CISA Releases Cyber Defense Plan For Remote Monitoring And Management (RMM) Software - PowerPoint PPT Presentation

About This Presentation
Title:

CISA Releases Cyber Defense Plan For Remote Monitoring And Management (RMM) Software

Description:

RMM tools are the easy targets for cyber attackers, and the related news over past year has highlighted several breaches initiated through RMM tools. CISA is taking a proactive approach to ensure the security for such a widely used mechanism that can impact a large number of businesses. The approach centers around two types of actions. Call Us: +1 (978)-923-0040 – PowerPoint PPT presentation

Number of Views:5
Slides: 5
Provided by: Companyseceon
Tags:

less

Transcript and Presenter's Notes

Title: CISA Releases Cyber Defense Plan For Remote Monitoring And Management (RMM) Software


1
CISA Releases Cyber Defense Plan For Remote
Monitoring And Management( RMM) Software
RMM tools are the easy targets for cyber
attackers, and the related news over past year
has highlighted several breaches initiated
through RMM tools. CISA is taking a proactive
approach to ensure the security for such a
widely used mechanism that can impact a large
number of businesses. The approach centers
around two types of actions. The first one is
to collaborate among the industry players and the
second one emphasizes security education.
?
2
However, it is imperative that these may help as
various controls are put in place for both of
these categories, and MSPs/MSSPs must ensure
that their own environments and users are
protected to prevent the use of RMM tools in
breaches. There are number of methods that a
next-gen security platforms such as Seceons
aiXDR already has to help stop these types of
attacks and protect their organizations and
their clients in a more proactive approach.
Lets review some of those methods here.
1. An attacker usually gets into the service
providers environment through a connection made
through methods such as phishing emails,
compromised credentials or similar methods. All
of these will lead to an external connectivity
that is novel and has a different characteristic
than is usually seen. Youll want to have a
network and endpoint detection and response
mechanism that responds to these anomalous
behaviors.Platforms such as Seceon aiXDR
monitors all connectivity, and gathers
telemetry from networks, endpoints,
infrastructure, identities and considers threat
intelligence and vulnerability assessments to
add context and characteristics in near
real-time. Seceon aiXDR then applies machine
learning to identify the anomalous
?
3
behavior of this exchange and open an incident of
compromise and an alert based on the context.
Such an approach proactively detects not only
the beginning of such attack in real-time but
blocks them and shuts them off right away
through fully automated AI-driven containment
method. The security team can also map the
activities to the industry standard MITRE ATTCK
framework to visualize and validate the
detection and containment.
2. Lets go one more step ahead in becoming
proactive and look for ways to prevent the
attackers entry itself. One method of being
proactive is to examine all the activities of the
users, machines and activities. One such way of
doing this is to provide security awareness
training, create policies and procedures for AAA
(Authentication, Authorization and Accounting)
and deploy tools for hygiene such as firewalls,
email gateways, authentication systems.
However, many of the daily activities that are
similar to the attacker activities have to be
known, recognized, altered if possible and
monitor them closely. This requires modern tools
that not only captures such activities but also
maps them to attacker activities to identify a
pattern of activities that an attacker can
shadow and hide under the radar while
executing the attack.
?
4
Modern security platforms such as Seceon aiXDR
can track all activities, and use its dynamic
threat models to map them to an attacker pattern
and either automatically respond to anomalous or
suspicious behaviors by users, machines or
networks or notify IT/SOC teams to address
them. This will not only deter the attacker but
will catch the attacker early in their beginning
stages of an attack. Such proactive approach is
not undertaken today because of lack of tools and
awareness.
If you are an MSP/MSSP and concerned about the
rise of RMM based attacks, contact us and we
would be happy to share how our existing
MSP/MSSP partners are automating detection and
responses for the threats CISA is highlighting.
Contact Us
Address - 238 Littleton Road Suite 206 Westford,
MA 01886 Phone no - 1 (978)-923-0040 Email Id
- sales_at_seceon.com Website - https//www.seceon.c
om/
Write a Comment
User Comments (0)
About PowerShow.com