What is RMM (Remote Monitoring and Management)?ictaacom-admin
RMM or Remote Monitoring and Management is a proactive approach taken by Managed Service Providers that keeps an eye on your computers and servers.
Typically, an ICT Service Provider will use a system specifically designed to monitor your business 24 hours a day 7 days a week. If a problem arises or the signs of a potential problem arise, your provider will get alerted (email or SMS). They will then filter these alerts through a triage process according to severity. This is a far more proactive approach than the traditional break-fix approach to ICT (when it breaks then we will fix it).
Most RMM solutions are also able to manage mobile devices, online backups, managed antivirus, patches and updates, automated tasks and scripts, and remote logins. They can also be used as an asset tracking system which records details of your hardware and software like serial numbers, model, make, updates, and vendor.
ICTAA recommends an RMM solution for any sized business. That is any business that relies on ICT to function!
From malware to phishing, denial-of-service attacks to drive-by downloads, businesses face daunting security challenges that pose truly frightening fiscal threats. Remote Monitoring & Management provides multiple layers of security.
Let’s spend some time discussing the difference between traditional approaches to cyber security being Anti-Virus and compare it with the modern methods employed by RMM with its multilayer cyber security approach.
Sure, you could go to a retail store and buy an anti-virus product, which might be great for your home computers, and you may wonder why you even need the multiple layers of security offered by RMM?
Let’s explore the risk factors first, your home computer and your work computer could both be hacked; however, hackers don’t care about your Spotify playlist or aunty Tracey’s cookie recipes, they want your business data and the easy money generated from stealing a Human Resources folder full of scanned copies of employee’s driver’s licenses.
The risk of employees triggering malicious attacks at work is steadily increasing, as we tend to open a lot more emails and especially emails from strangers, we have the false sense of security that the IT team has protected us, and we also have time pressures that can cause us to overlook things like an email that’s come from firstname.lastname@example.org.
There is also the financial and reputation risk that businesses face, the reality is Australia is a good target for scammers and hackers, every year we see more businesses targeted and 1 in 5 Australians impacted by cyber and identity threats.
We are also seeing the threat vectors changing and the attacks are becoming increasingly sophisticated with multiple levels that leverage various ICT systems within your business, a good example would be Social Engineering, this vector initially bypasses frontline security by tricking an employee to trigger the attack from within the perimeter of your defenses – hackers will penetrate a network and remain unnoticed for an average of 8 months!
And because of the breadth of the attack vectors, coming from every and any system, you can no longer rely on a single layer of protection, such as a retail anti-virus product, some have gone as far to admit “anti-virus is dead” it can no longer keep up with the rate of threats (a new malware strain is created every 15 minutes) and AV is only providing you protection after the malicious files have already reached your computer, if your AV is out of date , it may not be aware of the latest threats.
If AV isn’t enough, what does RMM offer?
RMM being a proactive approach to IT management, there are a number of tools and software agents at work, and of course AV. Working as a package of tools spread across a number of ICT systems, to address a number of vulnerabilities in each system we use, the RMM helps to plug as many security holes as it can, here is a breakdown of what can be included in most popular RMM arrangements.
In this example I will only talk about RMM systems used to protect Emails:
Managed Anti-virus – this differs from Retail Anti-Virus because managed AV is fully-managed by a team of IT experts, meaning there is someone monitoring your AV for detected threats, and is also ensuring that your AV is always up to date. If a user receives a malicious file, the managed AV product should detect and delete this before it causes an infection, if it doesn’t you should expect a call from your IT team who will be proactively monitoring for these types of events.
Internet Security – is the next generation of AV, Internet Security aims to detect bad things before they happen, AV has taught us a lot about behavioral characteristics of malicious files, an Internet security product will watch for these suspicious behaviors and can even upload its suspicious behaviors to the cloud for further scrutiny. There are also a variety of other tools bundled into Internet Security which include a Firewall and Malware prevention, the magic happens when all this data is reported back to the RMM management platform, giving you an overview of your entire ecosystem, at a glance you can see if computers are running outdated AV or Software, and push out updates where needed.
Email Gateway – is used for a few reasons and its capabilities vary between vendors, here are the most common uses, it can store emails if your email server is offline, it adds additional protection from attackers, it can filter junk email, it can protect you being labeled as a spammer, it can scan emails coming in and can be used to control the flow of emails going out of your business to prevent data leakage. Some email gateways may include an email archiving solution also.
Helpdesk – any IT MSP will happily include a helpdesk support arrangement in the RMM package, in-fact they encourage it. This is handy for many reasons, in regards to emails you might want to contact your helpdesk if you suspect an email is malicious, they can confirm if the email is dangerous by tracking where it come from and performing a ‘sandpit’ check.
Backups – you might want to explore the backup features of RMM, we always recommend you have multiple backup products to spread your risk, RMM backup products can backup emails, individual files or your entire computer, this data could be kept in the cloud or somewhere in your office.
Hardware Performance Monitoring – RMM applied to servers will ensure their performance is monitored and any faults or potential issues can be addressed before they become a disaster – most RMM solutions will include asset tracking, monitoring hardware serial numbers, check-in times, warranty status and other metrics.
Software Updates – and patching of systems is critical to maintaining your defenses, vulnerabilities are discovered all the time and the only way to fix them is with software and firmware updates, this process can be automated by your MSP and most importantly they can report on which systems are failing to receive updates and may need further investigation.
IT Resources – such as the IT company providing you RMM, can also provide you with expertise and knowledge to help you make the right IT decisions, building a good relationship with your IT company will help them understand how your business operates, which will make your interactions more meaningful, most IT companies work across various industry verticals and maybe able to provide you some free insights about your marketplace.
As we have explored there are a number of advantages of RMM over traditional cyber security approaches such as Anti-virus software, in today’s complex ICT landscape its easy to overlook something and accidently open a back-door, and the attacks are becoming very creative and sophisticated and are leveraging different systems and processes within your business to gain the advantage, their multiprong attacks require the same multiprong defenses.