeseBeyene
 
PPTX
F5 Networks: миграция c Microsoft TMG
Dmitry Tikhovich
 
PPTX
TACOM 2014: Back To Basics
Joel Cardella
 
PDF
Certified Information Systems Security Professional (cissp) Domain “access co...
master student
 
PPTX
Multi domain security-management_technical_presentation
davebrosnan
 
PPTX
Managed Security: How Secure Are You During COVID?
The TNS Group
 
Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Secure Your F...
MSP360
 
providenetworksystemadministration.pptxhnnhgcbdjckk
kebimesay23
 
chp unit 1 Provide Network System Administration.pptx
TadeseBeyene
 
F5 Networks: миграция c Microsoft TMG
Dmitry Tikhovich
 
TACOM 2014: Back To Basics
Joel Cardella
 
Certified Information Systems Security Professional (cissp) Domain “access co...
master student
 
Multi domain security-management_technical_presentation
davebrosnan
 
Managed Security: How Secure Are You During COVID?
The TNS Group
 

Similar to MSP360 Cybersecurity Master Class part 2 (20)

PDF
Who will guard the guards
Network Intelligence India
 
PDF
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
PPT
Protecting Customer Confidential Information
William McBorrough
 
PPTX
Compliance technical controls and you rva sec 2019
Derek Banks
 
PDF
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
Micro Focus
 
PPTX
PACE-IT, Security + 5.3: Security Controls for Account Management
Pace IT at Edmonds Community College
 
PDF
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
Priyanka Aash
 
PDF
Secure Architecture and Incident Management for E-Business
Marc S. Sokol
 
PPT
Chapter 11 Presentation
Amy McMullin
 
PDF
Advanced persistent threats
Network Intelligence India
 
PPTX
4 Cyber Security KPIs
Steven Aiello
 
PPT
e-DMZ Products Overview
Dell
 
PDF
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
DOCX
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
PPTX
Are Your Endpoints Protected?
The TNS Group
 
PPTX
Techorama 2019 - Azure Security Center Unleashed
Tom Janetscheck
 
PPTX
Top 10 steps towards eliminating inside threats by paresh thakkar
Paresh Thakkar
 
PPTX
Offence oriented Defence
SensePost
 
PDF
The Federal Information Security Management Act
Michelle Singh
 
PPTX
ISBB_Chapter6.pptx
AmanSoni665879
 
Who will guard the guards
Network Intelligence India
 
Tips to Remediate your Vulnerability Management Program
BeyondTrust
 
Protecting Customer Confidential Information
William McBorrough
 
Compliance technical controls and you rva sec 2019
Derek Banks
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
Micro Focus
 
PACE-IT, Security + 5.3: Security Controls for Account Management
Pace IT at Edmonds Community College
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
Priyanka Aash
 
Secure Architecture and Incident Management for E-Business
Marc S. Sokol
 
Chapter 11 Presentation
Amy McMullin
 
Advanced persistent threats
Network Intelligence India
 
4 Cyber Security KPIs
Steven Aiello
 
e-DMZ Products Overview
Dell
 
User_Access_IIA-LA_3-9-2016
Karla Sasser, CPA CITP, CIA, CGMA
 
1. Written assignmentscommunication must demonstrate professional.docx
paynetawnya
 
Are Your Endpoints Protected?
The TNS Group
 
Techorama 2019 - Azure Security Center Unleashed
Tom Janetscheck
 
Top 10 steps towards eliminating inside threats by paresh thakkar
Paresh Thakkar
 
Offence oriented Defence
SensePost
 
The Federal Information Security Management Act
Michelle Singh
 
ISBB_Chapter6.pptx
AmanSoni665879
 
Ad

More from MSP360 (20)

PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PPTX
Webinar - Top 5 Backup Mistakes MSPs and Businesses Make .pptx
MSP360
 
PPTX
Webinar - Protecting Your Microsoft 365 Data
MSP360
 
PPTX
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
 
PPTX
What's New in MSP360 RMM webinar February 2025
MSP360
 
PPTX
What's New in MSP360 Backup -webinar 11/22/2024
MSP360
 
PPTX
What's New in MSP360 - webinar November 2024
MSP360
 
PPTX
Ransomware Evolution: What to Expect in 2025
MSP360
 
PPTX
Getting Started with the MSP360 Platform
MSP360
 
PPTX
The State of Ransomware in 2024: Trends, Threats, and Effective Countermeasures
MSP360
 
PPTX
Storage 101: A Deep Dive into Cloud and Local Storage With MSP360
MSP360
 
PPTX
Setting Up Backup Policies for Success webinar
MSP360
 
PPTX
Whats new at MSP360 Webinar - June 2024
MSP360
 
PPTX
Webinar - Generating More Revenue with MSP360
MSP360
 
PPTX
Seamless Data Protection with MSP360 + Wasabi
MSP360
 
PPTX
Getting Started with MSP360 RMM webinar April 2024
MSP360
 
PPTX
Webinar - Unlocking the Critical Value of Cloud Backup and Storage - FINAL
MSP360
 
PPTX
MSP360 Managed Backup: Secure Data Protection for Microsoft 365 and Google Wo...
MSP360
 
PPTX
Getting Started with MSP360 Managed Backup: Secure Your Data and Save Money ...
MSP360
 
PPTX
The Role of Backup and Recovery in the New Ransomware Economy
MSP360
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
Webinar - Top 5 Backup Mistakes MSPs and Businesses Make .pptx
MSP360
 
Webinar - Protecting Your Microsoft 365 Data
MSP360
 
Endpoint Backup: 3 Reasons MSPs Ignore It
MSP360
 
What's New in MSP360 RMM webinar February 2025
MSP360
 
What's New in MSP360 Backup -webinar 11/22/2024
MSP360
 
What's New in MSP360 - webinar November 2024
MSP360
 
Ransomware Evolution: What to Expect in 2025
MSP360
 
Getting Started with the MSP360 Platform
MSP360
 
The State of Ransomware in 2024: Trends, Threats, and Effective Countermeasures
MSP360
 
Storage 101: A Deep Dive into Cloud and Local Storage With MSP360
MSP360
 
Setting Up Backup Policies for Success webinar
MSP360
 
Whats new at MSP360 Webinar - June 2024
MSP360
 
Webinar - Generating More Revenue with MSP360
MSP360
 
Seamless Data Protection with MSP360 + Wasabi
MSP360
 
Getting Started with MSP360 RMM webinar April 2024
MSP360
 
Webinar - Unlocking the Critical Value of Cloud Backup and Storage - FINAL
MSP360
 
MSP360 Managed Backup: Secure Data Protection for Microsoft 365 and Google Wo...
MSP360
 
Getting Started with MSP360 Managed Backup: Secure Your Data and Save Money ...
MSP360
 
The Role of Backup and Recovery in the New Ransomware Economy
MSP360
 
Ad

Recently uploaded (20)

PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 

MSP360 Cybersecurity Master Class part 2