Are you attending RSAC, Gartner Security and Risk or .conf22? Meet us in-person to see a live demo of our security operations platform, GreyMatter. Read More ➞

Is Your SOC Ready to Secure a Remote Workforce?

As many enterprises grapple with the sudden shift to an entirely remote workforce, bad actors are looking to take advantage of users’ unfamiliarity of their new working conditions.  The types, volumes, and sources of threats have evolved rapidly in recent weeks.  Hackers often use current events and fear to create a sense of urgency, eliciting users into opening attachments and clicking links.

Common Hacker Tactics in a Remote Workforce


One method hackers are using is sending phishing emails seemingly with relevant information regarding Coronavirus.  Phishing campaigns entice recipients with information regarding how to protect from the coronavirus with an attachment, such as Microsoft Office documents, or link to malware.  Variants such as Emotet or Lokibot can be the final delivered payload, but other ransomware, trojan, or bot variants are common.  Successful execution can result in a disruption of business critical systems, credential theft, or crypto mining.

Browser Exploits

In the last couple weeks, the number of domains registered with Coronavirus related terms has spiked with ~1000 registrations a week since Early Feb, according to Check Point Research.  Hackers use fake information sites, including fake coronavirus maps, to solicit for personal information and use browser exploits to inject malware directly to users’ systems.  One common malware seen with fake coronavirus maps is AZORult, a family of spyware that steels data like login credentials and banking information, and acts as a command-and-control to download additional malware.

Protecting Newly Remote Users

During the webinar, we discussed detection methods for recognizing these types of tactics with the added challenge of gaining visibility to remote systems.  With many enterprises leveraging SAAS solutions, often remote users will not be on a VPN accessing corporate applications or data.  This also means their traffic is not passing through traditional preventative security solutions such as NGFW/IPS nor leveraging internal DNS.

While some enterprises may elect to push all users into a full VPN to regain elements of visibility and control, the additional capacity and expense will not be a common option.

The webinar covered different solution types around areas such as:

User Awareness

What types of communications provide optimal cyber security awareness and education? While many users may have temporarily worked at home previously, they will be unfamiliar and perhaps initially uncomfortable working from home fulltime.  Security is in an ideal role to provide guidance, set expectations, and create awareness for the threats they may encounter.

Endpoint Agents

How can existing technology be utilized more optimally with your remote users?  How can Endpoint Protection Platforms (EPP) or Endpoint Detection and Response (EDR) be fully leveraged for host intrusion prevention, threat detection, and forensic investigation?

Vulnerability Management

How can vulnerabilities be recognized and managed across remote systems?

Additional Monitoring

Unfortunately, the baselines either gathered through machine learning or from manual daily analysis are no longer valid.  How can new norms be established?

More resources for your SOC:

More Articles

3 Signs It’s Time to Rethink Your Security Operations Strategy

Today, the security industry is over-saturated with technologies and tools. While many enterprises have established or are setting a foundation for their security operations with Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR), there are countless point solutions arising to extend them, from SOAR to CASB, UEBA and more. Although each […]

5 Ways to Use Continuous Attack Simulations to Validate Your Security Controls

How confident are security teams that their controls will catch attacks when they arise? Ask around, and you might notice a theme: as enterprise security models grow in complexity, teams struggle to validate their security controls, increasing the likelihood of undetected breaches, gaps in protection, and weaknesses from unpatched systems. These scenarios are indeed worrisome, […]