Remote access software and tools comprise a broad array of capabilities used to maintain and improve IT, operational technology (OT), and industrial control systems (ICS) services; they allow a proactive and flexible approach for organizations to remotely oversee networks, computers, and other devices. Remote access software, including remote administration solutions and remote monitoring and management (RMM), enables managed service providers (MSPs), software-as-a-service (SaaS) providers, IT help desks, and other network administrators to remotely perform several functions, including gathering data on network and device health, automating maintenance, PC setup and configuration, remote recovery and backup, and patch management.
Remote access software enables a user to connect to and access a computer, server, or network remotely. Remote administration solution is software that grants network and application access and administrative control to a device remotely.
Remote monitoring and management is an agent that is installed on an endpoint to continuously monitor a machine or system’s health and status, as well as enabling administration functions.
Legitimate use of remote access software enables efficiency within IT/OT management—allowing MSPs, IT help desks, and other providers to maintain multiple networks or devices from a distance. It also serves as a critical component for many business environments, both small and large empowering IT, OT, and ICS professionals to troubleshoot issues and play a significant role in business continuity plans and disaster recovery strategies. However, many of the beneficial features of remote access software make it
an easy and powerful tool for malicious actors to leverage, thereby rendering these businesses vulnerable.
This guide, authored by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Israel National Cyber Directorate (INCD), with contributions from private sector partners listed on page 10, provides an overview of common exploitations and associated tactics, techniques, and procedures (TTPs). It also includes recommendations to IT/ OT and ICS professionals and organizations on best practices for using remote capabilities and how to detect and defend against malicious actors abusing this software.
