Reverse-proxy-as-a-Service (RPaaS) offers turn-key security hardening and best practices for on-premise ConnectWise Automate servers.
RPaaS can stop attacks as early as the reconnaissance phase. By default RMMs will respond by IP, leaving them open to enumeration in IoT scanners that attackers leverage. RPaaS prevents bulk enumeration and applies best practices to avoid fingerprinting.
RPaaS provides industry best practices for hardening RMM stacks. This includes TLS ciphers along with HTTP headers. RPaaS can apply these controls more granularly than server-side implementations, providing a secure and flexible solution.
RPaaS offers MSPs a drop-in solution for securing on-premise ConnectWise Automate servers. The instances are dedicated, allowing custom business rules to be implemented to tailor the solution to each MSP.MSPs can use custom ACLs to codify policy to ensure access only occurs in accordance with established business rules. RPaaS has a self-service plugin, and a REST API for managing ACLs once created, allowing for easy maintenance.A typical ACL use case is to reduce the attack surface of an Automate server. ACLs can be used to block all non-agent traffic -- and then selectively allow access to the rest of the application from specific IP addresses.In addition to TLS and HTTP header hardening, RPaaS implements several additional features and technical controls, such as:
- Obfuscated FQDNs
- IPS scanning
- Traffic log shipping
- HA clustering
- WAF (separate add-on service)