alphaspirit - Fotolia

How an MSP enlisted Webroot for ransomware prevention

Platte River Networks is using Webroot technology, which includes endpoint protection software and a phishing simulator, to shield its clients from ransomware.

Ransomware prevention has become a key objective for managed service providers in recent years as customers face successive outbreaks of data locking and extortion ploys.

One task for MSPs is selecting security technology that aims to shield organizations from the ransomware threat. Platte River Networks, an MSP based in Denver, has tapped Webroot, an endpoint security and threat intelligence vendor, as part of its ransomware prevention strategy. Platte River Networks, which works with SMBs across the country, adopted Webroot following an evaluation process.

"We started seeing a rise in ransomware several years ago and our current antivirus product at the time wasn't really cutting it when it came to prevention and detection," said Elon Grad, director of technology and innovation at Platte River Networks.

Elon Grad, director of technology and innovation at Platte River NetworksElon Grad

Platte River Networks evaluated a handful of endpoint protection and antivirus companies before selecting Webroot. Grad said Webroot's focus on the MSP business and its proximity to Platte River Networks -- Webroot is also based in Denver -- helped seal the partnership. Specifically, Platte River Networks is using Webroot Business Endpoint Protection, Webroot DNS Protection and Webroot Security Awareness Training.

In general, the increasing frequency and sophistication of cyberattacks compel many MSPs to evolve their security offerings to deal with the new threat landscape.

"The complexity of the security discipline is growing so much that people are having to make a decision on whether they want to shift deeper into specializing in security," said Seth Robinson, senior director of technology analysis, at CompTIA, an IT industry association that includes a managed services community.

Ransomware and MSP impact graphic
Ransomware continues to challenge MSPs and their clients

Phishing simulator helps reduce tickets

Platte River Networks offers cybersecurity services alongside managed services, technology services and cloud computing services. The addition of Webroot to its security portfolio has made a difference in the MSP's workload. Since deploying Webroot, Platte River Networks' technicians now spend about 3% to 5% of their time on malware response. Prior to Webroot, techs spent up to 40% of their time on malware remediation, including ransomware chores.

We started seeing a rise in ransomware several years ago and our current antivirus product at the time wasn't really cutting it when it came to prevention and detection.
Elon Graddirector of technology and innovation, Platte River Networks

The reduction in tickets associated with malware and ransomware stems, in part, from Webroot's security awareness training. A phishing attack, Grad said, is the precursor to much larger issues, since a phishing email is often the delivery system for ransomware or malware. MSPs surveyed in Datto's State of the Channel Ransomware Report, released in November 2018, cited phishing emails as the top ransomware delivery method.

Making users aware of the signs of a phishing campaign contributes to ransomware prevention, Grad said. Webroot's phishing simulator security awareness training module, in particular, has proved an effective preventive measure at Platte River Networks. The module guides users through different aspects of phishing, so they can identify suspicious emails and handle them appropriately, Grad said. Platte River Networks tracked user-generated tickets before and after using a phishing simulator. The phishing module, he said, has had "a tremendous and immediate impact" on reducing ticket volume.

Other elements of Platte River Networks' ransomware prevention and remediation approach include assisting customers with designing and implementing business continuity and disaster recovery (BCDR) solutions, Grad noted. The MSP has built its own BCDR offering, which it calls DRiVE Vault.

When ransomware attacks succeed in encrypting businesses' data, a DR capability can help them recover.

MSPs face security decision

As security looms larger for service providers and their customers, MSPs face some critical choices.

"I think a lot of companies are at a decision tree where they have to decide whether or not they want to be ... an MSP that provides basic security ... or make a decision to become more specialized and become an MSSP [managed security service provider]," said Carolyn April, senior director of industry analysis at CompTIA.

MSPs considering a deeper dive into security should assess whether they have the personnel on hand to take the plunge or whether they need to retrain existing staff or hire IT security professionals to obtain the necessary skill sets, April said.

Opportunities appear to be ample for MSPs deciding to pursue security. Seventy-eight percent of the 402 U.S. businesses CompTIA surveyed for a 2018 security report said they tap third parties to augment their in-house security resources.

A proactive approach

Webroot's technology, and the resulting decrease in remediation time, lets Platte River Networks take a more proactive approach to servicing clients. The company's technicians now have the ability to offer customers proactive maintenance and a higher level of service that "fine-tunes instead of reactively remediates," Grad explained.

In addition, deflecting costly incursions such as ransomware also boosts client retention. "As an IT service provider, if the technology you recommend is ineffective or fails to prevent threats to your clients, they will, understandably, look for a different provider," Grad said.

Next Steps

3 key phishing prevention strategies for MSPs

Dig Deeper on MSP business strategy