Many SMB environments have limited budgets and tools to assist in the management of IT assets. Those SMBs that use the services of a Managed Service Provider may be able to gain additional benefit from their providers beyond the initial intent.
While perhaps the primary intent is for the MSP to manage availability and performance of the IT environment and provide response services to outages, the MSP may also be a first line of defense in identifying a potential attack or compromise of a client environment.
Traditional MSP tools monitor availability and performance of the environment to ensure that the client environment operates at optimal levels. This is done through monitoring the availability of hosts, host based services, applications, and networking facilities and devices, along with the consumption of the aforementioned device resources, i.e. bandwidth, host memory, cpu etc.
Alerts pertaining to overconsumption or the unavailability of the managed devices while traditionally due to growing needs, and or failed components may also be the result of a security event or breach. High bandwidth consumption at odd hours outbound may indicate a breach and ongoing data exfiltration, or high utilization of web facing hosts or networks indicate a DOS attack or test of some sort, while the unexpected reboot of a host many be due to exploit code that has successfully planted itself.
While there are many robust security tools that can be employed to prevent atacks and identify anomalous behavior, the tools may be out of the reach from a cost perspective for many SMB environments. Supplementing security efforts with MSP alerting mechanisms may help provide some improvements in security and the ability to identify the start of an unwanted event.