Blocked For a Reason

This is a story of a small business that complained to their new managed I.T. services provider (“MSP”) for preventing them from visiting the website of one of their long-term trusted vendors.

The Backstory

A small business, having been serviced by a local MSP for a few years, was unhappy with the quality of service they were receiving. They were also concerned about their cybersecurity as it seemed like their current MSP was not doing much to protect them from cyber-attacks. After careful consideration and evaluations of the alternatives, the small business chose to move their services to a mature MSP with a longer track record for quality customer service and a more comprehensive suite of cybersecurity solutions.

The Event

As the business’s new MSP is onboarding their services and streamlining the business’s I.T. systems, things are going very well. Common issues are now fixed, the systems are running faster, and the staff is seeing less interruption during the day. But one morning a couple of the business’s staff members notice they can no longer access the website of one of their long-standing vendors. Every time they tried to reach the website, they were directed to a page from the MSP saying the website had been blocked due to suspicion of phishing and malware.

Assuming this was an obvious mistake, the business reached out to their MSP and asked that the website be allowed as quickly as possible. While most I.T. providers would have immediately obliged to satisfy their customer, this mature MSP knew that there was a reason the website had been blocked. Before allowing the website, the MSP started an investigation to see what the cause for the block was.

The Cause

After consulting the threat intelligence team responsible for managing known threats, the MSP was able to confirm this vendor’s website was indeed blocked for a legitimate reason. The vendor was a victim of a successful cyber-attack, and their website had been compromised with malware. On top of that, the website had been linked back to several known cyber-attacks against other users and businesses in the past six months. To any website visitor, however, the site looked normal and unassuming. The attack was completely hidden and impossible to detect without the proper cybersecurity tools and defenses.

The Technology

In this story, the mature MSP (Digital Boardwalk) implemented a strategic, multi-vector suite of cybersecurity solutions to protect their client from this otherwise undetectable threat. The specific cybersecurity defense that saved the day was a Domain Name System (“DNS”) security solution. Every time a piece of technology communicates with something else on the Internet, it uses a protocol named DNS. You can think of DNS as a sort of GPS system for computers. Just like you can enter an address into your car’s GPS system, and it will tell you how to get to the destination, DNS tells computers how to get to their destination on the Internet.

While most businesses and I.T. service providers allow DNS to communicate directly with the rest of the Internet, mature MSPs implement a “proxy” service in the middle. Every time a device needs to make a DNS request, the request first goes to a cybersecurity engine to determine if the website or Internet resource is safe. If it is, the device is connected as normal. If it’s not, however, the computer is prevented from reaching the website, keeping the system safe.

The Innovation

Unlike many other internet security solutions, Digital Boardwalk’s platform can protect businesses from more than just bad websites. Because the technology delivers security at the lowest level (DNS), it can block malicious advertisements on trusted and safe websites. It doesn’t stop there. Computers make countless DNS requests throughout the day, even when a user isn’t visiting a website. In the case of a ransomware attack, the ransomware must communicate over the Internet to the attacker’s server. This cybersecurity defense filters those requests as well. This can effectively stop a ransomware attack from sending sensitive information back to the threat actor, preventing disastrous data breaches.

Conclusion

While many I.T. service providers claim to provide cybersecurity solutions that protect their clients, very few invest in the multiple defense mechanisms it takes to protect businesses from these fringe scenarios. There is no one cybersecurity solution that can adequately protect businesses on all fronts. For this reason, mature MSPs never stop innovating, integrating new cybersecurity defense strategies, and most importantly developing the business processes to properly manage and maintain the cybersecurity systems.