MSP's should get rid of RMM?

Lately on Youtube there are a couple of sources that (in light of the recent Kaseya Ransomeware spread) are recommending that all MSP’s totally get rid of the RMM as it requires admin privileges’ and is another attack vector for bad actors. This irritated me. It feels like throwing the baby out with the bathwater. Maybe they are trying to make some sort of bold statement to get views, I don’t know but…anyone else have thoughts on this?

Yup, pretty much just this

bold statement to get views

I have not heard any compelling practical advice that solves the issues of needing to manage systems in a scalable way. Microsoft could create a real solution but I would not hold my breath on that idea.

1 Like

Is it time to ditch your RMM?
https://youtu.be/r8r97GonMc4

Microsoft Lighthouse “RMM”

Neither video really makes practical sense to me. Maybe in a larger market than Traverse City,MI or if all of my clients were completely cloud based, or all had Active Directory…even then it doesnt make sense to me.

If the network is all Azure based, then things might be easier, Intune for package management and other things that SCCM does, etc. Maybe their Windows 365 so that you have a “local” machine at each location where you can connect through a web browser and do work?

Of course what all that is missing is a centralized control and monitoring point for dealing with multiple different companies who might all call at the same time.

Having boots on the ground in each company is still a good plan, but so many companies just won’t do it.

Recent events bring real questions into play we need to be asking though. The only different between an RMM and a RAT is who deploys it and why, the security ramifications are real and serious. Especially if you also exclude it from your endpoint protection. I just did a writeup on this very topic (not being paid, no ads, etc, just my opinions): Is it Time to Let Go of Your RMM? — Dom Kirby

I think, at some point, RMMs will be obsolete if they do not seriously pivot their product strategy to support Modern. For my modernized clients, RMM was doing next to nothing.

Microsoft has MECM for end user systems, etc.

Remember before broadband in the dial up days the was PC Anywhere and Co-Session that was the better of the two, Then there was BO2K that went legit as a remote access tool that could be locked down controlling who could access the network. Ok it was a blackhat tool but it designed to keep other blackhats from poaching.

Also the founder of Veracode a billion $ company, read on.
In 2001, Cult of the Dead Cow, a US hacker group released SMBRelay. The group started in 1984 and created waves all over the world numerous times through its controversial software releases. The SMBRelay project was the brainchild of Josh Buchbinder. The hacker world knows him by the name Sir Dystic. He wrote SMBRelay in less than two weeks. He also authored Back Orifice, which was released in 1998. Similar to Back Orifice, SMBRelay too was focused on Microsoft Windows systems. http://www.bo2k.com/author/bo2k/

If MSP put their own asset (like a PC) and have PRTG installed and have probe agents installed into necessary servers and VM (with superuser id rather than administrator), would that help?

I would say yes, but the pushback would be that you have to login twice to manage a customer’s system.

This allows the client to have full ownership of their access. They can opt to provide their MSP a new password to access every time or not. The ball is back at client’s end. This gives a level of liberty to the client that MSP does not “Control” their assets, … they just help manage it (with their permission and acknowledgement). My 2 cents :).

2 Likes