In this presentation from an IT Nation Breakout Session, Lumu CEO Ricardo Villadiego discusses the evolving threat landscape faced by Managed Service Providers (MSPs) and the necessity of maximizing their cybersecurity stacks. He highlights specific adversary techniques, such as exploiting networks without DNS filters to establish command and control capabilities.
Villadiego emphasizes that simply deploying multiple tools is no longer effective; instead, MSPs must incorporate a strategic approach to cyber defense, specifically utilizing open-source tools like the MITRE ATT&CK framework to understand and defend against adversarial tactics, techniques, and procedures.
Furthermore, Villadiego introduces an automated detection and response strategy tailored for MSP environments. To support this, he announces a special offering exclusively for MSPs: the MSP live version of Lumu. This tool provides comprehensive capabilities, including data collection, automated response, and integration for up to three customers and 50 endpoints.
This initiative stems from feedback gathered since the company’s inception in 2019, reflecting a deep commitment to delivering value and adapting to the specific needs of the MSP community in their fight against modern cybersecurity threats.
Takeaways
- Orchestration over Acquisition: The most effective response to evolving threats is orchestrating the current security stack so that tools like firewalls and EDR work collaboratively rather than in isolation.
- Living off the Land: Attackers are targeting MSP-specific tools, such as RMM and PSA software, because they can use these pre-authorized applications to execute malicious commands.
- Empowering Entry-Level Staff: By using AI and machine learning to automate the three-step threat hunting process (trigger, investigate, resolve), MSPs can enable junior engineers to provide expert-level security outcomes.
- Network Visibility as Center of Gravity: Because every attacker must eventually use the network, network metadata serves as the essential eye for validating if other security tools are failing and providing feedback for self-regulation.
- Targeting the Entry Point: A successful automated detection and response strategy aims to stop attacks at the fishing or malicious file stage, preventing them from ever reaching the final stage of automated data exfiltration.
