The purpose of this document is to ensure you have the information necessary to review your VSA SaaS environment once the service is back online.
Kaseya has found no indicators of compromise from the incident and had no reports of compromises for any VSA SaaS customers. We have taken additional security measures described in this document - https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009.
Kaseya has taken additional steps, including:
- Removed any procedures/scripts/jobs that have accumulated since the shutdown to ensure nothing is a queue to run at startup.
- All agents have been suspended - on resumption of the SaaS service, no agent will be allowed to connect or execute commands until the customer unsuspends them. This provides customers with complete control on when to re-enable the agents and put them back into service.
After your VSA SaaS instance has been restarted and you log in, Kaseya recommends you take the following steps:
These steps are described in more detail below:
Step 1 – Review Your System Configuration
Review common items for accuracy such as:
- Number of Agents
- User Accounts and their Roles & Scopes
- Policy Management
Step 2 – Resume an Agent Group
Kaseya has suspended all agents. We recommend a phased approach to return them to service. You should start with a smaller segment of Machine Groups and/or an applied View (i.e. Workstations). We do not have a recommended “number” of agents that you should be doing at a particular time, but 10-15 is a good-sized first group.
Once you have defined your test group, you can suspend/unsuspend machines by going to the Agents Module > Agents > Manage Agents
There you will need to select the machine(s), then either right-click or navigate to the top menu and click on Manage and select the Suspend/Resume button. Please refer to the images below:
Step 3 – Check Your VSA After Resuming Agents
The VSA should work as it did prior to the outage and we recommend that certain tasks be completed to ensure the validity of the VSA.
1) Establish a Live Connect Session with a Machine
a) Hover over any agent and click the Live Connect Button
b) A successful Live Connect Session will launch as shown in the image below
2) Connect (Shared Remote Control) to a machine from both the Live Connect session that you just opened, and by clicking on the agent icon:
3) Verify the remote control session connects and operates as expected with the agent
Step 4 – Resume Remaining Agents
Using the instructions in Step #2 above, you may restore additional agents that you want to return to service.
Step 5 – Review the VSA SaaS Security Best Practice Document
We have provided a detailed set of recommendations for steps you can take to secure your VSA SaaS instance. Please review the document at the link below and ensure you have reviewed and taken the steps provided in the document - https://helpdesk.kaseya.com/hc/en-gb/articles/4403622421009
Once you have completed your testing and reviewed the best practice document you should find that all features are working and in good order. If you have any difficulties doing any of the above actions, please let us know by creating a ticket at https://helpdesk.kaseya.com.
Please note that the latest patch will remove certain aspects from the VSA. From our patch release notes, they include:
Thank you for your attention and continued support.