Page 91 - Cyber Defense eMagazine forJune 2021
P. 91
wake of the massive SolarWinds attack, Jacob Horne, a Managing Partner at DEFCERT and former NSA
intelligence analyst, warns that President Biden’s recent Executive Order on Improving the Nation’s
Cybersecurity should serve as a wake-up call for MSPs.
“If SUNBURST had zigged instead of zagged, this order would be locked on to MSPs,” he said.
“The compromised Orion DLL also existed in N-central’s probe installer [an RMM component widely used
by MSPs]. The MSP community dodged a huge bullet. Although N-central wasn’t directly compromised,
it was just a half step away from happening if the attackers wanted it.”
Today’s threat landscape necessitates that MSPs adopt a security-first mindset to managing the
privileged access they hold within customer networks. In this article, we explore alternatives for remotely
managing customer environments, envision a “zero trust RMM” that incorporates contemporary security
best practices, and explain how enterprise IT practices like DevOps can be leveraged by MSPs and
MSSPs to build cybersecurity maturity and better protect themselves and their clients from modern
threats.
The Elements of a Security-First Approach
Remote monitoring and management concepts and capabilities can be reengineered to enable
MSPs to put security first. While MSPs themselves may not be able to make direct changes to the RMM
tooling – we need vendors to prioritize security, first – but reevaluating assumptions around remote
management, especially where current practices are at odds with security, is an opportunity for MSPs to
level up their practices to meet modern customer requirements.
1. Envisioning the Zero Trust RMM
“Zero trust” has emerged as contemporary wisdom for securing modern IT infrastructure. In
contract to the adage, “trust but verify,” a core concept of Zero Trust Architecture (ZTA) is to “never trust,
always verify.” ZTA seeks to move cybersecurity defenses away from network-based perimeters (like
firewalls, VPNs, and intrusion detection systems) to user identities and individual resources, explicitly
verifying every access request in the context of available data points. This is a particularly useful design
principle for MSPs managing customers that increasingly rely on cloud services and whose users, in the
post-COVID world, now work from anywhere.
How does the system respond when a correct password is used, but the user account logs in
from Boston and then 30 minutes later from Los Angeles? Or when the correct device is logging in, but
Secure Boot is disabled, or the device is jailbroken? Systems based on ZTA principles flexibly manage
access requests based on an organization’s defined policy.
Cyber Defense eMagazine – June 2021 Edition 91
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.