Managed Service Providers (MSPs) have a responsibility to their clients to protect their infrastructure and data from cyberthreats with their security stack. With many MSPs being directly targeted, this responsibility can be difficult to live up to. A layered approach to protection is required to address as many threat vectors as possible. All while staying within budget and providing the most convenient service to your end users.
Toward that end, managed IT providers put together security stacks to reach this objective of security. Cybersecurity stacks combine various disparate security solutions to address the wide range of vulnerabilities that their clients face. For instance, security awareness training is often employed to fight against phishing and ransomware, password managers. They encourage password hygiene, and EDR/MDR detects and responds to intrusions. Used alone, any one of these solutions can’t hold off a cyberattack. But when combined correctly, a full security stack can create a solid cyber-defense.
More and more new tools are finding their way into MSP stacks, taking their places beside traditional solutions like firewalls, antivirus, and monitoring. In this article, we’ll look at how User Access Control (UAC) has found its place among these must-haves of cybersecurity.
What is a Security Stack or Cybersecurity Stack?
Let’s begin with a quick overview of the security stack concept. MSPs use this term to refer to the planning and visualization of various cyber security tools they’ll use to protect their clients. Security stacks are usually illustrated as stacked and overlapping layers, depicting routes of entry of intrusions and defining how the different solutions work together to mitigate them.
The term “network security stack” is often used to specifically describe tools associated with the network and likely threats. These stacks usually include firewalls, intrusion prevention, threat detection, Security Information and Event Management (SIEM), and logging/monitoring solutions.
Though each is custom made to some degree, many MSP security stacks will focus on:
Perimeter security solutions focus on building walls between the client’s internal network and the external public network. This is a similar case as traditional firewalls. Once upon a time, most organizations could be protected simply by putting a hardware firewall in place. The threat landscape is far more evolved now, making external perimeter defenses only one small piece of the more comprehensive security puzzle.
Endpoints including workstations, laptops, smart TVs, smartphones, printers, and other devices with connectivity to the network represent the expanding scope of devices MSP’s need to monitor and address. Increasingly threats are taking advantage of endpoint vulnerabilities, making endpoint protection an essential part of every MSPs stack.
Additionally, as antivirus has become less effective in preventing intrusion EDR (endpoint detection and response) and MDR (managed detection and response) have become common tools MSPs deploy. In particular MDR is an active endpoint protection solution that allows detection, prevention, and response to cyberattacks. MDR involves carefully monitoring the processes of every endpoint for suspicious activity. It often uses automation or scripts to streamline this at scale.
Information security is all about the prevention of unauthorized data transfer from inside the client’s organization to outside. This covers data leaks, theft, and mishandling. Infosec also covers email protection, offering countermeasures against the most common way for malicious data to enter a network. Email protection solutions help prevent phishing attempts, spam, and viruses transmitted through malicious emails.
Backup and Recovery
Business continuity is also part of the typical MSP stack. Backup and Disaster Recovery (BDR) solutions are designed to ensure that all of an organization’s important data is backed up and can be restored at a moment’s notice. BDR is important to overall security, as it can be the only means to avoid the complete shutdown of a network after a ransomware attack.
What is User Access Control (UAC)?
User Access Control (UAC) is a Windows feature which allows system administrators to define boundaries between standard and admin privileged accounts. This allows MSPs to limit unnecessary access to systems, maintaining a safe integrity level and curtailing many threats before they can run rampant through a network.
Unfortunately, users often complain about UAC messages in Windows that interrupt their workflow. This inconvenience then leads some administrators to lax security measures. They may disable the UAC on user profiles and unknowingly open up administrator account privileges across the board. Doing this results in greater exposure to security risks. Correspondingly, allowing end users to make changes to their system which may cause other headaches down the road.
UAC Auditing Solutions like AutoElevate by CyberFOX bridge this gap between security and convenience. Subsequently ensuring that MSPs have consistent UAC settings on all client devices. With AutoElevate MSPs can monitor, configure, and automate UAC settings and events throughout all clients, always keeping them abreast of who is attempting to use admin privileges and when.
Adding Privileged Access Management (PAM) to the Security Stack
The use of such Privileged Access Tools allows the MSP to passively discover anything that produces a UAC on any Windows client machine. By gaining insight into every behavior that asks for Admin privileges, the MSP can better understand the level of risky user activity or malicious attempts in play. AutoElevate allows MSPs to see and configure UAC settings easily across all your clients, remove admin privileges, and track and inspect privilege use in real-time.
The process of adding AutoElevate to your security stack is very straightforward and hassle-free. Minutes after installing AutoElevate you can inspect privilege use and discover:
- How many, and which, machines have their UAC disabled
- If UAC is configured incorrectly for system administrators
- How UAC is set for users
- The number of devices being actively used with admin privileges
- The number of Admins configured on all machines
- A running log of every user action which requires elevated privileges
In addition, the monitored user activity from any computer, location, or client can be used to build rules and policies for all of your clients with just a few clicks.
AutoElevate’s “Audit” mode allows MSPs to easily identify which users are actively logged in with Admin privileges, have the UAC turned off or set too low, and which systems have an unusual number of local Admin users.
Once you move your clients from “Audit” mode to “Policy” or “Live” mode, you can apply multi-tenant privilege rules. Once enabled, custom rules can be instantly applied across multiple clients from a central control panel.
Why MSPs Need to Take Control of Access Controls
As mentioned earlier, improperly configured UAC can lay out the welcome mat for a wide variety of threats. When an MSP removes local admin privileges, they quickly enhance all other cybersecurity efforts. Not only is this a fast process, it’s one of the best ways to help stop malware and ransomware. In fact, removing local admin privileges can help mitigate 94% or more of known Microsoft vulnerabilities.
With the wider adoption of EDR and MDR, advanced UTM firewalls, intrusion detection and response systems, application whitelisting, and other modern security systems, many admins overlook some of the more fundamental security measures. Some MSPs even wonder if removing admin rights is necessary in a world full of so many advanced cyber tools.
The truth is that running UAC enabled is still a necessary ‘defense in depth’ measure that helps address one of the weakest links in most security setups: the end users/employees. Although most employees have good intentions, they can’t be expected to know the differences between benign and harmful software. The chances of standard users accidentally running malicious code or harmful software is too great to leave up to luck.
Finally, the easiest way to prevent installation of most malware and prevent malicious configuration changes is to restrict local admin rights or privileges. This is why it is still considered a ‘best practice’ to restrict or remove local Admin rights on user workstations, regardless of how many next-gen, advanced security tools are in play. (And why access control permissions are typically part of most compliance requirements.)
Build a Strong Security Stack
MSPs assemble security stacks because there is no single solution that will protect an entire organization from cyberthreats. Security methodologies and solutions must be layered, configured, and managed properly to achieve a maximum cyber protection posture.
The key to this layered approach is the task of identifying the most commonplace and salient weaknesses and vulnerabilities — the low-hanging fruit. Since limited user access can help prevent many malware attacks and close up the majority of Windows vulnerabilities, User Access Control measures should never be ignored.
A top-tier UAC and Permissions Access tool like AutoElevate takes the hassles out of addressing user permissions at scale. Designed for MSPs, AutoElevate streamlines auditing and deployment of UAC rules, automates many associated tasks, and simplifies communication with your clients.
Privileged Access Management In a Few Clicks
- Malware Protection
- Least Privilege ‘Baked-in’
- Audit & Remediation
- Remove Local Admin Privileges – Without Frustrating Users
- Fully Customize Windows Privileges
To learn more about AutoElevate by CyberFOX click here.