MSP, Risk Assessments/Management

MSPs Shouldn’t Gamble on Third-Party Agent Security

Credit: Adobe Stock Images

COMMENTARY: MSPs play an essential role in IT operations for organizations worldwide, providing a convenient, cost-effective way for businesses of all sizes across all industries to cut through the complexity of managing their own technology deployments. One forecast from Grandview Research estimates that the MSP market will increase by a massive 13.6% CAGR from 2023-2030. But as MSPs boom, they’re also becoming a bigger target for cyberattacks.

It makes sense that hackers would target MSPs. If you can breach an MSP, you can gain access to their clients’ valuable data and applications. That’s precisely what happened to Kaseya in 2021 and Tigo Business in 2024. There’s even a ransomware group that’s been prioritizing attacks on MSPs.

There are a number of factors that leave MSPs vulnerable to attack and quite a few things they could do better. But I want to focus on one issue in particular that’s flown under the radar and has major repercussions: MSPs’ reliance on third-party agents.

Third-party agents kneecap security efforts

One of the most underestimated vulnerabilities in MSP environments is the use of third-party tools that rely on agents installed on servers or end-user devices. Third-party platforms often require the use of agents installed directly on client systems. These agents are essential to the operation of the software. But they create entry points for attackers if they’re not regularly updated, patched, or properly configured – and there’s little transparency showing how effectively and frequently most vendors are doing each of these. The issue is exacerbated when agents incorporate suboptimal security practices, such as using hardcoded credentials or outdated security protocols. 

At a high level, there are three major security issues with third-party agents:

  1. A bigger attack surface: Every agent running on a server or endpoint becomes another possible way in for attackers. If an agent is vulnerable, the whole environment can be compromised. 
  2. Difficult maintenance demands: Keeping agents secure requires frequent updates and patches, but even the most diligent MSPs can fall behind. A delayed patch or missed update can leave systems open to exploitation. 
  3. Trusting another entity: Leveraging a third-party agent means you’re handing over a huge amount of trust to someone else, with little control over whether or not they make costly mistakes. 

So, how do security issues caused by third-party agents manifest in the real world? The recent SolarWinds Web Help Desk (WHD) breach provides a perfect example. This flaw allowed attackers to exploit hardcoded credentials (CVE-2024-28987) to access WHD endpoints, potentially allowing unauthorized users to modify data or access sensitive information. It was introduced 100% by an agent-based tool.

Instead of third-party agents, consider native Microsoft tools

Most third-party platforms rely heavily on agents. That’s why MSPs should consider native solutions instead. There are a few different choices here, depending on your clients’ needs. But generally speaking, there’s one name you can’t go wrong with: Microsoft.

Native Microsoft tools like Microsoft Defender, Azure Virtual Desktop (AVD), and Microsoft Intune all incorporate an agent-free architecture. Since these sorts of Microsoft native tools are pre-built right into the Windows Operating System, they don’t need agents installed on end-user devices or servers. This minimizes the attack surface, providing MSPs a more secure way to manage environments.

MSPs don’t have to worry about patching and updates of third-party agents when using these Microsoft tools, as they are part of existing Windows updates MSPs are used to managing for their customers. This predictable schedule of updates ensures that systems remain secure without requiring manual intervention from MSPs. A recent example is the swift resolution of the Windows Kernel TOCTOU vulnerability (CVE-2024-30088), which was patched before widespread exploitation could occur.

Microsoft also delivers excellent identity management capabilities. With tools such as Azure Active Directory, Microsoft enables password-free authentication methods, eliminating one of the major vulnerabilities often found in agent-based tools: Hardcoded credentials. By leveraging secure identity management practices, MSPs can protect their client environments from unauthorized access.

By eliminating the need for agents, MSPs using native Microsoft tools can avoid many of the vulnerabilities that come with agent-based platforms.

Third-party agents can compromise MSPs and their clients

Growing IT complexity is driving more enterprises to MSPs. But this complexity – along with increasing sophistication among attackers – is also making it harder for MSPs to protect themselves and their clients. There are several efforts MSPs should take to minimize these threats. Switching from third-party agents is a good first step. Of course, MSPs will find a range of different native platforms that might make sense for their businesses, depending on their needs. Microsoft, however, provides possibly the widest breadth of services and a rock-solid cybersecurity reputation.

ChannelE2E Perspectives columns are written by trusted members of the managed services, value-added reseller, and solution provider channels or ChannelE2E staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].

Will Ominsky

Will Ominsky is vice president of MSP sales at Nerdio.

You can skip this ad in 5 seconds