MSP Provider Builds Red Team as Attackers Target Industry

MSP Provider Builds Red Team as Attackers Target Industry
NinjaRMM, which provides tools for managed service providers, aims to create a red team capability following years of attacks against MSPs.

Security professionals are in high demand, but endpoint management software provider NinjaRMM is willing to pay a premium to create an in-house red team with the goal of helping the company pre-empt attacks, officials announced on Monday.

While the 200-person organization already works with a 24x7 managed security service provider and a risk assessment firm to maintain its security posture and detect problems, a red team is the next logical step to improve security by donning the cloak of an attacker, says Lewis Huynh, the firm's chief security officer. Rather than replace the security maintenance functions of its existing suppliers, an internal red team will give NinjaRMM the ability to verify security controls and hunt for threats.

The company plans to hire up to three people to staff the red team, he says.

"The red team is another opportunity to provide a layer of defense to help catch what might not otherwise be caught," Huynh says. "We basically want to have an opportunity to go after our own code and our own environment and do the type of exercise that someone would do on the outside to hack us, and in doing so, the hope is to discover something that has not been seen."

Not many small businesses need their own red teams, but NinjaRMM serves managed service providers, an industry that has become an attacker favorite over the past three years. In 2019, for example, thousands of managed service provider clients using a vulnerable p ..