How Secure Is Your RMM?
RMM tools can be a powerful way of ensuring your clients’ cybersecurity, but they can also be a source of vulnerability themselves. Unfortunately, this fact is often forgotten about by MSPs who are otherwise great when it comes to ensuring security.
That’s understandable. As an MSP, it might seem like RMM security is a fairly small, insignificant part of your security infrastructure, especially in comparison to critical concerns like OS hardening vs. data protection and ensuring the integrity of backups.
In reality, however, RMM tools represent a major source of vulnerability for MSPs, because they handle the interactions that make MSPs such a juicy target for hackers. If you are in constant contact with your clients via an RMM tool, compromising this can give attackers high-level access to your clients' systems.
Further reading Why Are Cybercriminals Targeting MSPs?
In this article, we'll look at how you can use secure RMM tools to ensure safety for your clients, the vulnerabilities of the tools themselves, and finally what you can do to enhance RMM security.
Using RMM for Security
First, the good news. RMM tools, when employed correctly, can be a powerful way of securing both your and your clients’ systems. This is because high-quality secure RMM tools can be set to alert you automatically to suspicious behavior on your clients’ systems, such as short-term spikes in network traffic or unusual changes to file names. The best RMM tools will even provide you with metrics on changes to admin passwords and increased numbers of login attempts.
All of this information is crucial in reducing cybercrime, and not only because your clients' system being breached could hurt your company. In addition, careful monitoring of your own systems is a critical part of managing your business remotely - particularly as remote work becomes the new norm in the age of the coronavirus - because a hack of a client’s system can easily turn into an attack that affects your own systems.
The Vulnerabilities of RMM Tools
So far, so good. Now for the bad news.
The problem with RMM tools is that the very features that make them useful – real-time monitoring of remote systems, and the ability to manipulate third-party machines directly – also make them a valuable target for hackers. If you are using an RMM tool to manage user accounts, this is likely to come as no surprise, and you’ve probably thought long and hard about the RMM security.
Unfortunately, many MSPs employ RMM tools that are not a part of their everyday workflow, and so can be forgotten about when it comes to looking at total network security. Many fiber internet providers, for instance, will use an RMM tool for initial setup of clients' machines, and then never use it again. In this case, the tool will sit in the background, presenting an ongoing security risk, without anyone having responsibility for updating it.
This, however, is just one of the vulnerabilities that RMM tools represent. Others include:
- Former employees using their credentials to access client systems.
- Malware, either embedded in the RMM tool itself, or in a component that it draws on to achieve a portion of its functionality.
- Brute-force and keylogger attacks that target RMM tools. These are particularly dangerous if employed against employees working remotely.
- Finally, social engineering attacks that trick your employees into sharing log-in details for your RMM tools.
In all cases, a hacker will attempt to compromise your RMM tool in order then to execute a (much) broader attack against your systems or those of your clients. Once they are in, they will have access to all of the systems and data accessible by the RMM tool.
Providing RMM Security
There are a few key ways in which MSPs can provide and enhance RMM security.
Some are common to other systems but apply equally to RMM tools. These include enforcing strong password rules for your RMM, and ensuring that you keep tight control over who has access to it. You should also ensure that your staff is trained on how to spot an attack, and how to report it.
Then there are some more advanced techniques. Segmenting RMM tools from the rest of your network is a challenge because ultimately these tools are more useful the more systems they have access to. This does not mean, however, that you should automatically give RMM tools access to all parts of your clients' systems. Systems that hold critical financial information, such as banking data or cloud-based accounting software, should be protected from RMM, as should systems that hold a large amount of personal data, such as those used by HR departments.
Finally, if you are in the business of building bespoke software solutions for clients, consider a transition to DevSecOps. This is a powerful way of developing software that takes security as a central concern and builds it into every system – including RMM tools – at a fundamental level.
The Future of RMM Security
Of course, many of the vulnerabilities of RMM tools can be avoided (or at least limited) by making use of tools that are built with security in mind. Whichever RMM tools you use, however, it is critical that they should be secured at the earliest possible opportunity.
That's because the vulnerabilities inherent in these systems are only going to become more important in the next few years. As cloud storage prices slowly fall, more and more companies will turn to MSPs. That's great for the industry, but only if we can keep our clients safe from cyberattacks. And secure RMM tools are definitely part of that.