Turn to Microsoft Endpoint Manager to Save Your Company
Remote Monitoring and Management systems (RMMs), like Kaseya, SolarWinds, ConnectWise Automate, and NinjaRMM, are useful for maintaining control over your IT systems until, of course, they become the vector through which your IT systems are destroyed.
Last month, attackers associated with REvil–a Russian ransomware-as-a-service (RaaS) group–breached a large Florida-based RMM company called Kaseya. It was, short of SolarWinds, possibly the largest cyberattack we’ve seen on an RMM to date. According to Huntress Labs, twenty Managed Service Providers (MSPs) in Kaseya’s supply chain have been impacted. These MSPs each serve thousands of clients, widening the total blast radius to?tens of thousands?of enterprises.
What does this mean for RMMs, MSPs, and the IT security industry moving forward?
The Kaseya attack?has reinforced what SolarWinds laid bare. RMMs are virus superspreaders, single points of failure for vast swaths of the economy. There’s no sense in keeping them as they are since similar ransomware attacks will only continue to grow in the future.
That’s why RMM customers should strongly consider a switch over to Microsoft Endpoint Manager (MEM). Yesterday.
I realize this will be met with many IT professionals who have felt ‘microshafted by Billysoft’ saying, “why should we trust them to keep us any safer?” The difference between a smaller provider and an institution like Microsoft could not be starker. In the aftermath of the SolarWinds hack last year, Microsoft organized a colossal remediation effort but did not choose to get as involved when Kaseya had the same challenge. For the?SolarWinds hack, they?unleashed the Death Star?against the hackers. Why leave this to chance? Should MEM ever be hacked, Microsoft’s response would use its full power to protect its own technology and reputation. Kaseya and its competitors lack the resources to do anywhere near the same.
领英推荐
Of course, there’s a catch here. MSPs cannot use MEM to monitor multiple customers’ data simultaneously the way they do with Kaseya or their competitors. MEM only monitors customers individually. This is a necessary inefficiency, though–beneficial, even–because it provides greater security. If compromised, MEM should only be able to create the opportunity for exploitation one customer at a time, eliminating the risk of SolarWinds- or Kaseya-style viral spread.
I know this opinion is going to rub some of you the wrong way. In IT especially, we’re always looking to push the boundaries on speed, efficiency, intercommunication, and ease of use. RMMs for many years have represented the best of all that, particularly to MSPs. But ask yourself: if the same benefits you enjoy also allow hackers to ransack our economy, are they ultimately worth it?
It’s time for us CEOs, CTOs, CIOs, and even MSP leaders to take our feet off the accelerators and put on our seat belts. We can demand that our IT teams and IT service providers treat us with the utmost care in supporting our systems and choose security over convenience. In the long run, it will save our companies.
Sources:
Architecte Cybersécurité | CISSP
3 年"timely patch management" : what an impossible wish! The MTP (mean time to patch) is right now greater than 160 days. 80% of vulnerabilties used during hackings are at least 3 years old. Obsolescence in industrial sector is skyrocketing, some speacks about >50%. The patch management process is complex and costly. Let's come back to earth : a uptodate information system is an utopia. Have a look on our approach Chimere by Thales : https://chimere.eu #chimere #cyberstealth
C-Based Programming | Cyber security | Leadership
3 年Very insightful. I do appreciate the perspective that security must always come first, even during these hectic times where there are a lot of easy ways for ransomware to be delivered.