Taking A Proactive Approach To Security

We have added some neat new security features that I thought I would share. The motivation to implement the first one came from u/RobMSP who pointed out that RMM platforms do not scan for malware for the things you upload and deploy (I agree with him that they should – sure it might not always stop things but it’s better than doing nothing at all). It seemed like an easy to implement feature that would help with security. If you have some rouge employee at your MSP or some 3rd party that got your password (and you weren’t using 2FA?) and they are trying to push out some malware through your helpdesk buttons account, then we could at least stop them if the malware has a known signature. So I am happy to announce that all uploads of payloads are now scanned with ClamAV. Here is what it looks like when I tried to upload some copies of the EICAR Anti Malware Testfile:

In addition to that, we have created a pretty nifty suspicious activity monitoring suite. Basically we have a list of things that might be bad but we can’t be sure. And each of those things has a number of points assigned to it as to how suspicious that specific action really is. And if you get 200 points during a set time window then we block your IP address. We are still fiddling with the numbers but right now it breaks down like this:

  • Login: Invalid username: 20 points
  • Login: Invalid password: 10 points
  • 404: Page not found: 5 points
  • 500: Server error: 10 points
  • Password Reset failure (expired, invalid, or reused verification link): 5 points
  • invalid captcha: 5 points
  • Change Account Email failure (expired, invalid, or reused verification link): 5 points
  • uploaded malware: 150 points

Here is what it looks like when you get blocked:

We have already seen some neat activity in the DB with this new feature. So I’m excited it’s working and helping to make you guys safer.