On August 16th, 2023 the Cybersecurity and Infrastructure Security Agency (CISA) dropped their "first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC)". Titled the "Remote Monitoring and Management Cyber Defense Plan", this plan outlines and addresses the risks remote monitoring and management (RMM) software face in the modern threat landscape. One of the biggest vulnerabilities that organizations face is the exploitation of RMM software by external threat actors. This software is often used by managed service providers (MSP) or IT departments to provide support, management, analysis, and configuration for the devices that make business operations possible. However, if these applications are compromised they can be used by cyber criminals to elevate privileges and move across a victims network undetected.
CorpInfoTech is proud to announce our collaboration with JCDC on this cyber defense plan for MSP's that utilize RMM software. Founder and President Lawrence Cruciana recognizes the need for securing these applications if MSP's and SMBs are to survive in the current security landscape.
"I am excited to help promote a body of work that continues to be a major personal and professional area of focus. The overall security posture of the Managed Services space has increasingly been targeted and exploited by numerous threat actors. Over the past 5 years, I've worked to promote the urgent need to improve this industry - specifically the security around Remote Management and Monitoring (RMM) tools. In partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and as part of the broader National Cybersecurity Policy. I'm excited to share the first plan published from JCDC’s 2023 Planning Agenda. As a member and contributor to CISA's Joint Cybersecurity Defense Collaborative (JCDC), the RMM plan combined with the RMM Cyber Defense Plan (released in July) serve as an informational reference for both end-customers and MSPs alike on how to safeguard their organizations against malicious use of RMM tools." - Lawrence Cruciana, Founder and President of CorpInfoTech
This cyber defense plan follows CISA's Guide to Securing Remote Access Software released in June of 2023. This document, in which CorpInfoTech also collaborated on, provides organizations with a remote access software overview and guidance on how to defend against malicious use of these applications. Like RMM software, remote access software is often used by organizations to manage networks, computers, and a multitude of other devices. The hope is that these two documents will provide extended guidance for organizations who use and rely on these technologies everyday.
