Verizon has released its annual Data Breach Investigations Report, and Bomgar is happy to announce, “We’re not in it.” So, why would Bomgar be pleased about being omitted? Verizon reports that unsecure remote access and control was the #1 attack pathway used in 2010 (page 35) in the hacking category – a whopping 71% of the time – and specifically calls out several remote support vendors, such as RDP, PCAnywhere, Go2Assist, LogMeIn and Netviewer, as security risks. Why? Because these named products have special vulnerabilities to which Bomgar is not subject.

 

Bomgar was architected to be a secure enterprise-class remote support solution.  Its roots lie in the support of security-conscious customers, not the consumer market.  Because of the initial design objectives, Bomgar is not subject to the same security vulnerabilities inherent in the remote control solutions that Verizon identified as risky. 

 

Let’s examine the special architectural considerations that make Bomgar secure and also take note of the interplay between individual features that, in combination, heighten security beyond each feature individually. 

 

 

Appliance Ownership

Bomgar is delivered as an appliance-based solution.  The data is always under the control and ownership of the customer.  No third-parties ever have access to remote support session data in any form.  This is a significant benefit for customers that must, for example, conform to the requirements of the Payment Card Industry (PCI) Data Security Standard (DSS), appendix A, which holds the customer responsible for payment card data even when third-party outsourced solutions are used.  The customer is liable for any data breach even if the breach occurs at the outsourcer. 

 

Appliance ownership has additional benefits which will become apparent below.   

Concurrent Licensing

Bomgar is licensed through a concurrent license model based on the number of active service desk technicians.  This is in contrast to the named-seat model used by the products identified in the Verizon report.  With Bomgar’s concurrent licensing, it doesn’t matter how many service desk technicians are authorized to use Bomgar; all that matters is how many log in at anyone time.  Thousands of technicians may be authorized to use Bomgar but if only 100 log in at any given time then the customer needs to purchase only 100 licenses.  Beyond having significant cost savings for customers delivering 24 x 7 service, the concurrent model has a security aspect that isn’t necessarily obvious. 

 

The named-seat licensing model essentially encourages the use of shared credentials.  With the named-seat method, it is very common to see remote control login identities such as “Tech001,” “Tech002” and so on.  When a service technician needs remote control, that technician simply uses an available credential.  This has two liabilities.  First, accountability is lost between the actions undertaken in the support session and the specific individual technician.  Second, passwords associated with the shared credentials are rarely updated, which produces an enormous vulnerability as individuals change responsibilities within an organization (promotions, etc.) or leave the company. 

 

With Bomgar, technicians authenticate to Bomgar with their own unique credential.  There is never any need or financial motivation to share a Bomgar credential. 

 

 

Enterprise Directory Authentication 

Coupled very closely with the concurrent licensing model is the ability for Bomgar to provide technician authentication through an enterprise directory such as Microsoft Active Directory.  Enterprise directory authentication provides two main benefits.  First, the technicians authenticate to Bomgar using the same credential they use to login to their workstations.  They are not required to remember a separate credential.  Second, with enterprise directory authentication there is no added burden of credential management.  The authentication to Bomgar is managed as a by-product of normal enterprise directory activities. 

 

Additionally, technician privileges within Bomgar are also managed through group membership within the enterprise directory.  So, for example, if a service desk technician is promoted from first-level support to second-level support, the change in the directory security group would automatically change their privileges within Bomgar.  Similarly, if the technician leaves the support team altogether the change in security group would automatically remove their ability to access Bomgar.  Finally, and most importantly, when an individual leaves a company their enterprise directory credential would be disabled as part of the exit process.  Disabling the credential immediately removes their ability to access Bomgar.  Contrast this process with the named-seat model that has manual administrative overhead activities associated with technician credential management.  Incidentally, failure to remove named-seat access for former employees is a major attack vector. 

 

 

Directory Port Access

Another subtle advantage to appliance ownership is that enterprise directory integration is possible without requiring a company to open outside access to their domain controllers.  Since the Bomgar appliance resides within an enterprise’s own network infrastructure the risk associated with opening ports to outside entities is removed.  Further, Bomgar offers additional capabilities such that it is not even necessary to open an inbound port to the directory when the Bomgar appliance is positioned in a company’s network DMZ.  

 

While this is a subtle aspect, it’s actually a huge benefit.  Very, very, few organizations are willing to expose their enterprise directories to outside entities.  With other remote support products, that eliminates the possibility of service technician authentication with the centrally controlled and managed directory and thus exposes the other weakness detailed above. 

 

 

Outbound Client Network Connections

There are multiple ways to initiate a Bomgar session but regardless of how the session is initiated, the remote control connection is always an outbound connection from the client to the Bomgar appliance.  In contrast to some of the products named in the Verizon report, with Bomgar, a remote control connection is not maintained through an open listening port on the client computer.  Open listening services on Internet-connected computers are a major source of compromise. 

 

Data in the outbound client connections to the Bomgar appliance are encrypted using the public key portion of the SSL certificate of the Bomgar appliance.  This means that only the Bomgar appliance can decrypt the data.  Thus, the Bomgar client connection is essentially immune to any type of man-in-the-middle (MITM) attack. 

 

Additionally, all client connections—whether that of the remote computer receiving support or from the service technician providing the support—terminate at the Bomgar appliance.  There is no peer-to-peer connection exposure to allow the service technician to establish a direct unsupervised, unaudited, connection to a remote customer. 

 

Multifactor Authentication

Bomgar supports multifactor authentication of service technicians usually in the form of (but not limited to) hardware tokens such as RSA SecureID.  Physical factor authentication adds a substantial barrier to impersonation for customers requiring the highest levels of security.  The PCI DSS also specifies multifactor authentication as a requirement.   

 

With Bomgar, multifactor authentication layers in on top of all the security aspects of enterprise directory authentication & authorization mentioned above.  Additionally, just like domain controller access, appliance ownership removes any risk associated with exposing the multifactor authentication service to outside entities.