Remote Monitoring and Management systems (RMMs), like Kaseya, SolarWinds, ConnectWise Automate, and NinjaRMM, are useful for maintaining control over your IT systems until, of course, they become the vector through which your IT systems are destroyed.
Last month, attackers associated with REvil–a Russian ransomware-as-a-service (RaaS) group–breached a large Florida-based RMM company called Kaseya. It was, short of SolarWinds, possibly the largest cyberattack we’ve seen on an RMM to date. According to Huntress Labs, twenty Managed Service Providers (MSPs) in Kaseya’s supply chain have been impacted. These MSPs each serve thousands of clients, widening the total blast radius to tens of thousands of enterprises.
What does this mean for RMMs, MSPs, and the IT security industry moving forward?
The Kaseya attack has reinforced what SolarWinds laid bare. RMMs are virus superspreaders, single points of failure for vast swaths of the economy. There’s no sense in keeping them as they are since similar ransomware attacks will only continue to grow in the future.
That’s why RMM customers should strongly consider a switch over to Microsoft Endpoint Manager (MEM). Yesterday.
I realize this will be met with many IT professionals who have felt ‘microshafted by Billysoft’ saying, “why should we trust them to keep us any safer?” The difference between a smaller provider and an institution like Microsoft could not be starker. In the aftermath of the SolarWinds hack last year, Microsoft organized a colossal remediation effort but did not choose to get as involved when Kaseya had the same challenge. For the SolarWinds hack, they unleashed the Death Star against the hackers. Why leave this to chance? Should MEM ever be hacked, Microsoft’s response would use its full power to protect its own technology and reputation. Kaseya and its competitors lack the resources to do anywhere near the same.
Of course, there’s a catch here. MSPs cannot use MEM to monitor multiple customers’ data simultaneously the way they do with Kaseya or their competitors. MEM only monitors customers individually. This is a necessary inefficiency, though–beneficial, even–because it provides greater security. If compromised, MEM should only be able to create the opportunity for exploitation one customer at a time, eliminating the risk of SolarWinds- or Kaseya-style viral spread.
I know this opinion is going to rub some of you the wrong way. In IT especially, we’re always looking to push the boundaries on speed, efficiency, intercommunication, and ease of use. RMMs for many years have represented the best of all that, particularly to MSPs. But ask yourself: if the same benefits you enjoy also allow hackers to ransack our economy, are they ultimately worth it?
It’s time for us CEOs, CTOs, CIOs, and even MSP leaders to take our feet off the accelerators and put on our seat belts. We can demand that our IT teams and IT service providers treat us with the utmost care in supporting our systems and choose security over convenience. In the long run, it will save our companies.