"NSA, CISA, and MS-ISAC Release Guidance for Securing Remote Monitoring and Management Software"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released the "Protecting Against Malicious Use of Remote Monitoring and Management Software" Cybersecurity Advisory (CSA). The purpose of the CSA is to help network defenders combat the malicious use of legitimate Remote Monitoring and Management (RMM) software, which is commonly used by Managed Service Providers (MSPs) and help desks to provide security and technical support. This software is designed to facilitate network management, endpoint monitoring, and remote interaction with hosts for Information Technology (IT)-support functions. Cybercriminals and Advanced Persistent Threat (APT) actors can evade anti-virus/anti-malware defenses through the malicious use of RMM software. CISA, NSA, and MS-ISAC advise network defenders to implement mitigations such as auditing installed remote access tools to identify RMM software, implementing application controls to prevent the execution of unauthorized RMM software, blocking inbound and outbound connections on common RMM ports and protocols, and more. This article continues to discuss the guidance released by NSA, CISA, and MS-ISAC for securing RMM software.