How to Build a Security Stack: MSPs and Password Managers 

Share

Security Stack

As you know, MSPs typically put together a “security stack” to get the job done. Such stacks are a combination of various security solutions designed with the specific use case in mind. Additionally, most stacks have tools in place to address the salient vulnerabilities or high-risk parts of an organization. For example, awareness training is often employed to fight against the all-too common threats of phishing and ransomware.  

Managed Service Providers have a responsibility to their stakeholders to protect their networks and data. In the modern cybersecurity landscape, this can be a difficult objective to achieve. At the very least it requires a layered approach to protection that addresses as many threat vectors as possible.  

As of late, password management tools are finding their way into more security stacks, right alongside the traditional entries like firewalls, antivirus, and monitoring. In this article, we’ll look at how password management fits in among these long-standing staples of security. 

What is a Security Stack or Cybersecurity Stack?

Before we get into the details, let’s explore the nature of the security stack. This term helps plan and visualize various cyber security tools that an organization uses to protect themselves. Security stacks are often imagined and illustrated in layers, clearly depicting avenues of entry and functional overlap between different solutions.  

In some cases, the term “network security stack” is used to specifically describe tools attached to the network to detect and block threats. In these stacks you’ll often find firewalls, intrusion prevention/detection, Security Information and Event Management (SIEM), secure web gateways (SWG), and security analytics/logging solutions. 

Again, the best security stacks are custom-tailored to specific situations. That said, the most common MSP security stacks will include: 

Perimeter protection 

Perimeter security solutions put a “wall” between the private internal network and an external public-facing network — the traditional firewall being the prime example. A few decades ago, an organization could be relatively protected with only a firewall in place. However, the threat landscape has changed and perimeter defense is only one small part of a comprehensive security plan.  

Endpoint protection 

Endpoints — also known as devices — include workstations, laptops, smart TVs, smartphones, printers, and even vending machines with connectivity.  

Management of all these devices is usually secured through the Domain Name System (DNS) protection. Increased threats have made a more aggressive defensive tactic popular as well:  Managed Detection and Response (MDR). MDR is an active endpoint protection service that allows detection, prevention, and response to attacks across all vectors. This is accomplished through monitoring the processes of every endpoint for suspicious activity.  

Information Security  

Information security revolves around the prevention of data loss and theft, including data leakage, which refers to the unauthorized transfer of data from inside your organization to outside. This also includes email protection, a common way for malicious data to enter a network and for private data to be exfiltrated. Email protection solutions help prevent phishing attempts, spam, and viruses communicated to end users through malicious emails. 

Backup and Recovery 

Backup and disaster recovery (BDR) is designed to ensure that all of an organization’s important data is backed up and can be restored quickly in case of a ransomware attack or other disaster. BDR is an important security consideration, as it can be the only thing standing between a small incident and the complete shutdown of a network — and the organization it’s supporting.  

What is a Password Manager? 

Why are password managers becoming such a key part of the modern security stack? Simply because they’re easy to use and address some of the biggest cybersecurity threats we face today. 80% of hacking-related breaches are traced back to stolen and reused credentials

Here’s how password managers help an MSP fight back: 

A password manager allows users to generate and store all of their passwords in a safe location. Instead of memorizing all the login information they use for every site they access, the users only need to remember their one master password. Autofill and autosave features built into the password manager make it very easy to use, and the net result is an experience that allows all users in an organization to follow password hygiene best practices.     

As a side note, password managers also come in handy for a few other reasons. Many let users store things like credit card information and notes in their secure data vaults. Many also support biometric security and MFA for even more convenient security.  

Adding Password Management to the Security Stack 

You can’t talk about total security without talking about login credentials and passwords. Hackers and penetration testers commonly exploit passwords. The primary goal of the majority of phishing campaigns is to harvest login credentials to be used later for more targeted attacks.

Phishing and other forms of social engineering are the most significant attack vectors in use today. Over 70% of IT professionals say they’ve had stakeholders fall victim to these types of attacks. 

Because the squeaky wheel gets the grease, the majority of solutions in a security stack are often geared towards the risks of social engineering. Multi-factor authentication and email filtering are sometimes required to ensure even a baseline level of security. 

Stop Attacks

But even with measures in place to stop phishing, leaking, or shoulder surfing, passwords can still be a significant threat vector — particularly if they are weak passwords. Brute force attacks can bypass weak passwords relatively fast.

The most basic brute force attacks involve guessing passwords, usually from a known list of previously-used passwords, common passwords, or permutations of past passwords. Dictionary attacks are less target-specific and use lists of common words and passwords that have been assembled globally. Generally, they are less accurate, but if your password is something like “airplane1”, the dictionary attack will get right through. 

A more sophisticated method involves cracking the password hash. Although, this is more involved as the intruder must first gain access to hashed credentials. There are a few ways this is done, including intercepting a WPA WIFI handshake, stealing passwords from a local database, or capturing Windows domain credentials during login.  

Once the hashed credentials are obtained, they’re cracked using special software that makes millions of guesses per minute. This is where having long, complex passwords comes into play. The more characters in a password, the more time it takes to crack using this method — and the effects are exponential. Passwords with six characters can be cracked in minutes. Passwords with fifteen or more characters are practically uncrackable with current technology (unless someone wants to wait 150 years or so for the result). 

Why Your Clients Need a Password Manager 

Registering accounts is a hassle, but many of us need to create and maintain dozens of online credentials for work and personal use. Generally, filling out online forms isn’t so much of an ordeal — but creating and memorizing countless long, complex, unique passwords is.  

And that’s precisely why most people still don’t follow security guidelines for their passwords. They use easy to guess passwords, reuse passwords, and make it easy for bad actors to get into their accounts.  

Password managers give IT providers a way to solve this problem by taking the hassle out of proper password hygiene. If you’re familiar with the CIA Triangle, you know that it’s not common for something that increases security to also increase convenience. This makes selling to your stakeholders or clients on password management easy and simple.

Password Management Tools

  1. Password generators: These not only save time; they come up with much better passwords than most people will think of on their own. Random generation of long strings of characters instantly produces passwords that are impossible to crack.  
  1. Ease of use: Most password managers have a built-in feature that auto-fills login credentials in the appropriate places. This not only helps by taking away the need to remember passwords, but securely helps save time by autofilling other types of forms.  
  1. Secure password sharing: For people who are sharing accounts with their friends and family (like streaming services or shared bank logins), password managers allow these credentials to be shared and updated securely.  
  1. Cross-platform support: The best password managers can be used on multiple operating systems and devices, meaning that a users’ secure password vault can easily be shared across every device they use.  
  1. Multi-factor authentication: Enabling MFA adds another layer of security on top of the secure passwords themselves. With MFA, even if someone obtained the user’s master password, they would still need to pass the second security check (usually requiring the owner’s smartphone) to complete their breach.  

Conclusion 

Security stacks exist because there is no single tool or solution that will protect an organization from cyberattack. Security solutions must always be layered, configured, and managed properly to work toward the goal of a hardened cyber-defense posture.  

Part of this layered approach is identifying and mitigating the most common weaknesses and vulnerabilities. Unfortunately, for most organizations this is the human element. Furthermore, weak passwords contribute more to overall cyber risk than most realize.  

Password management software helps turn this around by hardening authentication and taking the majority of the password hygiene burden off the shoulders of the end user. Therefore, with the right password management tool, employees and stakeholders have no reason not to take a more secure approach to their passwords.   

Password Boss A Key Piece in a Comprehensive Security Stack 

  • Management Portal 
  • Built-In Dark Web Feature 
  • Two Factor Authentication 
  • Secure Password Sharing 
  • Multi-Layered Security – AES-256 and PBKDF2  
  • Affordable – Plans Start at Just $3 Per Month Per User No Hidden Fees 
  • Easy to Use – Setup is Fast and Easy 

Read Our Other Blogs:

Follow Us on Social