Keeper Security has introduced a remote access solution designed to be a safer alternative to RDP, VPN, and remote control solutions from makers of RMM and PSA software.
When used in conjunction with the credentials vault in Keeper’s flagship password and infrastructure credentials management products, the new Keeper Connection Manager provides secure single-click access to desktops, laptops, servers, and other resources in a zero-knowledge model that hides credentials from both technicians and the customers they support, according to Craig Lurey, the company’s CTO and co-founder.
“The person who’s been granted access to those targets doesn’t even have access to the credentials that are used to connect to them, and that’s kept completely secured from that end user too,” he says.
MSPs can also use the new product to implement zero-trust strategies, Lurey adds, by enforcing multifactor authentication and assigning least-privilege, role-based access rights to individuals or groups of users based on identities and policies in repositories like Microsoft Active Directory.
Significantly, Keeper emphasizes, Connection Manager is a 100% browser-based solution that requires no client software on the technician’s workstation and no agent on end user hardware.
“You don’t have to install anything on the endpoint, and you don’t have to install a software application on the device you’re using to connect,” Lurey says. That’s an important feature, he continues, at a time when threat actors are increasingly exploiting gaps in agent software and remote access products to perpetrate attacks.
“MSPs are being targeted and their tools are being targeted,” Lurey says. “At the end of the day, you want to limit the number of agents and you want to eliminate that security threat by having these untrusted agents operating on all these devices.”
Other key features in the new product include end-to-end encryption and a session recording feature that lets administrators review a session log step by step.
“I can actually play it back if I ever need to audit what occurred,” Lurey explains.
The system also includes integration technology that allows users to connect directly and securely with databases hosted in platforms like MySQL, Amazon Redshift, and Microsoft SQL Server.
Users can deploy the solution in any on-premises or cloud-based environment connected to their own or a client’s network. As it’s browser-based, the system runs on smartphones, tablets, and other mobile devices in addition to PCs. Supported end user authentication technologies include FIDO 2 hardware keys and biometrics.
Pricing, which Keeper did not disclose in detail, is based on per user per month rates when purchased by MSPs, and per user per year rates when bought by corporate IT departments.
The system doesn’t presently integrate with RMM applications, but will in the future. “We are planning that,” Lurey says. “We have a pretty robust roadmap.”
The new product is based heavily on code that Keeper acquired along with remote access gateway vendor Glyptodon in February. The company has added integration with its other solutions and the session playback feature, among other things, in the weeks since that transaction closed.
The launch of Keeper Connection Manager comes a little over two years after researchers at cybersecurity consultancy Bishop Fox reported eight vulnerabilities in the ConnectWise Control remote access system that were later validated by threat hunting vendor Huntress, and some 10 months after Huntress revealed that attackers used agent-related vulnerabilities to penetrate Kaseya’s VSA remote monitoring and management system. Keeper’s new solution, according to Lurey, is less exposed to such issues because it was created by identity and access management experts.
“Those platforms weren’t built as security products, whereas Keeper and everything we do is as a security platform,” he says.