Article

How to Mitigate the Risk of Using Remote Monitoring and Management Tools Like Kesaya

illustration of a desk top with hands moving a gear on the computer attached to many apps
Chris Sachse Photo
CEO
Think|Stack

3 minutes

Assess your vendors’ use of network-wide access tools and ask questions like these.

Kaseya is the latest company to be victimized by a cyberattack. Like the SolarWinds event earlier this year, this attack not only affects Kaseya but also hundreds of its clients.

A remote monitoring and management tool, Kaseya is one of the largest and best in the business. Managed service providers and enterprises use Kaseya to remotely manage their PCs, servers and laptops. The tools allow companies to do such things as monitor performance, connect remotely, and manage software updates.

The tools are pervasive and powerful, installed across networks. Unfortunately, this also makes them a big target for hackers, as they can provide access to large numbers of people and systems and the control to push software, like ransomware, to an entire network.

What can organizational leaders do to mitigate this kind of risk?

1.    Vendor Assessment

Find out what tools and services your vendors are using—not just in your network to perform service, but what they use themselves. A business can be infected by a vendor that is managed by a company that is managed by an MSP that uses Kaseya. Ransomware can traverse networks!

2.    Ask Questions

After discovery, leaders need to ask questions. Don’t relax if your providers don’t use Kaseya. Ask questions like these:

  • Why are you using the RMM?
  • Is it possible to deliver the services currently deployed in the RMM in some other way?
  • If not, how well can you restrict the RMM’s capabilities to only have access to perform the tasks that it must?
  • Have you spoken to the RMM vendor to find what steps they are taking to protect themselves from becoming the next victim of a cyberattack?
  • How are you monitoring RMM traffic and usage to alert us to any suspicious behavior?

RMMs will continue to be targets. They are gold for hackers, but so are many systems that are used for remote management. That said, the solution can’t be to halt usage of those tools—they provide important functions, such as remote patching, which keeps servers and operating systems up to date and secure.

However, an alternative is moving more to the cloud and decommissioning the use of traditional servers and workstations, which can begin to decrease the importance and need for RMMs.

Platforms like Office 365, AWS, Azure are more like data centers than clouds. Clients buy fractional use of those data centers, which are robust and give the client control to secure and protect their data just like a traditional data center, as well as the opportunity to design, build and layer on security products. These platforms are not shared, like some software as a service options, so they are less appealing to hackers. They can’t hack multiple systems at one time.

The Kaseya ransomware attack is yet another reminder to take cybersecurity seriously. Governance of your network and data is critical. There is no magic bullet—using computers on the internet is dangerous. But if you ask the right questions, hold vendors accountable and find partners that have the capabilities to support you and secure your networks, you will position your organization to do well in navigating these treacherous and uncertain situations.

Chris Sachse is CEO of Think|Stack, a managed IT services credit union service organization specializing in cloud and cybersecurity solutions for credit unions and non-profits. For more information about digital transformation, cloud adoption and cybersecurity practices that improve member experiences while protecting member data, visit www.thinkstack.co.

CUES Learning Portal