A Vulnerability Analysis of Endpoint Management & Monitoring Solutions

Endpoint management and monitoring solutions are used to monitor and administrate servers and clients in most corporate networks. While enabling automation and centralized management, they also significantly add to the networks attack surface. Most solutions deploy high-privileged agent services to all systems in the network that are centrally controlled via custom communication protocols. A security vulnerability in either the central component, the agent services, or the communication channels can have a major impact on network integrity affecting the entire company. Our research has shown that many solutions are based on outdated proprietary software using custom protocols and authentication methods.

In this talk, we dissect the security of endpoint monitoring and management solutions based on 4 examples (Solarwinds N-Central, Nagios XI, Broadcom Automic Automation and Ivanti DSM). We identified multiple reoccurring high impact issues which we categorize and present using examples from our research. Through a series of live demonstrations the audience will be able to form their own opinion on the security posture of endpoint management and monitoring solutions. Finally, we will give a collection of security recommendations for vendors as well as corporations and their IT management.