Kaseya said it released a patch for local VSA customers when it turned on its servers on Monday morning US time and 100 percent of its SaaS customers were live after being offline for more than a week after the ransomware attack.
In an update this afternoon, the company said, “With the large number of users coming back online in a short window, we’ve seen some performance issues. We made some configuration changes to address and reboot the servers to take effect and improve performance. “
Kaseya had said earlier that day that all of its SaaS customers were live at 5:30 p.m. AEST on Tuesday.
Fred Voccola, CEO of Kaseya, told CRNtv last week that the provider has a “very modular approach” to security, which makes it easier to contain a ransomware attack.
“We have different data centers, we have different SaaS operations teams (and) security teams, so only one of our 27 modules was affected,” he said. “That is also one of the reasons why only 50 or 60 of our customers, our MSPs and direct IT shops, were affected.”
He said there is always a balance between a product on the market and a technically safe product that stands in the laboratory and is never used. In the future, Kaseya will have the most secure endpoint management products in the world.
Many now MSPs, distributors and vendors have lost sleep since the cyber attack about what can be done to be prepared for the next one.
Wes Spencer, CISO of Tampa, Florida-based IT provider ConnectWise, compared a ransomware attack to a hurricane and said it was all about preparation.
“Nobody can stop a hurricane, but how can we be prepared when it comes?” He said. “The cyber world is the same. It comes, when does it come? And when the time comes, what do we do about it? “
Another important question is what companies are doing to reduce the impact of these violations if they do occur, he said.
“We’ve followed the evolution of the threat actors and understood how to monopolize and monetize MSPs,” he said. “They understand all customers they have under their control and power.”
And it can happen to anyone, he added.
“We are all targets,” he said. “That is the fear that keeps us awake at night. That drives us to understand what the advanced cybersecurity at ConnectWise looks like. “
While MSPs offer a variety of services to protect and secure their customers, they don’t always rely on a single technology solution to get their jobs done, said Dave McKinnon, CSO of remote monitoring software provider N-able.
“It’s not uncommon to find an MSP that uses an RMM paired with another help desk solution and another backup product,” he said.
For Dan Komis, CEO of Long Island-based MSP TechRunner IT, cybersecurity is a multi-pronged approach.
“The vendor has to provide a secure solution, the partner has to understand the solution and be able to implement it for the customer, and the end user has to understand what to do and take responsibility for it,” said Komisis. “The simplest example is two-factor authentication. Every end user struggles with it because it’s an extra step, it’s difficult.
“Cybersecurity is rarely convenient,” he added. “So it’s that balance between risk and ease of use.”
The downside for the customer is that it’s expensive at times, with a layer of security that could cost $ 5,000, Komis said.
“For companies with fewer than 20 employees, that’s a large number, it has an impact,” he said. “The challenge that companies like mine have now is that we have to dictate how our customers can deal with it.” And accept. It is something that smaller MSPs deal with every day and many of them are afraid to make that decision because they are afraid of losing business. “
Days after the break-in in Kaseya, the attack is said to “literally keep everyone up at night”.
“I haven’t slept,” he told CRN. “The second you close your eyes is all you think about. What do we have to do in ourselves? What else can we see? “
In the future, according to McKinnon, MSPs should require multiple levels of technical and security controls such as multi-factor authentication, antivirus, patching, and backup. Other factors should be endpoint detection and response (EDR), security information and event management (SIEM) and threat intelligence.
Vendors should band together to “understand insights, apply best practices, and act quickly to support our own customers and the community at large.”
And on the human side, it requires a “safety culture” through awareness and readiness exercises for safety training.
“As a provider, we owe it to our customers to do everything in our power to develop the tools they use to deliver these solutions securely, to respond appropriately and quickly to vulnerabilities and threats, and to work with the relevant authorities to help react. ”he said.
#Kaseya #releases #patch #restores #VSA #servers #ransomware #attack