Category: Cybersecurity

Categories
Cybersecurity

How can MSPs help protect Dropbox users?

4 Tips for securing DropBox to eliminate common end user security holes
If you ask any seasoned IT professional at a Managed Service Provider (MSP), “what is your greatest cybersecurity weakness when it comes to protecting your customers?”, the answer will undoubtedly be; the end users they serve.

It’s not because the end users they serve are malicious. It’s because most end users are simply not aware or ignore all the important configuration options and settings that exist in the applications they use every day. Once more, most IT professionals are not aware of the multitude of SaaS applications their end users are leveraging in their quest to make their jobs easier.    

A great example would be Dropbox. Dropbox is used by over 500 million people every year.  Many of these users are from all types of companies, from the smallest of the small to large enterprises (this blog is backed up on Dropbox).  But if we evaluate some of the overlooked end user configurations for a popular application like Dropbox, then we find some troubling security holes. 

For example, here are 4 commonly overlooked issues by end users that can be resolved through proper diligence (the problem is the average end user is not known for their diligence). 

  1. Delist Linked Devices: Often Dropbox users will change their devices (laptops, smart phones, tablets, etc.) multiple times while their Dropbox subscription continues on. But devices can also be passed on to other people and if those devices are not properly wiped, said devices may be used to link back to one’s Dropbox account. To avoid this issue, users should always “delist” their devices when they retire them. Here is a screenshot of the setting in Dropbox to accomplish this:
Dropbox linked devices
  1. Check Web Sessions: One of the great features of Dropbox is the ability to collaborate with other people or groups.  Many times users will engage with another company on a project and they will use Dropbox to share important files.  Once the project is complete, there is no longer a need to share files between the two parties and they often go about their business without the need to collaborate further. But what happens to those “orphaned” Dropbox links? Could someone use an orphaned link to tunnel back into one’s Dropbox account?  The answer is, “yes’. So, it’s important to monitor one’s Dropbox web sessions.  On the same Security page just above the list of linked devices, users can view their current web sessions which shows which browsers are currently logged into your Dropbox account.  This however, requires end user diligence. 
  1. Manage Your Linked Apps: When you sign into Dropbox through a third party app, the company shares your personal information with that app. Over time you may forget which apps you have given permission to access your Dropbox account and may have stopped using those apps altogether.
linked apps

Towards the bottom of Dropbox’s security settings page you can view all the apps you have given permission to over the years and just as with delisting trusted devices, you can easily revoke permission for any given app.

  1. Email Notifications: When changes occur in your Dropbox account such as, logins from new devices or deletion of files, you can set up email alerts within Dropbox that will notify you. Email notifications can be managed from the Profile panels of the Settings menu.

These four measures are not difficult to do, but they do require the right configurations, policy management and ongoing diligence- which as stated before, can be difficult for end users to keep up with and Dropbox is just one app of dozens that someone will leverage daily.  If you’re an MSP looking for a comprehensive product that monitors SaaS applications, creates alerts around unusual end user behavior and takes the responsibility off the end user to constantly keep up with their own SaaS application compliance, please go to www.saasalerts.com for more information. 

Categories
Cybersecurity

What is a Brute Force Attack and what to do when you see them happening?

We live in a world where a vast majority of a company’s sensitive data resides in Software as a Service (SaaS) applications like Office 365, Google Workspace, Salesforce, Dropbox, etc. In the recent 2020 State of SaaSOps report by BetterCloud, their data suggests that 85% of all application usage by 2025 will be via SaaS. If you’re an MSP or IT service provider reading this, you should be thinking, “oh snap!!! What can I be doing to better protect the sensitive data in these applications?”

First, in order to protect the data, you need to understand the methods being used to compromise the data.  One of the methods bad actors are using to gain access to the data living in these SaaS applications is “brute force attacks”.  What is a brute force attack? A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. 

At SaaS Alerts we are currently processing nearly one million SaaS application events per day and we can see that brute force attacks are on the increase. In fact, in a 7-day period, almost every end user company on the SaaS Alerts platform has seen at least one brute force attack.  Since 2017, it’s estimated that 5% of brute force attempts have been successful at gaining access to SaaS applications. While that percentage might seem low, the absolute number is very large based on the total number of attempts. 

If you are an MSP you might be asking, “is this activity important to be aware of?” If you are interested in protecting yourself and your customers, then the answer is “positively 100% YES!” Ninety two percent of MSPs use and resell Office 365, the most popular SaaS application for business in the world and it happens to be the most vulnerable. In a recent infosecurity article, CrowdStrike CEO, George Kurtz slammed Microsoft in the context of the SolarWinds breach investigation, saying hackers were able to exploit Microsoft’s overly complicated and “antiquated” architecture. 

“The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network and reach the cloud environment while bypassing multifactor authentication.” said Kurtz. 

What can an MSP do to protect themselves and their customers?

Step 1, start monitoring SaaS applications -because you can’t manage what you don’t measure/monitor.

Step 2, actively use the information from a SaaS monitoring tool to remediate critical alerts and start adding more value to your client relationships.

Step 3, start charging an incremental fee for the added protection. 

Now, specifically what can an MSP do if their client is hit with a brute force attack? 

Contact the Customer or User and make them aware of this event. This event indicates a possible account compromise by an unauthorized actor due to repeated login failures within a minimal timeframe. It is recommended to reset the password to a complex password, and enable MFA if not already enabled. If the attack persists, then consider deleting the account and reissue a new user account with new credentials with MFA enabled. Lastly, continue to monitor the SaaS environment on an ongoing basis for unusual user behavior. If you’re interested in a full list of remediation recommendations for SaaS based cybersecurity events, please email marketing@saasalerts.com

Become a Partner

Learn how to differentiate your business, simplify operations and supercharge your sales.

Start Trial
Learn More
Categories
Cybersecurity

What is your greatest cybersecurity weakness in the protection of customers?

If you ask any seasoned IT professional at a Managed Service Provider (MSP), “what is your greatest cybersecurity weakness in the protection of customers”, the answer will undoubtedly be; the end users they serve.

It’s not because the end users they serve are malicious. It’s because most end users simply are not aware or ignore all the important configuration options and settings that exist in the applications they use every day. Once more, most IT professionals are not aware of the multitude of SaaS applications their end users are leveraging in their quest to make their jobs easier.    

A great example would be Dropbox. Dropbox is used by over 500 million people every year.  Many of these users are from all types of companies, from the smallest of the small to large enterprises (this blog is backed up on Dropbox).  But if we evaluate some of the overlooked end user configurations for a popular application like Dropbox, then we find some troubling security holes. 

For example, here are 4 commonly overlooked issues by end users that can be resolved through proper diligence (the problem is the average end user is not known for their diligence). 

1. Delist Linked Devices: Often Dropbox users will change their devices (laptops, smart phones, tablets etc) multiple times while their Dropbox subscription continues on. But devices can also be passed on to other people and if those devices are not properly wiped, said devices may be used to link back ones Dropbox account. To avoid this issue, users should always “delist” their devices when they retire them. Here is a screenshot of the setting in Dropbox to accomplish this:

Dropbox linked devices

2. Check Web Sessions: One of the great features of Dropbox is the ability to collaborate with other people or groups.  Many times users will engage with another company on a project and they will use Dropbox to share important files.  Once the project is complete there is no longer a need to share files between the two parties go about their business without the need to collaborate further. But what happens to those “orphaned” Dropbox links? Could someone use an orphaned link to tunnel back into ones Dropbox account?  The answer is, “yes’. So, it’s important to monitor ones Dropbox web sessions.  On the same Security page just above the list of linked devices, users can view their current web sessions which shows which browsers are currently logged into your Dropbox account.  This however, requires end user diligence. 

3. Manage Your Linked Apps: When you sign into Dropbox through a third party app, the company shares your personal information with that app. Over time you may forget which apps you have given permission to access your Dropbox account and may have stopped using those apps altogether.

linked apps

Towards the bottom of Dropbox’s security settings page you can view all the apps you have given permission to over the years and just as with de-listing trusted devices, you can easily revoke permission for any given app.

4. Email Notifications: When changes occur in your Dropbox account such as, logins from new devices or deletion of files you can set up email alerts within Dropbox that will notify you. Email notifications can be managed from the Profile panels of the Settings menu.

These four measures are not difficult to do, but they do require the right configurations, policy management and ongoing diligence, which as stated before can be difficult for end users to keep up with and Dropox is just one app of dozens someone will leverage daily.  If you’re an MSP or IT Administrator looking for a comprehensive product that monitors SaaS applications and creates alerts around unusual end user behavior, please go to www.saasalerts.com for more information. 

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!