SOLUTIONS

MSP Assessment

Responsibly and professionally helping Managed Service Providers (MSP’s) navigate their unique cybersecurity risks.

------ SERVICE OVERVIEW

Managed Service Providers (MSP’s) have rapidly become a target of choice by malicious threat groups. Singled out for the tens of thousands of organizations they directly manage, MSP’s are under increasing attack.

Breadcrumb is well-positioned to assist MSP’s in understanding their unique security exposures and how to successfully navigate them. In alignment with CIS20 and NIST standards, a Breadcrumb MSP Assessment is purpose-built to help MSP’s mitigate the complex vulnerabilities and threats facing their industry.

The MSP assessment program reviews two fundamental categories of risk:

Internal

Internal operations and security controls of the Managed Service Provider as they related to business processes, technology stacks, and intrusion detection methodologies.

External
Policies, procedures, and security standards relating to how the Managed Service Provider addresses the security of their clients.

“… the APT10 Group targeted MSPs in order to leverage the MSPs’ networks to gain unauthorized access to the computers and computer networks of the MSPs’ clients and to steal, among other data, intellectual property and confidential business data on a global scale.” – US Department of Justice

Key Assessment Areas

Internal Risk Assessment

A comprehensive review of internal vulnerability management policies, exposures, and lifecycle management.

Compromise Review

A systematic review of MSP assets for past and present signs of a breach, suspected breach attempts, and ‘calling cards’ that may attract unwanted attention.

Technology Stack

An unbiased assessment of technology stacks – both operational and client deployed, reviewing their defensibility to real-world attack scenarios.

RMM Assessment

An in-depth review of standardized RMM policy sets, baseline asset configurations, credential disclosure, and client-facing portals.

Client Build Standards

A comprehensive review of client build standards as they relate to security, including Active Directory design, switching and routing considerations, over-the-wire password disclosure, remote access policies, public DNS, key management, patch management, and documentation standards.

Incident Response Policies

Real-world review of MSP readiness to address a breach – both internal and client-impacting.
"As a technology firm, we’re a prime target for threats because we hold the keys to our customer’s data. In working with Breadcrumb, they brought validation to our processes and security controls. We look forward to collaborating with Breadcrumb on future security initiatives."
— John Kotman, CEO | Kotman Technology