New Research Report: What are security leaders saying about their security postures? View the Findings ➞

Three Tips from ReliaQuest’s Experts on Preparing Your SOC to Secure Your Remote Workforce

As more workforces have shifted to work-from-home models, bad actors are taking advantage of new vulnerabilities within organizations. Enterprises must adapt their security programs to effectively detect and respond to these new threats.

In the second webinar in our series on securing remote workforces, ReliaQuest Director of Threat Management, Casey Martin, moderates a panel of ReliaQuest experts who dive into current threat trends security teams should look for and ways to protect your enterprise from these threats. The panel, consisting of ReliaQuest CTO, Joe Partlow; ReliaQuest Enterprise Architect, Marcus Carey; and ReliaQuest Threat Intel Engineer, Kevin Kaminski, offers the following tips when preparing your SOC to secure your remote workforce:

1. Be on the lookout for changes in threat activity, including brute-force attacks and geographic-based anomalies.

As your team works remotely, you will likely see an uptick in log-in attempts and failures across your VPN or BDI portals.  Stay vigilant, as the noise created from your employees failing to log in from home successfully could also indicate a brute-force attack.

Meanwhile, enforced travel restrictions limit the number of unique places your remote team may be working from. It’s important to not dismiss these anomalies, as they could indicate a malicious outsider taking advantage of the remote work model.

The longer your team operates remotely, the more this activity will establish a new baseline, providing opportunities for your team to tune your content around these threats.

2. Shift your priorities to endpoint management, remote network access, and user awareness training.

When employees work from home, security professionals are faced with new challenges, such as managing VPN usage and employees working from personal devices.  Security professionals must look to a defense-in-depth strategy as all their endpoints now live outside the corporate perimeter.  Endpoint management tools are one way to increase visibility into user behavior.

In addition, organizations can manage the increase in VPN usage by implementing split-tunnel VPNs, which can maintain visibility into the endpoint while decreasing the load on the VPN.

Many employees may not realize the security risks that are introduced when working from home. Employees can act as an additional layer of security, if they understand the risks and impact. Now is the time to adjust your user awareness training specifically to fit this new model.

3. Test your new controls – and incident response plan – as it relates to your remote workforce.

For many organizations, it’s likely that their last penetration test focused only on corporate network users, not remote users.  When these users are no longer on the corporate network, the attack surface changes and introduces new risk.

Target your testing on your newly remote workforce – for both new controls and incident response procedures – through either a pen test, or to better identify your gaps amidst the changing threat landscape, continuous attack simulations.

Ready to learn more? Get the white paper: Continuous Attack Simulations:  How to Identify Risk, Close Gaps, and Validate Your Security Controls

More Articles

Top 3 Mistakes When Simulating Cyber Attacks

Breach and attack simulation (BAS) offers an efficient way to validate and test security controls, threat detection capabilities, logging levels in an environment, and incident response workflows. Simulating cyber attacks in this manner allows for security teams to proactively identify and remediate gaps; however, if not performed correctly, security teams may end up with a […]

3 Signs It’s Time to Rethink Your Security Operations Strategy

Today, the security industry is over-saturated with technologies and tools. While many enterprises have established or are setting a foundation for their security operations with Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR), there are countless point solutions arising to extend them, from SOAR to CASB, UEBA and more. Although each […]

Remote Workforce Security: How to Leverage Automation

Updated May 2021 Adopting end-to-end security automation is a top priority for most enterprises – but the rapid shift to remote work models has forced many organizations to accelerate their adoption of automation. Faced with new challenges of reestablishing baselines and a growing number of endpoints, how can security teams leverage automation to maintain visibility […]