Tag Archive for: Guideline

Researcher Claims N-able Guideline Exposes MSPs to Security Risk


N-able says only a small number of MSPs are at risk.

Fundamental Cyber says N-able, the spinoff of SolarWinds’ MSP business, is undoing Microsoft’s built-in protections

According to the Sweden-based company, N-able is recommending MSPs eliminate security safeguards, therefore exposing them to potentially devastating cyberattacks.

Fundamental Cyber is not a Solarwinds or N-able competitor. It just came across the N-able security flaws while conducting research.

In the aftermath of last year’s massive supply chain attack, SolarWinds said it was beefing up its security to better protect itself and its customers.

Sudhakar Ramakrishna is SolarWinds’ president and CEO. Back in March, he had this to say:

SolarWinds' Sudhakar Ramakrishna

SolarWinds’ Sudhakar Ramakrishna

“We’ve added a level of security and review through tools, processes, automation and, where necessary, manual checks around our product development processes that we believe goes well beyond industry norms to ensure the integrity and security of all of our products. We firmly believe that the Orion software platform and related products, as well as all of our other products can be used by our customers without risk of the Sunburst malicious code.”

However, Fundamental Cyber’s research claims N-able‘s guidelines around Workgroup environments are putting MSPs at risk.

Fundamental Cyber assists companies with data protection, privacy law compliance and incident reporting.

David Williams is co-founder of Fundamental Cyber.

Foundational Cyber's David Williams

Fundamental Cyber’s David Williams

“The big picture is that N-able, which is meant to protect you, meant to protect your company, to add another level of protection, is actually undoing all of the built-in protection,” he said. “So they’re taking the most fundamental things that Microsoft puts there and disabling them, and then they’re using all the worst practices, like not just sharing a password and a username, but actually setting all of the computers at an administrator level. So they all have the power to do a lot of harm.”

Lewis Pope is head security nerd for N-able.

“As a documented best practice, N-able advises MSPs deploy agents directly to each workstation rather than use probes in…

Source…