Include:
Tech
Cybersecurity
Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.

Location

333 West San Carlos Street
San Jose, California 95110
United States

WWW: acer.com

ChannelPro Network Awards

hello 2
hello 3

News & Articles

August 17, 2021 | Joshua Liberman

Protecting the Newest Endpoint: M365

With Microsoft 365 becoming cybercriminals’ latest target of choice, you must protect it just like you protect your clients’ desktops and laptops.

THE GREEK PHILOSOPHER Heraclitus said, “”The only constant in life is change.””

Flying to my first ASCII event of 2021, I am considering much of what has changed this past year. Writing this on an airline tray feels like a slow return to normal. Wearing my KN95 mask feels a bit less so. In many ways, what has changed the most is the ubiquity of our new Microsoft 365-centric workforce and the high-profile target it has become. This has been the biggest impact we have felt from the plague year, which many of us will look back upon with “”2020 vision.””

Now in 2021, with its new reality of distributed work, even our most premise-centric clients are really engaging with M365, including OneDrive, SharePoint, Teams, and more. This reality has brought a great shift in focus by miscreants of the web, especially the “”more professional”” bad actors. M365 has become the target of choice, with impersonation, admin hijacks, and other compromises the wave of the future. M365 has effectively become a new “”endpoint”” and must be protected just as you protect your desktops and laptops.

While calling M365 an endpoint may sound like a stretch, it is susceptible to compromise, hijack, and data loss—just like a traditional endpoint. That means we must armor M365 as we would any endpoint. Even though nearly every mailbox today is protected by anti-spam software, whether M365 native or third-party products like Mailprotector, Proofpoint, or others, most of those products fall short when it comes to targeted attacks like spear phishing. That’s why so many of us also layer anti-phishing products such as those from Avanan or others and engage a security operations center (SOC) to monitor M365 logs. We bundle complete, frequent backups with every M365 seat as well, as so much data lives there now.

Mail Filtering and Anti-Phishing

Until just last year, I was convinced that mail filtering alone was sufficient to stop both “”traditional”” spam and email-borne malware attempts, including just about any sort of phishing attempt. And then I came a few keystrokes away from falling for a particularly well-crafted spear-phishing attempt that employed impersonation and some data that had most likely been culled from a colleague’s social media posting(s). I realized that dedicated anti-phishing was the only answer. To be effective, an anti-phishing solution must do more than scan mail headers; it must deal effectively with impersonation, verify links are safe, and more. That is quite a tall order and one that we have now filled with Avanan, provided through Solutions Granted.

M365 SOC Services

The next step is to attach active monitoring and alerting to your M365 endpoints, much like the endpoint detection and response (EDR) protection for your traditional endpoints. There are many clearly malicious actions that can easily be flagged here. For example, logins to the same mailbox from geographically disparate locations close in time (aka “”impossible logins””) are a red flag. But the creation of global admins, rules that copy or redirect messages to outside addresses, and lateral movement within M365 (to SharePoint, for example), should be noted and alerted as well. And of course, any actions that clear logs are also highly suspect. Having a live set of eyes on your M365 endpoints is critical, and here again, we chose to work with Solutions Granted.

M365 Backup

As we began our transition from premise to hosted solutions such as M365, one of my first concerns was how we were going to back up all this newly “”clouded”” data. As a traditional MSP, we had developed significant expertise with managing Exchange servers but had always struggled with SharePoint backup, not to mention identifying and securing remote storage. The good news here is that this is far easier in M365, as all this data is effectively in one place. We shopped the market across several vendors and ended up working with Vault America to deploy Dropsuite. It provides frequent data snapshots that cover all the backup bases (OneDrive, Outlook, SharePoint, and Teams), and allows for genuinely easy, highly granular restores.

Vendor Sprawl

Some of you may note that we are weaving together offerings from several different vendors and adding significant costs to our M365 delivery. You might also argue that you can replicate a lot of this by delivering more advanced versions of M365 with advanced threat protection and email archiving, for example. Those are valid points and worth considering. But I would point out that our stack is just three vendors (Microsoft, Solutions Granted, and Vault America) and costs me under $6 per M365 “”endpoint”” in total, far less than moving “”up stack”” in M365. This means you can deliver all of this with M365 Business Standard at $20 or so per mailbox or price the bundle at $10 and attach it to any version of M365. While you do have more to manage, I have found the functionality of third-party options to be superior.

Monetizing It

This leads to perhaps the biggest question. How do we sell these services to our clients and make good money doing so? As with all that we do, we sell the cake, not the recipe, and we make sure that we keep the bundle intact both to ensure its efficacy and to maximize the economy of scale we achieve by bundling. We approach M365 as the broad, capable, and complex solution it is, not as a “”$5 mailbox in the cloud.””  We explain what M365 can do for our clients, and stress how important it is to secure and protect that infrastructure. Educating our clients in all that they can do in M365 and its criticality to their operations has made placing this suite for every M365 endpoint we sell much easier. Being able to attach this bundle to any version of M365, even nonprofit, helps too.

Beyond M365

We always strive to address security in a holistic fashion, and the rather sudden shift from premise to cloud and then to work from anywhere (WFA) has only reinforced this. We continue to secure traditional endpoints, the network core, and the newly porous perimeter. But even as we protect against today’s threats, we must try to anticipate those that are still below the horizon. The shift to WFA changed our concept of the perimeter, just as cloud has shifted our idea of the network core. As we move forward, new security challenges around desktop as a service, distributed cloud services, and more continue to develop. Protecting the M365 endpoint is critical, but it is only the first step in this journey.

JOSHUA LIBERMAN is president of Net Sciences, founded in 1995. A 27-year ASCII Group member, former rock climber and martial artist, and a lifelong photographer, Liberman has visited five continents and speaks as many languages. He also writes and speaks in the IT field and raises Siberian Huskies with his wife Heidi, who calls him the Most Interesting Geek in the World.

Related News & Articles

Growing the MSP

Editor’s Choice


Explore ChannelPro

Events

Reach Our Audience