Why we are non-negotiable when it comes to security
One of the core principles of our managed IT service is that everything for security is included (well, almost). After our 10+ years in the IT consulting industry, we know clients do not agree to every piece of advice we give, but in our minds you cannot compromise on security. In 2019 we saw the cities of Baltimore and New Orleans held hostage. Worse yet, the IT consulting / managed services industry is under attack, with 22 Texas government entities getting attacked via a service provider, and one of California’s largest MSPs getting infiltrated as well.
Part of running a business in today’s age is good IT security. We base our security on a few key principles:
Zero trust: this has become a bit of a buzz word, but we assume that no device/network is secure, including the office. Examples include requiring multifactor even when in the office, and networks are isolated from each other as much as possible (for example, between offices).
Edge/endpoint security is crucial. One of the implications of the cloud is that there is not always a defined network. People work from home, out of coworking spaces, Starbucks, and other uncontrolled networks. You cannot rely on a firewall at the office as your primary security.
Continuous review and improvement: Hackers do not take a break and neither we do. We added 3 new mandatory technologies in the last 12 months (Duo, IronScales and Huntress). As soon as we finish implementation of one solution, we are on the look out for what is next. The same goes for auditing and assessment.
Although we can never stop these attacks 100%, we can minimize our risk, and make ourselves and our clients an easier target. That is why as part of our monthly services we include several services to keep your company secure, including:
Policies and procedures
You thought the first item would be some new whiz bang AI-driven something? The biggest risk in today’s IT is still…people. Our expert CIOs will work with you to make sure you have the proper policies in place for things like network usage, bring your own device (BYOD - such as email on cell phones), retention and more.
We have a large library of policy templates, including a questionnaire based software that we can use to build policies customized specifically to your needs.
Fortigate Enterprise firewall for each office location.
Fortigate is consistently rated one of the top two firewalls, even more than Cisco, Sophos or Sonicwall.
We include a full security subscription. A firewall without a subscription is like just locking your doors at home and forgetting to arm the alarm system. This subscription actively updates the security profiles multiple times per day. It filters web traffic, DNS lookups, application profiles and more.
Antivirus and DNS filtering for every machine, both at the office and remote
DNS is the “yellow pages” of the internet. Every time your device requests a website, DNS is used to convert it from a name to an IP (numerical) address. DNS filtering quickly catches malicious links, especially when a site is infected by something like malicious ads.
Huntress EDR (endpoint detection & response) for every machine
This unique product does not stop breaches, but instead identifies them, both tracking the infiltration and providing remediation assistance. Started by veterans of the government’s intelligence community, Huntress alerts us when the other defensive layers have been bypassed.
Proofpoint Antispam and Ironscales antiphishing
Many MSPs will use the cheapest solution available, or something industry specific. We wanted the best available, which is widely accepted to be ProofPoint or Mimecast. PP filters emails as they come into your system, blocking known spammers, and scanning unknown attachments for malicious behavior.
As another layer of defense, Ironscales will flag any emails from an address that is spoofed, and the AI engine can remove emails that are identified after they’re already in your inbox. Due to the fast pace of hackers and the constant catch up the good guys have to play, this “after the fact” clean up catches a large amount of malicious emails.