Know The Client's Environment

You have to identify the common applications running at the business you are monitoring, how are they connected to the network and what patches are missing and then apply patch management on top of that. We were able to give SMBs the same kind of security that you would get at a large enterprise. We were able to go in and make sure they were doing the baseline of antivirus and looking for the bad-known threats.  But depending on the type of company we would have their security completely tailored to their environment. We knew what apps they were actually running, we knew where they were communicating and it was locked down to the point where if an employee tried to install fake antivirus or other malicious software was triggered and tried to run on the system, it just wouldn't happen.

Small Configuration Changes Can Result In Big Benefits

At SMBs we often found that every user on the network is an administrator or a local administrator on their system. Just removing privileges would make a vast improvement at reducing the attack surface. There are a lot of enterprises that are outsourcing their events, having a third-party monitoring their events. It's been tried with SMBs but inevitably leads to alerts being generated from the third-party doing the monitoring. SMBs don't have the capability to investigate those alerts and address the problem.

SMBs Will Pay For Trusted Security Advisor

We were going in and replacing the cost of their antivirus with a service that cost two or three times more than they were paying. Those companies found the investment well worth it because even though they had antivirus, their systems were still getting infected and they were having a lot of issues. Just having a phone where you can call someone and get help was valuable to them.

Work With Regional IT Solution Providers

Regional solution providers that provide IT management may be open to partnering with a local security consultancy. Often security solution providers get into IT management. They get calls about a printer not working and must investigate and find that it's not a security issue. Most SMBs already have regional providers doing their IT and helping them manage their servers. We tried to work with those companies and had some success. When working with security or IT management vendors, we bundled our SMB clients together to obtain licenses for 1,500 seats rather than separate licenses for 50 or 100 seats. It's easier said than done, but I think some vendors will work with some solution providers to provide that kind of licensing model.