Get a demo
For information on how attacks on RMMs work and how to mitigate this cyber risk, read our Threat Insight piece.

READ TIME: 13 minutes

Remote monitoring and management tools are increasingly used by enterprises and/or their managed service provider to remotely manage endpoints including laptops and servers.  For many they are an essential tool for connecting remotely, monitoring performance, performing software updates, resets, or recovery, identifying newly joined devices, and running diagnostic tests.

The ideal attack surface 

As with most tools, as they become increasingly popular with businesses, they also gain the attention of those adversaries looking to disrupt the business.  So, What makes RMM so appealing? It is their reach within the organization. Firstly, RMMs are connected to mostly every device and person in the organization.  They're ubiquitous and are able to install programs on large numbers of machines by design. From a security standpoint, they are rarely limited in their privileges on devices, are sometimes from antivirus scans, usually have protections turned off during updates, and are generally overlooked by security administrators.  This is an ideal playing field for those looking to deploy ransomware, living off the land attacks, or more.

Through 2020 and 2021, we’ve seen a number of remote monitoring and management tools fall victim to cyber-attacks.  Kaseya and SolarWinds were two of the most notable solutions breached - not only affecting them but their clients and supply chain as well.  So how do these attacks occur, and what can you do about them?

For more information on how attacks on RMMs work and how to mitigate this cyber risk, read our Threat Insight piece. 

Related Resources

Datasheet

Threat Insight: Infinite Ransomware Jeopardy

Paying out on a ransomware payment is a tough pill to swallow. But what if you had to do it 2 times, 3 times, or even 4 times on that same vulnerability and breach? It’s happening more frequently, and it’s time to address the root causes - a failure to address the initial vulnerabilities and a lack
         
Datasheet

Threat Insight: Multi-factor Authentication

One of the most fundamental cybersecurity practices required by any business is to implement policies and tools that limit access to corporate systems and information - restricting who has access, to what, and by using what means of authentication they’ll require. Businesses are frequently turning
         
Datasheet

Threat Insight: Why Businesses Need An Acceptable Use Policy

Does your business have an acceptable use policy (AUP) regarding the use of your organization’s network, devices, and the Internet? Is the policy actively enforced, or is it a document that’s only seen upon the point-of-hire? There are many reasons why your company needs an AUP, and why the
         
Datasheet

Solution Brief: Virtual Chief Information Security Officer (vCISO)

ActZero Virtual CISO program is designed for small to medium-sized enterprises that: are without dedicated cybersecurity personnel are facing regulatory compliance requirements are preparing for a client/partner/supplier security audit require an expert to steer your programs and speak with your
         
Datasheet

ActZero helps southwest U.S. medical technology provider scale its cybersecurity efforts

Lack of or unfocused investment in the right people and tools, minimal due diligence into the cybersecurity of third-party vendors, providers and suppliers, and a general misunderstanding of the organizational security posture have resulted in general unpreparedness across the healthcare industry.
         

Curious about how ActZero can evolve your cybersecurity strategy?

Get a demo Contact Us