I think that you should already be aware of this news, but Kaseya RMM platform has been compromised by hacers and is infecting clients with ransomware:
How safe is the Itarian platform and can these vulnerabilities at Kaseya also affect Itarian?
Regards
We use Comodo Cybersecurity products that has already proven itself against supply chain attacks with Solarwinds ( https://techtalk.comodo.com/2020/12/23/sunburst-apt-against-solarwind-mapped-to-kill-chain/ )
With Comodo endpoint protection, no matter what and how the hackers use to get their payload into endpoints, they get “Pre-Isolated” using Comodo’s patented Kernel API ( Virtualization. https://techtalk.comodo.com/2020/08/17/comodos-patented-kernel-api-virtualization-under-the-hood/ )
Of course we are increasing our security measures for abundance of caution!
That is great to hear that your still looking at increasing security out of caution @melih. It seems IT Management platforms are a big target right now, which honestly I’m surprised we havent seen this much before given the potential attack surface
Thanks for the message @melih ,
That’s news we on the forum like to hear: that this platform stands out against the others and why.
These facts and events would be great to use for MSP material, (the subforum is still not populated with MSP marketing material).
Can you please let us know if we have to change settings in our profles to maximize our safety against ransomware?
(I already use the standard ‘hardened’ profile, but that was a profile from a year ago.)
New features and settings are still rolling out in every update.
Is it possible to have an ongoing thread with recommended settings for basic/ good security settings which we can adapt in our profiles?
Hi I was just about to post a similar post so thank you for the feedback. A friend of mine that works for an MSP that uses Kesaya is basically fighting for survival as every client is infected it’s a scary thought
wow this job is becoming more and more difficult
Itarian worked with Comodo to help launch SOCaaP https://www.comodo.com/socaap/
at the bottom of this page, you will see the packages.
In my opinion minimum security should now be: This package: Managed Endpoint Security & Cloud 0365 Monitoring
Ideally everyone should be on this Network Managed IDS, DPI Detection & Monitoring + Cloud 0365 Monitoring
Because Both packages offer “Kernel API Virtualizations” a MUST have as well as full Monitoring 24/7/365 by SOC experts.
Its all about the right tools for the job! https://melih.com/malware-ransomware-malware-ransomware-problem/ If you read this blog and click to read the question on the blog…you will see the tools have the problem. A new approach, new platform is what is needed.
I really hope that this Kayesa breach will make Itarian take the security of the RMM platform seriously, really seriously… It was a battle to get two factor authentication support setup - I sent multiple tickets between 2016 and 2018 asking for two factor and it was only implemented in 2019! I think Itarian needs an independent security audit if it wants people to continue to trust this platform! … SOCaaP is not going to save you if Itarian RMM is compromised when you can run any number of scripts to disable any protections…
Hello everyone,
Please check our latest post about Kaseya VSA breach, and “How Safe ITarian Platform Is” from https://forum.itarian.com/forum/gene…arian-platform
Best Regards,
Product Management Team
This is the feedback I was looking for. I hope you guys take the measures against such seriously By the way, has any of your clients suffered from this attack?
https://www.comodo.com/labs-statistics/
So far Zero infection!
Comodo uses a different methodology to protect than every other vendor out there.