Supply Chain Attacks becoming a serious problem for remote access - Kaseya hack showed it drastically

Problem: supply chain attacks

The supply chain in information systems is a huge pyramid, often with the cloud-based infrastructure of a commercial software vendor on top. Instead of attacking a single computer or the network of just one company, the top of a software supply chain is more attractive because malware is distributed to thousands or millions of victims.

We had several of these supply chain attacks recently. Public infrastructure got damaged and millions of euros of ransom has been paid.

A super attractive target for attacks are remote management systems running in the cloud.
Imagine there is a national cleaning service that cleans all houses in a country. For the comfort of the customers, the cleaning service has keys to all houses. The box with all the keys is very attractive for a burglar. The comparison lags because in information technology it happens on an international level. Companies that run remote management SaaS have the keys to fully access billions of computers in all countries and all business areas.

Many companies are aware of the risk. They give all their keys to an outside party because there are no alternatives. Not using software assisted remote management of computers is not an option.

Champaign Pyramid
What happens if you put a drop of poison into the glass on the very top?
You did a supply chain attack.

Solution: Brake the supply chain with open-source

RPort enables system administrators and MSPs to set up a secure and efficient remote management without the risk of being attacked through the supply chain.

How is that possible?

RPort runs distributed without a central dispatcher on top of the pyramid. Each customer runs its own server and creates a protected and private network for the remote management. If intended, completely disconnected from the internet.
The open source community continuously inspects the source code. Customers can test updates in their own sandboxes before the deployment.


Comments

Popular posts from this blog

September release is underway

Is RRort an alternative to Kaseya VSA?