Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


December 6, 2022 |

Action1 Adds Threat Actor Filtering to RMM Software

The new feature uses artificial intelligence to identify and automatically deactivate new accounts setup by hackers intent on using Action1’s solution to attack vulnerable end users.

Action1 has added threat actor filtering technology to its cloud-based RMM platform in a bid to make using a legitimate IT management solution for illegitimate purposes harder for cybercriminals.

The new feature employs artificial intelligence to identify and deactivate new accounts setup by hackers intent on using Action1’s software to attack vulnerable end users. That’s work the company has been performing manually until now whenever someone happened to notice its solution being used as a weapon instead of a tool.

“We saw that a few times and we would disable those accounts,” says Mike Walters, Action1’s vice president of vulnerability and threat research. “In certain cases, we even got contacted by law enforcement.” 

The new functionality uses artificial intelligence to eliminate weaponized accounts automatically following anomalous behavior indicative of malicious activity. “It’s not always obvious,” Walters says. “Something that looks legitimate may not be legitimate and vice versa too.”

Examples of usually illegitimate activity include someone setting up an Action1 account minutes after creating the associated admin email domain, or deploying agents on 100 endpoints in 100 different Active Directory domains. “That’s not a typical situation even for an MSP who has multiple clients,” Walters notes.

Other signs of software misuse include regularly deleting all of the endpoints in an account and replacing them with a completely new set of devices, something a human monitor could easily miss, Walters says. “This is actually where some sort of AI-based detection was needed,” Walters notes. “It requires some pattern watching.”

The new feature archives information about the accounts it disables in case investigators could benefit from it later. Some 23,900 people reported losses topping $347 million in 2021 due to tech support scams, according to the FBI. That’s a 137% increase from the previous year.

Though not on Action1’s roadmap yet, a feature that would use AI to spot anomalous activity in legitimate but breached accounts used by MSPs is under consideration for future release.

Platform security is one of the main topics MSPs ask about when evaluating Action1’s product, Walters notes, thanks to widely reported attacks on management software from SolarWinds, Kaseya, and others. Research published by Action1 in June found that 23% of SMBs worldwide are looking to replace their current IT provider, and that failure to respond to incidents in a timely manner is one of the top three reasons why.

Like other RMM vendors, Action1 has made shielding its software from assault a top design priority. The system whitelists user IP addresses, supports role-based access privileges, and mandates use of multifactor authentication at logon. “You cannot even create an Action1 account without enabling an MFA mechanism,” Walters says.

Walters hopes to see more RMM vendors roll out tools for blocking illegitimate users like its threat actor filtering feature, noting that attackers unsuccessful at creating an account with Action1 will otherwise simply move on to less carefully protected platforms. “It has to be something that many other vendors become concerned about,” he says.

Action1 was co-founded in 2018 by Walters and CEO Alex Vovk, who co-founded data security vendor Netwrix before that. Private equity investor TA Associates bought a majority stake in Netwrix in 2020.

ChannelPro included Action1 on this year’s list of lesser known, up-and-coming “vendors on the vanguard.”

Editor’s Choice

Broadcom-VMware Shakeout: How the Channel Has Been Affected By the Big Industry Acquisition

April 11, 2024 |

Industry experts weigh in on the “messy breakup” that MSPs were left with after Broadcom’s acquisition of VMWare.

Selling Cybersecurity: How MSPs Can Become Crucial Partners in Managing Risk

March 27, 2024 | David Powell

MSPs should try to bring an end customer into the cybersecurity fold. Here are some ways to help drive that.

3 Questions with Ingram Micro’s Sanjib Sahoo on Integrating AI into Managed Services

March 25, 2024 |

Ingram Micro’s EVP and chief digital officer shares some insights on how MSPs can effectively integrate artificial intelligence into their business operations.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience