09/29/2023 – Product/company overview: secRMM is Windows security software that audits and controls access to removable storage devices (i.e. USB drives and mobile devices). secRMM is very easy to implement in that it can operate on a standalone Windows computer (even XP!) or can be centrally managed for thousands of computers (using SCCM/ConfigMgr/MEM, Intune, Active Directory GPOs or WinRM). It can be configured to have security policies for computers and/or groups of users.
secRMM is developed by Squadra Technologies. Squadra Technologies is a Microsoft “Independent Software Developer” (ISV) and a member of the “Microsoft Intelligent Security Association” (MISA).
Watch the video: https://youtu.be/mnol0V1fEjI
Details: Looking at the Microsoft documentation for Azure Monitor (https://learn.microsoft.com/en-us/azure/azure-monitor/overview), you can see that:
“Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from your cloud and on-premises environments.”
We are always integrating secRMM into the tools and technologies (especially from the Microsoft security stack) that will help security personnel identify security events related to removable storage devices. Therefore, secRMM has an integration into Microsoft Azure Monitor that presents the security events related to removable storage in the form of charts and tabular reports (which can auto-refresh themselves) right from inside a browser which is pointed into the Azure portal. The screenshot below lists the current “Azure monitor workbooks” for the secRMM security events:
Leveraging the power of Azure Monitor, within the Azure portal, it is very easy to create your own dashboard and in the screenshots below, you can see an Azure dashboard that is centered around the secRMM security event data. In a real “security operations center” (SOC) or “network operations center” (NOC), this data would likely be integrated in with other security event data sources to give a complete picture of the security events within an organization/environment.
In addition to the secRMM Azure Monitor integration, secRMM security event data is also integrated with Microsoft Sentinel which is Microsoft’s cloud Security Information and Event Monitor (SIEM) and Microsoft Defender for Cloud. This gives Azure environments many different options to monitor and control removable storage within the environment. The underlying technology for all 3 of these integrations is an Azure Log Analytics table. secRMM has a simple configuration property named SendToAzureLog which when configured will send the secRMM security event data into your Azure tenant to a log analytics table.
You can download the Azure Monitor workbooks for secRMM on the squadra technologies web site:
https://www.squadratechnologies.com/Products/secRMM/SystemCenter/secRMMAzureMonitor.aspx
Closing: We hope you find this secRMM information useful for your environment(s). Please let us know what you think or if you have a specific requirement for your environment. You can get more details about secRMM by visiting https://www.squadratechnologies.com.
squadra technologies 