Don’t depend upon Microsoft Defender to protect your networks. And don’t let your MSP clients do it either.
That’s the word from a panel of experts gathered at MSP Expo 2023 in Ft. Lauderdale, Florida, to discuss why you need an extra layer of Windows security, beyond Defender, to protect your environment.
Mark Daly, CEO at DaleyPros Consulting, moderated the discussion.
“A lot of folks are not using it,” J. Peter Bruzzese, director of content creation, at on-demand video producer Clip Training, said about Defender. “It’s a bit clunky.”
Bruzzese is an eight-time Microsoft MVP, which means he knows what he’s talking about. Other published reviews said the Defender program has difficulty detecting certain malicious files, and that the scan data is sometimes inaccurate.
So what should you do? The experts agreed that while Microsoft Defender is better than nothing, every company can benefit from a “bolt-on” security package that works where Defender doesn’t.
Eric Russo, senior SOC manager for defensive security at Barracuda MSP, said that three-quarter of businesses surveyed recently reported an attack on their systems within the last 12 months. Usually the attack results in an account compromise, he said.
He said there are so many decisions to make regarding your Windows security choices, many people just punt. He clicked off a list of questions MSPs have, including asking about:
- Features and add-ons. Which do you need and which should you use?
- Thousands of vendors. How do you sift through all the claims and contradictions?
- Human element. How well versed are your employees in identifying risks?
Here’s another concern.
“How confident are you that you will be able to resolve the issue once you’ve discovered it?” asked James Abercrombie, ISV technical evangelist at security software Acronis. He’s a former software technician who now proselytizes for a leading bolt-on security package, one he helped build.
“It’s not about if, it’s about when you will get attacked,” Abercrombie said. “At least have an idea about what your next step will be if you have downtime.”
All three agreed that the first place you begin is by establishing an effective backup system. Then do what you can to protect yourself from being invaded.
Know that the backup is there, and know that you can access it quickly, Russo said. “At least have something you can lean back on.”
As far as preventing attacks, “user education is probably one of the largest factors here,” Abercrombie said. “How are you educating these users?”
“You need hands-on training,” Russo said. Video training isn’t enough, because it’s tough to get employees to understand the impact a breach can have by using video.
Daly said he once hired a hacker to infiltrate one of his networks. Then he showed his employees how easy it was for the hacker to trick them.
“It really worked,” Daly said. “Scared the hell out of them.”
Abercrombie agreed, “That real live training, that real live scenario, is the most effective.”
Some companies send phishing emails to themselves. If an employee clicks on a link in one of the company phish mails, they’re sent directly to the training room. Be careful with the tactic, Bruzzese said. It’s easy for employees to get angry because they keep getting tested.
“People start to hate the training,” Bruzzese said, “and then they start to hate you.”
Even your best people will make mistakes, Bruzzese said. That’s why it’s important to add an extra layer of security, beyond Defender, for your email programs, he said.
Daly pushed the panel to finish with some tips, which included:
Use multi-factor identification, Russo said. Ninety percent of business leaders turn off the function.
Use threat detection, Abercrombie said, as “there’s a lot of people who turn it off.”
Use a third-party package for email, Bruzzese said. “It’s invaluable to me,” he said. “You need an extra layer there.”
Edited by
Greg Tavarez
