wake of the massive SolarWinds attack, Jacob Horne, a Managing Partner at DEFCERT and former NSA
            intelligence  analyst,  warns  that  President  Biden’s  recent  Executive  Order  on  Improving  the  Nation’s

            Cybersecurity should serve as a wake-up call for MSPs.

                   “If SUNBURST had zigged instead of zagged, this order would be locked on to MSPs,” he said.
            “The compromised Orion DLL also existed in N-central’s probe installer [an RMM component widely used

            by MSPs]. The MSP community dodged a huge bullet. Although N-central wasn’t directly compromised,
            it was just a half step away from happening if the attackers wanted it.”

                   Today’s threat landscape necessitates that MSPs adopt a security-first mindset to managing the

            privileged access they hold within customer networks. In this article, we explore alternatives for remotely
            managing customer environments, envision a “zero trust RMM” that incorporates contemporary security
            best practices, and explain how enterprise IT practices like DevOps can be leveraged by MSPs and

            MSSPs  to  build  cybersecurity  maturity  and  better  protect  themselves  and  their  clients  from  modern
            threats.


            The Elements of a Security-First Approach

                   Remote monitoring and management concepts and capabilities can be reengineered to enable
            MSPs to put security first. While MSPs themselves may not be able to make direct changes to the RMM

            tooling  –  we  need  vendors  to  prioritize  security,  first  –  but  reevaluating  assumptions  around  remote
            management, especially where current practices are at odds with security, is an opportunity for MSPs to

            level up their practices to meet modern customer requirements.

                       1.  Envisioning the Zero Trust RMM

                   “Zero  trust”  has  emerged  as  contemporary  wisdom  for  securing  modern  IT  infrastructure.  In
            contract to the adage, “trust but verify,” a core concept of Zero Trust Architecture (ZTA) is to “never trust,
            always verify.” ZTA seeks to move cybersecurity defenses away from network-based perimeters (like

            firewalls, VPNs, and intrusion detection systems) to user identities and individual resources, explicitly
            verifying every access request in the context of available data points. This is a particularly useful design

            principle for MSPs managing customers that increasingly rely on cloud services and whose users, in the
            post-COVID world, now work from anywhere.

                   How does the system respond when a correct password is used, but the user account logs in

            from Boston and then 30 minutes later from Los Angeles? Or when the correct device is logging in, but
            Secure Boot is disabled, or the device is jailbroken? Systems based on ZTA principles flexibly manage
            access requests based on an organization’s defined policy.








            Cyber Defense eMagazine – June 2021 Edition                                                                                                                                                                                                91
            Copyright © 2021, Cyber Defense Magazine.  All rights reserved worldwide.