CISA Releases Cyber Defense Plan For Remote Monitoring And Management (RMM) Software

72 views

Embed
Email

From

Username or Email (please add comma after each username or email)

Name	Email

Back

Menu 3

Eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo.

Companyseceon

Uploaded on Aug 23, 2023

Category Business

RMM tools are the easy targets for cyber attackers, and the related news over past year has highlighted several breaches initiated through RMM tools. CISA is taking a proactive approach to ensure the security for such a widely used mechanism that can impact a large number of businesses. The approach centers around two types of actions. Call Us: +1 (978)-923-0040

Category Business

Comments

CISA Releases Cyber Defense Plan For Remote Monitoring And Management (RMM) Software
CISA Releases Cyber Defense Plan For Remote
Monitoring And M anagement( R M M ) S oftw are
RMM tools are the easy targets for cyber attackers, and the
related news over past year has highlighted several breaches
initiated through RMM tools. CISA is taking a proactive
approach to ensure the security for such a widely used
mechanism that can impact a large number of businesses.
The approach centers around two types of actions. The first
one is to collaborate among the industry players and the
second one emphasizes security education.
However, it is imperative that these may help as various
controls are put in place for both of these categories, and
MSPs/MSSPs must ensure that their own environments
and users are protected to prevent the use of RMM tools in
breaches. There are number of methods that a next-gen
security platforms such as Seceon’s aiXDR already has to
help stop these types of attacks and protect their
organizations and their clients in a more proactive
approach.
Let’s review some of those methods here.
1. An attacker usually gets into the service provider’s
environment through a connection made through methods
such as phishing emails, compromised credentials or similar
methods. All of these will lead to an external connectivity
that is novel and has a different characteristic than is usually
seen. You’ll want to have a network and endpoint detection
and response mechanism that responds to these anomalous
behaviors.Platforms such as Seceon aiXDR monitors all
connectivity, and gathers telemetry from networks,
endpoints, infrastructure, identities and considers threat
intelligence and vulnerability assessments to add context
and characteristics in near real-time. Seceon aiXDR then
applies machine learning to identify the anomalous

behavior of this exchange and open an incident of
compromise and an alert based on the context. Such an
approach proactively detects not only the beginning of such
attack in real-time but blocks them and shuts them off right
away through fully automated AI-driven containment
method. The security team can also map the activities to
the industry standard MITRE ATT&CK framework to visualize
and validate the detection and containment.
2. Let’s go one more step ahead in becoming proactive and
look for ways to prevent the attacker’s entry itself. One
method of being proactive is to examine all the activities of
the users, machines and activities. One such way of doing
this is to provide security awareness training, create policies
and procedures for AAA (Authentication, Authorization and
Accounting) and deploy tools for hygiene such as firewalls,
email gateways, authentication systems.
However, many of the daily activities that are similar to the
attacker activities have to be known, recognized, altered if
possible and monitor them closely. This requires modern
tools that not only captures such activities but also maps
them to attacker activities to identify a pattern of
activities that an attacker can shadow and hide under the
radar while executing the attack.

Modern security platforms such as Seceon aiXDR can track all
activities, and use its dynamic threat models to map them to
an attacker pattern and either automatically respond to
anomalous or suspicious behaviors by users, machines or
networks or notify IT/SOC teams to address them. This will
not only deter the attacker but will catch the attacker early in
their beginning stages of an attack. Such proactive approach is
not undertaken today because of lack of tools and awareness.
If you are an MSP/MSSP and concerned about the rise of RMM
based attacks, contact us and we would be happy to share
how our existing MSP/MSSP partners are automating
detection and responses for the threats CISA is highlighting.
Contact Us
Address - 238 Littleton Road Suite #206 Westford, MA 01886
Phone no - +1 (978)-923-0040
Email Id - [email protected]
Website - https://www.seceon.com/