October is Cyber Security awareness month. Cyber threats and acts of exploitation are becoming more and more prevalent every day with MSPs being one of the highest targets for bad actors to attack. I had the opportunity to sit down with one of our Invent vendors, Third Wall, and mutual partner of ConnectWise and Third Wall, Walley Computer Associates to discuss the security solutions MSPs need to have in place to build the best defense against cybercriminals. It’s an ever-changing landscape and having more than one security tool in place to protect your house and your customers is key. Checkout our conversation below and be sure to learn more about Third Wall here.
Interviewees:
- Kevin Russell, Director of Managed Services at Whalley Computer Associates
- Scott Springer, CEO of Third Wall
Interviewer: Andrea Barrow, ConnectWise Invent Program Manager
AB: Kevin, tell us a little more about Whalley Computer Associates.
KR: Whalley Computer Associates is a technology service provider out of the northeast United States with locations in western Massachusetts as well as Rhode Island. We are currently the largest supplier of technology to K through 12 schools in the New England area, as well as one of the largest vendors of two private sectors as well in the New England area. We’re currently managing a little over 10,000 endpoints.
AB: Let’s talk about the solutions you are currently using to run and operate your managed services. You’re a ConnectWise Manage and Automate partner and of course Third Wall as well. What led you to Third Wall?
KR: We really got started with Third Wall at IT Nation (Connect) about four years ago. We reviewed all the features and functionalities and were sold. Plus, the price point couldn’t be beat. It was really a no-brainer to bring it on and start utilizing it.
AB: Speaking of Third Wall features and functionalities, what are some that are most valuable to your business?
KR: There so many! But here are a few of the top features that my clients and I benefit from the most:
- USB Wall: This has been really valuable. It helps protect clients from data left by employees or contractors. You essentially get a tool to register USB data sticks for a client. Then, on locations where you enable USB Wall, ONLY those registered data sticks will work – no other USB data storage device will even be seen by those computers. It amazes me how many emails and tickets we get from end users saying hey, I can't write to my USB drive anymore. The answer is always the same rule. I don't know where you're bringing that USB in from, and I don't want you putting that unknown USB into my network. It’s one of those things that helps highlight some of the things that are going on in the network that are typically really hard to troubleshoot. If I can just click a button to turn something off and then let clients come to me for access, it saves me time and money.
Just a note to share here, one of the statistics I talk about when I'm presenting to a new client and talking about Third Wall is that company espionage is everywhere. I say that word and everyone’s mind immediately goes to a James Bond movie. But the statistic is 60% of all breaches happen internally from the company and are in some way intentional. Someone is stealing some kind of information. So it's happening and happening more than you might think.
- Logon Monitoring and Reporting: Third Wall can capture every USER logon, logoff, unlock and lock event for your entire client base, and report them by Client. Absolutely necessary for cybersecurity records. You can run the report every month (it can be scheduled), save it, and you have a complete archive for your clients. Plus, Third Wall automatically pairs each logon event with its corresponding logoff event so your clients also get a great record of employee work habits.
- Cyber Security Profile Sheet: This is something we created to identify what level of access and capabilities our clients want employees to have. It's a list of all the features and services that Third Wall does, as well as some of the other ones that we offer. It’s a series of checklists that asks the client “what do you want us to do, and what don't you want us to do?” As part of new client onboarding, we have a specific call and review with the client to explain what all the features are, and what the pros and cons of enabling or disabling certain things are.
AB: Now Scott, one for you. What's next for Third Wall? What's on the road map? What are some things that current users and potential new users get to get excited about?
SS: Well, I should have prepared for that question, but I didn't because we don't have a road map. Here’s the reason why - we’re not a big company. We rely on our users to drive the product features that we should be adding to each release. We do a release and then collect feedback and investigate which enhancements or features are going to have the biggest impact on our clients. We have a list of about 400 ideas that we review. So if you have an idea of what you want to see in Third Wall next – let us know! We have a full list of all of our features here.
Some of the other features we see a lot of positive feedback outside of what Kevin discussed include the following:
Annihilate Button - Here’s the use case: One of your end-users reports a lost or stolen computer. Or perhaps a spiteful employee has just been fired. And the computer has sensitive data on it. Wish you could wipe that computer? Here are the options you can do with Third Wall:
- Lock the screen. No credentials, no access. Quick and simple.
- Lockout users. Log everyone off. Then disable all Local accounts, leaving only the Domain credentials as viable. (this is reversible by you)
o Annihilate the computer. Use this ONLY for truly compromised computers. And you have two choices here:
- Quick Annihilate – delete data. Then destroy the computer. Fast.
- Secure Annihilate – delete data. Then write over all those deleted files 3 times, then destroy the computer. Thorough.
Ransomware/Anti-Ransomware Policies - Third Wall has three different policies you can (and should) use to stop ransomware.
- First, get early warning that it has buried itself using the Monitor Event Log Clearing policy. Why? Ransomware loves to bury itself so it can attack later, and always tries to cover its tracks. The most common way for it to do that? Clear the Event Log. If it does that, this policy will send you a ticket – a very big red flag for you to investigate now.
- Second, when ransomware does finally launch, it usually launches from deep within the AppData folder. By using the Disable EXE Running from %AppData% policy, you can stop that cold. It will never launch.
- Third, if it still somehow launches, you can find out very quickly and have Third Wall automatically take mitigating actions as the attack is occurring, giving you a rapid-reaction capability you’ve never had before. Just turn on the Monitor for Ransomware Attacks policy. If an attack occurs, Third Wall will send you a ticket, and you can choose to Isolate that computer, run an AV Scan, and even protect your Shadow copies by disconnecting the infected computer from them – all virtually instantly upon detection​
AB: In addition to Third Wall for your cybersecurity tool needs, are there any other solutions you're leveraging within your organization? What does your overall security stack look like?
KR: Our approach is a little bit different in that we don't really do a stack although that is very much the trend these days. Most everyone you know has a Sonic Wall, HP server and Aruba switch. But we actual focus on being vendor agnostic. We find the solution that best fits our client rather than having a stack. We do have our defaults for endpoint protection like Cylance and for other clients were starting to lean to a little bit more towards Cynet.
AB: Can you share an experience with us about how Third Wall has helped stop a cyber attack on one of your clients?
KR: Absolutely. So, we actually have a case study written up about a scenario where two companies were hit by the same ransomware attack within a 24-hour period. One was protected under our company Managed Services that uses Third Wall and the other was not. Here’s the rundown of what happened:
- Company A: I received a call that Third Wall went off and isolated a computer. One of my engineers confirmed it was ransomware. We were able to revert back to a snapshot of that computer and get that person back up and running and being productive in their job in less than two hours.
- Company B: A little while later that same day I got another phone call from a client that was not a Managed Service client and not protected by Third Wall. They had been hit by ransomware. The client was shut down for over three weeks. It decimated their entire network. They didn't have active backups. What they did recover wasn’t the best which was one reasons it took so long and we had to wipe every machine.
When we did the forensics on the Company B attack, it was the exact same ransomware attack that had impacted Company A and had come from the same stream of email blasts that affected them. The two different clients and the exact same scenario, but one had managed services and what ended up being Third Wall protecting it. One person was affected for a couple of hours versus the company where they're taken out and impacted for three weeks. That translated to be about $75,000 worth of services and labor to get them back up and functioning. You can review all the details of the case study here.
AB: Kevin, what final thoughts or advice do you have for our readers today?
KR: If you’re coming from the idea of running and leading a managed service company, you have to think about your bottom line. Where are you putting your time and effort in? Yes, you can do a lot with scripting, but that is very time consuming. With Third Wall, it’s one setup and overall management. I don’t need to write individual scripts for certain groups or profiles anymore. I’m not spending valuable time on the management of this anymore. What it comes down to is the price you’re paying for Third Wall and its robust abilities… it's a no brainer to rely on Third Wall.
Third Wall has proven to be a reliable cybersecurity vendor for Whalley and hundreds of other ConnectWise Automate clients. It offers a layer of protection for MSPs that comes at an affordable price to give you peace of mind so you can focus on running your business.
Looking for more on Third Wall? Here are a few helpful links:
*Please note, Third Wall is powerful cybersecurity plug-in exclusively for ConnectWise Automate*
