Is Your RMM Tool Automating Against You?
Automation is one of the most potent capabilities of a Remote Monitoring and Management (RMM) system. With automation you can delegate many time consuming routine tasks, like updating programs and protections, to the RMM tool itself, thus freeing up your staff’s time.
These abilities sound amazing, but there’s another side to them. It shouldn’t be surprising, but with such capabilities being given to machines there are also some risks. One possibility is that the automation itself could backfire, resulting in things like incorrect or corrupted updates being distributed to various systems. The worst-case possibility would be if the automation was repurposed (see: weaponized) by a third party with malicious intent.
What could happen if automation backfired?
Updates fail, it’s as simple as that. The reasons vary, the update itself could be flawed, there could be conflicts between the update and existing software, or the update could simply be mislabeled. These failures can impair the protection or usability of systems. Alternately, if the backup processes of a network were automated, then a failure would result in there being no functional backups in case of an emergency.
What could happen if automation was weaponized?
If the automation capabilities of an RMM platform were weaponized, then any managed system could be compromised or utilized in a number of ways. This could allow an attacker to push malicious software (malware) to all of the endpoints. That malware could be as innocuous as adware, or as damaging as ransomware. Automation could be leveraged to stealthily deploy Remote Access Tools (RATs) out to each of the endpoints, compromising the managed systems even further. The automation could even be leveraged to uninstall, remove, or disable protection on those systems, thus opening the door for other attacks.
How can you prevent this?
The first step to ensuring your RMM tool isn’t automating against you is to recognize that automation is not a fire-and-forget IT solution. Human guidance is necessary to ensure that everything stays running smoothly.
One factor that requires human oversight is the assignation of specific updates to specific systems. A server will need different updates in different ways than a workstation. For example, servers don’t often need Java or Adobe at all, and updating/restarting those systems every day may be less than ideal. Workstations on the other hand could easily work with a daily update/reset at the end of the workday.
Another preventative measure that requires human guidance is the periodic review of automation in place. This serves to ensure the functionality, security, and usability of those systems. This often involves reviewing the automation and checking that it works as it should, hasn’t been tampered with, and is optimized for the system it currently affects.
Finally, it’s important that a business have someone in charge controlling who is allowed to author and/or execute automation. Tight controls should be in place around such a privilege, as it poses a great risk to a business’s infrastructure if done incorrectly or maliciously.