As more workforces have shifted to work-from-home models, bad actors are taking advantage of new vulnerabilities within organizations. Enterprises must adapt their security programs to effectively detect and respond to these new threats.
In the second webinar in our series on securing remote workforces, ReliaQuest Director of Threat Management, Casey Martin, moderates a panel of ReliaQuest experts who dive into current threat trends security teams should look for and ways to protect your enterprise from these threats. The panel, consisting of ReliaQuest CTO, Joe Partlow; ReliaQuest Enterprise Architect, Marcus Carey; and ReliaQuest Threat Intel Engineer, Kevin Kaminski, offers the following tips when preparing your SOC to secure your remote workforce:
1. Be on the lookout for changes in threat activity, including brute-force attacks and geographic-based anomalies.
As your team works remotely, you will likely see an uptick in log-in attempts and failures across your VPN or BDI portals. Stay vigilant, as the noise created from your employees failing to log in from home successfully could also indicate a brute-force attack.
Meanwhile, enforced travel restrictions limit the number of unique places your remote team may be working from. It’s important to not dismiss these anomalies, as they could indicate a malicious outsider taking advantage of the remote work model.
The longer your team operates remotely, the more this activity will establish a new baseline, providing opportunities for your team to tune your content around these threats.
2. Shift your priorities to endpoint management, remote network access, and user awareness training.
When employees work from home, security professionals are faced with new challenges, such as managing VPN usage and employees working from personal devices. Security professionals must look to a defense-in-depth strategy as all their endpoints now live outside the corporate perimeter. Endpoint management tools are one way to increase visibility into user behavior.
In addition, organizations can manage the increase in VPN usage by implementing split-tunnel VPNs, which can maintain visibility into the endpoint while decreasing the load on the VPN.
Many employees may not realize the security risks that are introduced when working from home. Employees can act as an additional layer of security, if they understand the risks and impact. Now is the time to adjust your user awareness training specifically to fit this new model.
3. Test your new controls – and incident response plan – as it relates to your remote workforce.
For many organizations, it’s likely that their last penetration test focused only on corporate network users, not remote users. When these users are no longer on the corporate network, the attack surface changes and introduces new risk.
Target your testing on your newly remote workforce – for both new controls and incident response procedures – through either a pen test, or to better identify your gaps amidst the changing threat landscape, continuous attack simulations.
ReliaQuest believes security is a team sport, so we are sharing use cases, automation plays, and threat intel research powering our GreyMatter platform to help protect your organization. Sign-up for our Rapid Response Resources Series to receive specific use case queries to optimize in your SIEM, attack overviews, and recommended automation plays.
Fill out the form to view the on-demand webinar: