StorageCraft Technology Corporation
X

As long as there bad guys that are intent on wreaking havoc across corporate networks and personal computers, the IT security arena will be rife with opportunity for MSPs. According to Allied Market Research, the managed security services industry is projected to hit $40.97 billion in revenue by 2022. North America is expected to dominate the global market in terms of value, but the Asia-Pacific region could see the biggest returns as the region is slated to register a 20.3 percent CAGR during the forecast period.

Security Beyond Prevention

Executives in organizations big and small recognize the importance of securing confidential data. Unfortunately, the lack of IT skills and financial resources often makes adequate data security an insurmountable challenge. MSSPs provides these organizations with access to cost effective solutions that can significantly reduce their exposure to security threats while simplifying administration and putting requirements such as regulatory compliance in reach.

Managed security encompasses a broad range of applications designed to protect client networks. Many of these applications are based on the fact that prevention is the best form of protection. The typical intrusion prevention system (IPS) helps strengthen existing defenses by monitoring network traffic for potential threats. If trouble is suspicious activity is detected, the system blocks the threat to prevent it from compromising the network. While the prevent-defense theory certainly has its merits, it might be in the best of interest of MSPs to take their managed security aspirations beyond prevention.

IT research firm Gartner expects the focus on the managed security front to shift away from prevention and more towards detection and response as firms pour money into cybersecurity. That enhanced focus has led to the development of an emerging market segment called managed detection and response (MDR). It is built around the simple premise that prevention alone can’t thwart security attacks as the threat landscape continues to evolve. Further, in order to provide protection against sophisticated exploits, a security solution needs advanced detection capabilities and the ability to quickly respond when prevention fails.

Managed detection and response is founded on core principles such as continuous network monitoring, threat validation, and rapid response to confirmed exploits. The moment a legitimate threat is detected, the system sends an alert to security personnel, allowing them to focus on mitigation rather than wasting precious time trying to determine if a threat truly exists. MDR solutions aim to help organizations bolster their defenses by simply improving visibility into threats and placing a greater emphasis on responding to security incidents.

Competition and Challenges

The MDR market is currently comprised of two segments. Some vendors specialize exclusively in managed detection and response, while established MSSPs move to the MDR model. While exponential growth has been forecast, the seemingly slow transition could bode well for MSPs. Mike Buratowski of IT security firm Fidelis Cybersecurity estimated that only 15 percent of enterprise and mid-sized organizations will have implemented MDR by 2020. This means there is ample opportunity for MSPs to take advantage by catering to the SMB crowd.

One of the biggest challenges MSPs face in MDR adoption is the transition itself. Integrating new and improved security capabilities that align with existing services and IT systems requires a strategic coordination between people, processes, and technology. There’s also need for a substantial capital investment. While competition exists between pure-play vendors and traditional MSSPs, partnership opportunities may provide a smoother entry into the market. For example, eSentire, which Gartner recognized as a major industry player, appears willing to help MSPs that want to capitalize on the MDR trend.

Understandably, increasingly complex regulations and the ever-looming threat of a disastrous security breach has organizations on edge. By taking the initiative to combine risk management, advanced threat detection, and remediation into flexible managed solutions MSPs now can carve out a cozy spot in the IT security arena for many years to come.

View Comments

  • Hello,

    I'm just wondering if any of you have actually tested this scenario in the end and come to any conclusion since this article was published.

    Thank you!

    • Hello Octavian,

      Thank you for asking. To be honest I haven't tested this theory, though it's been on my "to do" list since the question first came up. Have any of our other readers tried storing backup images on a Server 2012 deduplicated volume? I would be interested in at least two qualities of this test: 1) how much storage can be freed using this process (as a percentage of the original data size), and 2) is their any discernible difference in I/O speed compared with a data volume that isn't managed? I'm interested in your comments.

      Cheers!

  • you missed so many important factors. just don't bother writing an article like this if you don't provide all the information, its far too dumbed down. you have probably lead astray some poor network/system admin who will choose to back up to disk and sacrifice his companies data retention for cost. you don't know the cost of the average company to lose recoverable data.

    • Hi Daniel,

      Thank you for your comments. Yep, there is so much to talk about with this topic. What information would you like to see in more detail? We're always looking to talk about the tech that interests our readers as well as what interests us.

      Cheers!

  • This appears to no longer work on their 6.1 and 6.1.1 versions. I tried FAT32 and NTFS partitions as well.

    It appears they switched to some sort of linux boot to do this.

    • Hello Greg,

      Yes, there have been some updates to the process since I wrote this article in March of this year. We now have the StorageCraft Recovery Environment Builder for Windows which does most of the heavy lifting. This means I don't have to come up with creative solutions using unsupported third-party software to create a bootable USB, I can make a bootable USB natively with the Recovery Environment Builder.

      Some of the benefits of using the builder include the ability to add custom drivers to the recovery environment during the build process, faster boot times because each build is language specific, and the builder is able to leverage the latest Windows PE (currently Windows 8) with the latest Microsoft drivers and security fixes.

      The Recovery Environment Builder creates ISO's using the Windows ADK you have locally installed. These ISO files can be used to boot a virtual machine or they can be burned to CD/DVD or USB using the Recovery Environment Builder application. StorageCraft also provides an ISO Tool utility which comes free with StorageCraft ShadowProtect. This tool can rip, burn, author and mount/dismount ISO files and makes a handy addition to your IT toolkit. This ISO Tool can also be used to burn bootable CD/DVD drives using the ISO created by the Recovery Environment Builder.

      Basically we're trying to make your recovery process as easy and fast as possible, which is why the Recovery Environment Builder now creates customizable ISO's in several "flavors" of the recovery environment (e.g. IT Edition) and burns those ISO's to your available removable media. The builder application is your all-in-one solution for creating a bootable ShadowProtect recovery environment.

      If you want more about the ISO tool utility, check out this article: http://www.storagecraft.com/blog/the-best-things-in-life-are-free/

      Cheers!

  • I have a question with the following...your use of the Word "Host" in between the *stars* (see below)

    5. Regularly check the virtual machines’ event logs for VSS errors as they can indicate problems with the backup. This is good to do because when the *host* machine calls for a backup of the VM, the VM is asked to pause processes while ShadowProtect takes the snapshot

    Don't you mean "Guest"? As per you reasoning in the above statements, the "Host" is only backing up the OS drive. The ShadowProtect Client, that's installed on the VM "Guest" machine, calls for the backup itself, not the Hyper-V "Host".

    • You’re correct, we were referring to the guest. But, after further review, we noticed that the sentence you pointed out in step five doesn’t quite fit with the remainder of the post, so we’ve removed it. It is, however, still important to check the virtual machines’ event logs for VSS errors-- this is just a standard best practice to make sure everything is running smoothly.

  • The price of a microlized hypervisor is in case of Hyper-V, that it is to large to get fully loaded into the RAM. This could have backdraws if you lost the contact to the boot volume. I found an impressive demonstration about this topic @Youtube: http://www.youtube.com/watch?v=E8ZF0ez0iH0
    In case of this, it seems VMware has still the better product.

  • Well done to Guy & Casey it's an excellent eBook, well worth reading and well worth keeping a copy close to hand!

  • I have no bone in this debate. However, I have used both agentless and agent based backup solutions in my 14 yr IT career. I am also a Certified Ethical Hacker and Certified Penetration Testet. That distinction is important to my comments below:

    1- The statement made above "It’s important to keep in mind that in order to take a true disk image for complete, fast bare metal recovery, something has to be installed on the machine." is false. This can be done by agentless, remote capability. I have done this myself.

    2- I have used the security holes proclaimed above to not exist to break into systems using the usually weak backup passwords. The machine was in fact running shadow protect. Yes the holes exist, yes it is up to the local IT folks to keep that in mind.

    • Hello David,

      Good points, and we respect your professional opinion. It's true that the perfect system has not been created yet, meaning that every system is imperfect in some way. With this in mind we are attempting to represent the "best" solution based upon the Microsoft Windows architecture and philosophy. Of course, this solution is limited to the underlying OS architecture and any of its inherent weaknesses. You have aptly pointed out one of those weaknesses yourself: that of weak backup passwords. If an administrator chooses not to implement the strongest passwords at their disposal then the administrator presents an opening for unethical and malicious behavior. It should be noted that this is not the fault of the software, but of the human managing the software. The software may be designed perfectly but implemented or secured in a manner which allows for errors or weaknesses.

      With regards to agent-based backups, it is Microsoft's intent that their Windows OS be managed (in this respect, backed up) using agents. They themselves use agents to manage Windows Server backup processes. We understand that it is still possible to create a disk image with an agent-less backup; however, Microsoft's propensity towards agents warrants the use of an agent-based solution. In addition, there are a number of advantages that an agent-based solution offers over an agent-less solution. For example, an agent-based solution (if implemented correctly) can operate at a low level of the OS not available to injected or remote procedure processes. In the case of StorageCraft's ShadowProtect agent this allows us to directly track changes to the disk and to function as a driver within the Windows OS resulting in fast and reliable backup images. Other systems which inject agents typically have to traverse the file system looking for changes first before they can begin processing a backup, resulting in added overhead and resources.

      As you've pointed out, both solutions can work. And to add to your comments I will point out that the effectiveness of either an agent-based or agent-less solution really depends on the underlying code and how it is implemented. So I guess we come full circle back to the beginning where we both agree that software is only as good as the person designing/using the software. We feel we've built a rock solid agent-based solution founded on Microsoft's platform but designed and implemented by our amazing developers to give our customers fast and reliable backup images which are easy to use and manage. Hopefully this message comes across in our products as well as our literature.

      I would like to personally thank you for taking the time to contribute to our forum. The life of a "white hat" has always intrigued me as you guys get to use operating systems in ways that many of us can only imagine. And I think we're grateful for your honest commentary.

      Cheers!

  • For a "lover of words", you sure missed this:

    "The brain is so complex that we’re a long way from discovering all of its mysteries, and we might never actually know how much space has."

    Read it slowly...

  • 1 2 3 4 11