As enterprises enforce remote working – at short notice – they face the question of how will their security teams identify bad actors and vulnerabilities in a time of massive user behavior change?

remote workforce solutions

1.Log all remote access events.

Attribute events to the associated user and monitor for anomalies using security monitoring tools such as security information and event management (SIEM) and/or user and entity behavior analytics (UEBA).

2. Monitor your data exfiltration points.

Users will need to download data to their machines in order to work from home. It is critical to monitor, attribute, and analyze logs from key exfiltration points – including VPN session logs, data loss prevention (DLP) solutions, Microsoft Office 365, Box, and other data sharing solutions, as well as email gateways such as Cisco ESA (IronPort) or Proofpoint  – in order to detect any malicious exfiltration attempts.

3. Log access events and transactions for your critical applications and analyze them for anomalies.

Typically, the focus of security teams is on protecting the network, they seldom look at applications.  However, with application access moving out of the corporate network, application security becomes paramount, even more than network security.

4. Monitor user entitlement (user access) details.

Monitor both Active Directory as well as other critical applications. Analyze for anomalies such as terminated user accounts that may still be active, sudden privilege escalations, and the use of dormant accounts.

5. Monitor for credential sharing.

Employees may be tempted to share credentials in order to get quick access and avoid lengthy access request processes. Monitor specifically for land speed anomalies such as a user simultaneously logging in from multiple locations, or a user badged into an office but logging in remotely.

6. Monitor remote access devices.

In addition to proactively monitoring your internet-facing RDP/VPN infrastructure, we recommend leveraging the NIST guidance regarding securing enterprise and telework access to implement the additional required controls to help further mitigate the risks associated with malicious threat actors possibly obtaining and exploiting RDP shop-based access credentials.

7.Ensure that your internet-facing VPN/RDP servers are up to date.

Also, make sure that they are ready for spikes in remote access activity depending on your current situation.

8. Beware of COVID-19/Coronavirus-related phishing schemes and fake alerts/health advisories.

We’ve been observing malicious phishing implants increasingly evading sandboxing/detonation. Our recommendation is to implement a more in-depth “Assume Breach” approach in your environment. If your IOC (Indicators of Compromise) and sandbox-based checks fail, make sure you have checks and monitoring in place for staging/post-exploitation detection.

9. Enforce multi-factor authentication where possible.

Dictionary attacks is the most common way of compromising credentials on internet facing devices. With the increase in remote access for employees, contractors, and business partners, you should consider enforcing strong authentication and authorization controls to minimize the risk of compromise.

10. Enforce peer based and segregation of duty (SOD) checks.

With a large number of employees requesting remote access, the business is likely to push to allow employees as much access as possible in order to avoid business disruption. However, it is important for security and IT teams to maintain SOD and peer-based checks to ensure that the access granted is aligned to the job role of the employee.

Coronavirus caution forces support for the largest number of remote workers in history

For most organizations, this outbreak has shifted supporting “work from home” to the top of the IT to-do list. As your HR department and executive team are undoubtedly asking, what does the IT organization need to do to support — and secure — a huge increase in the number of remote and mobile workers? Here are a few considerations that can help you rapidly scale your support for work-from-home employees:

 

Provide easy access to on-premises apps and resources

Remote Access

If you are already a completely cloud-based company, then you are pretty well set (although you might want to make it easier for folks to discover apps and request access, and for IT to automate account provisioning, and provide Single Sign-on (SSO) to those apps). But what about the rest of businesses out there? Most are hybrid, supporting both on-premises apps and cloud apps. What options do they have?

One option is to provide a VPN connection. While this might seem like a quick solution, the fact remains you probably didn’t plan your VPN infrastructure to scale to the number of workers that you will find are working remotely all at once. Also, you need to consider the security exposure that leaves you with so many more remote folks with access to your entire corporate network. If you must use a VPN, at least consider implementing multi-factor authentication at the VPN.

A better solution is to provide access directly to the applications through an application gateway and limit access to only those employees that need it. This approach can eliminate the risk inherent in VPN solutions with secure, behind-the-firewall access to on-premises applications. And by using a cloud-based app gateway there is no hardware to install or maintain, no firewall rules to change, and no need to provide full network access for external users.

 

Leverage Single Sign-on and self-service for cloud and on-premises apps

Sign sign onWhile adopting cloud apps made working from home or remotely easier than ever before, the growth in the number of associated accounts created many headaches for users who frequently forget their passwords or lock their accounts. And IT is burdened not only by correcting these mistakes but also with provisioning and deprovisioning the accounts manually across all of these apps.

With Single Sign-on (SSO), access to applications is simplified, as users log in once to a web portal to request access to all the resources and assigned applications needed to do their jobs. You can also install a lightweight Windows service that connects to your Active Directory or LDAP proxy, so on-premises user repositories can easily be used.

Let’s not forget that this large shift to remote work will be new for most workers. Many will find themselves forgetting their password or locking their Active Directory account. With a cloud-based password reset and account unlock solution workers can take advantage of self-service options to reset passwords or unlock accounts, thus reducing the burden on IT departments, as the volume of password-related help desk calls and tickets decreases.

Additionally, SSO solutions simplify partner collaboration by enabling one-click access to applications for partner employees. With SSO, partners securely access your applications according to their policies and processes. Finally, SSO also makes it easy to meet compliance requirements around data access. As users log in to a portal to use assigned apps, there is complete visibility into all access events, making it easy to run reports to prove compliance to auditors.

 

Ensure secure access with adaptive Multi-factor Authentication with machine-learned context

With so many employees working from home, you no longer have the control and context that a corporate network provides. To prevent identity-related breaches, companies need to implement additional security controls such as Multi-factor Authentication (MFA). The stronger security controls are, the more steps users need to take to gain access to the resources they need. This can ultimately impact both user productivity and overall happiness.

One solution that provides both security and great user experience is adaptive MFA. Unlike traditional MFA, adaptive MFA leverages device, network, location, and other contexts to assign risk to each access event and allow the creation of access policies that are only triggered when risk is deemed high. When used together, SSO and adaptive MFA enable companies to realize the advantages of SSO while minimizing the risk.

One of the problems with most MFA solutions is that they only allow you to skip the extra MFA steps when certain conditions are true, like when a user is working from the corporate network. If everyone is remote, you lose that trusted context that you can easily put into a rule. That is where a user behavior risk analytics solution comes into play. A risk-based machine learning system can observe and determine the “normal” behavior of a worker, like working from a home location during certain hours of the day, and deem that to be a lower risk requiring far less friction than say, a brand new location during the middle of the night which should prompt for more factors of authentication.

 

Conclusion

While COVID-19 might be the unfortunate trigger of an emergency response plan designed to support a temporarily remote workforce, the measures described here will reap long-term benefits in both productivity and security — especially if the new work culture becomes the norm.

A combination of a remote application gateway, SSO, and adaptive MFA can help you rapidly scale up your support for this influx of new remote and work-from-home workers. By eliminating friction for your end-users and reducing the burden on your IT administrators and help desk, you will help free up the time spent wringing our hands in worry to allow us all to be washing our hands more frequently — and still get our jobs done.

In this data driven world, it is essential to secure your organization’s digital assets. Since the number of data breaches, ransomware, malware attack, etc. has been thriving like no time. Things are rapidly changing, and security has become the topmost priority, irrespective of the industry. It is never a dull moment with hackers making us wary of the possible cyber-attacks. This nightmarish attack can be avoided but the obvious question is how to secure your data? It’s quite simple, all you must do is implement Identity and access management (IAM) in your organization to effectively manage the identities across your organization. Here are some best approaches to handle IAM to secure your business.

Data Security

Strengthen your Identity and access management system

Implementing Identity and access management in an organization is to manage and secure the user’s data and identities. So, a proper strategy must be conceived, and different cloud-based applications must be managed from one single location which prevents the need to memorize passwords for multiple applications. This effective solution mitigates the chances of data breaches immensely.

Attain complete visibility through audit and compliance

Auditing is another vital factor in business to increase the visibility of business data. Using IAM audit trails, the business can keep track of all activity of the user from login to logout. Apart from that, management can keep track of how well the employees follow the policies and update them accordingly to avoid suspicious threats.

Employees privilege and access

With business data evolving day by day, data seems to be more valuable than oil and data breach can easily happen without any proper management of user’s privilege and access. Using IAM to provide the right access at the right time for the right user is just a piece of cake and an effective way to secure the business data.

Companies are opting for the best way to secure data and it is necessary to stay updated. By implementing Identity and access management in your organization, you can safeguard your customer data.

In today’s dynamic IT security landscape, rising security alerts and falling skills shortage is forcing IT decision-makers look at suitable solutions. Deploying security orchestration, automation and response ( SOAR) is the best answer. The job of the SOAR platform is to identify all threats and automate response for as many of them as possible. Nowadays, SOAR is enabled to make use of AI more effectively and built to rapid response to detected threats.

Predominantly, SOAR solutions can be seen in Security operations centers (SOC), taking advantage of it. Typically, SOAR solutions start small and automate where applicable so that the security posture can move from a level to another and moves to next levels based on the requirements. As the SOAR platforms evolve, they are requiring less experience from users.

SOAR provides a quick and accurate way to process large volumes of alerts and log data. Security analysts can take prompt action and respond to attacks also at the same time stay ahead of future attacks,

Many vendors offer SOAR products in the form of pre-built playbooks, guided investigation workflows, and automated alert prioritization, resulting in significant cost reduction and saving time. Seizing the opportunity, given that the entire eco-system is shifting to the cloud from on-premises and legacy, SOAR vendors are now offering SOAR as a service, and SOAR managed services. Prominent SOAR vendors are: ATAR Labs, Ayehu, Cyber bit, CyberSponse, D3 Security, Demisto, DFLabs, EclecticIQ, IBM, SplunkRapid7, Resolve, ServiceNow, Siemplify, Swimlane, Syncurity, ThreatConnect, and ThreatQuotient

SOAR – First coined by Gartner in 2017, SOAR is the best IT security solution that is allowing organizations to effectively, and efficiently reduce their overall security risk. According to Gartner by 2021, 70% of organizations having dedicated SOC, will include SOAR capabilities. It is estimated that the current SOAR market is close to $900 million, and will be close to two billion dollars in the next five years,

Discussed below are few of the SOAR capabilities, that it has to offer:

  • Threat intelligence
  • Case management based incident response
  • Vulnerability management – based on live data
  • Endpoint detection and response
  • Playbook management – create and manage playbooks

SOAR is on a definitive growth plane and is hugely driven with the fact that rising cyberattacks, shortage of skilled staff, tighter IT security regulatory compliance norms, and the steep rise in alerts are a good case for SOAR to its adoption. More SOC’s will adopt SOAR in a big way. Most organizations may look at third-party vendors to manage their SOAR, as they may lack the depth of expertise. While evaluating a good SOAR vendor, IT leaders must see if the vendor has an in-depth understanding of the organization’s IT environment, and challenges.

Halloween is the time when people dress up and revel in the spook, scary way. Halloween is perhaps the one night of the year, when ghosts, ghouls, goblins roam in the streets, Kids enjoy trick or treat going to houses to get candies. In the business world, Halloween is not a single night it is almost daily, as cyber attackers are on the constant prowl to launch an attack. Halloween is the perfect time to re-look at your applications that they are fully secure and get well prepared for any future tricks.

Cyber-attacks happen in various sizes, various ways, various forms and the stakes are high – data breaches, ransom ware, phishing, all pose serious threats. According to Verizon 2019, the report indicates that 21 of percent data breaches were caused by human mistakes. Protecting sensitive data personal data, corporate data is highly critical to organizations.

Preventive steps that can be taken to mitigate against possible attacks:

  • Make cyber security part of your business plan
  • Do not take security lightly, and resolve the issues before they make any come back to haunt
  • Implementation of powerful cyber security tools can help to tackle unexpected threats
  • Enable developers with proper training on security tools
  • Incorporate AI to boost cyber security
  • Use of AI in threat detection and incident management is well advised
  • Multi factor authentication (MFA) is an effective tool to prevent un-authorised access on social media accounts
  • Comply to regulatory laws like GDPR, CCPA to maintain consumer privacy and security.

Halloween is celebrated each year on October 31.  Its origins go back to the ancient Celtic festival of Samhain, wherein people light bonfires and wear costumes to ward off ghosts. Halloween is a day of activities like trick-or-treating, carving jack-o-lanterns, festive gatherings, donning costumes and eating treats. Halloween is the perfect reminder to stay safe and ward off those cyber attackers from your systems.

Happy Halloween!

Most organizations run on multi cloud environments, given the digital transformation that is taking place.  This broadly means that organizations decision to run enterprise applications in multiple cloud environments like public, private, or hybrid, and the decision to use a mix of cloud service providers, also this can involve multiple infrastructure as a service (IaaS) vendors as well.

A Gartner survey indicates that 81% of respondents said that they are working with two or more service providers. The reason for it can be the move towards agility and minimize vendor lock-in.  The global cloud security market is expected to size up close to $10 billion by next year.  The switch to a multi cloud strategy can see benefits of having more flexibility than getting locked into one vendor’s platform, allowing more time to innovate and reduced cost savings.

An organization’s main business asset is ‘data‘.  In a typical multi cloud environment means data is stored in multiple locations, that could be over public/private clouds, SaaS platforms, and on- premise.  Protecting such data that runs on the cloud is the organization’s responsibility, as the security of the data moves out of the organization’s network.

Security challenges that is faced in multi cloud environment includes:

  • Integration gaps within cloud and on-premise IT infrastructure that may expose the business assets
  • Delivery of business services from a heterogeneous set of clouds may not be secure
  • Assessing security of data stored, and data flows in a cloud environment, or within servers of SaaS providers poses a big challenge
  • Challenges represented by unique portals, migration of apps, and other security challenges
  • Larger vulnerability landscape – multi cloud to on premises
  • Misconfiguration of a multi cloud environment

Mitigate the Challenges:

  • Ensure that your business partner’s and other stakeholders understand the shared security model, and how it is applied to multi cloud, and on-premise environment
  • Ensure that the cloud and infrastructure vendors understand the scope of the security measures, and requirements
  • Threat detection and containment across multi cloud
  • Ensure visibility into workloads running in multi cloud vendors identify and mitigate risks
  • Automate the management and response to security events using Security Orchestration, Automation and Response (SOAR) tools
  • Ensure that the cloud and infrastructure vendors that the security tools deployed is fully compliant with regulatory standards like HIPAA, PCI DSS, FISMA,and SOX
  • Scaling security measures in pace with business needs

IAM is the first choice to avoid a data breach.  Many organizations, and government agencies seem to ignore this fact completely or simply don’t give importance to it.  IAM is also termed access management or digital identity.  IAM is designed to define security policies and technologies ensuring that the right people in an organization, have the correct access, to technology resources.

With cyberthreats everywhere, IAM broadens and widens the security scope and brings more security power to an organization. IAM ensure the right people get the right access at the right time securely without any obstacles and manages the digital assets in an organization.

IAM tools include password-management tools, provisioning software, security-policy enforcement applications, reporting and monitoring apps and identity repositories. IAM is also available in on-premises systems like Microsoft SharePoint and cloud-based systems like Microsoft Office 365.

” Click here to download the Identity and Access Management eBook”

Here is what makes identity management critical to enterprises:

  • User Credentials are often compromised which serves as an entry point into an organization’s network and its digital assets.
  • SSO with SAML with multi factor authentication (MFA) layer
  • IAM also helps in Managed services and for certain specific users, they can be granted Privilege Access Management
  • Enterprises use identity management to safeguard their information assets against the rising threats of ransom ware, criminal hacking, phishing and other malware attacks.
  • Regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley, and HIPAA hold organizations accountable for controlling access to customer and employee information.
  • IAM helps in organization’s compliance and regulation policy.
  • The growing popularity of connected devices and the Internet of Things (IoT) are expected to create a substantial demand for IAM solutions within organizations.
  • Government bodies with its strict compliance to restraint the increasing number of data theft has made organizations to improve their IT security.
  • The demand for IAM is soaring high which is due to the policy-based compliance and audit management.

The global IAM market size is expected to reach USD 24.12 billion by 2025, at a CAGR of 13.1% over the forecast period according to a new report by Grand View Research, Inc. Proliferation of cloud services and Bring Your Own Devices (BYOD) within the organization have raised concerns and provided a potentially gateway for threats.

In today’s dynamic IT security landscape, rising security alerts and falling skills shortage is forcing IT decision-makers look at suitable solutions. Deploying security orchestration, automation and response ( SOAR) is the best answer. The job of the SOAR platform is to identify all threats and automate response for as many of them as possible. Nowadays, SOAR is enabled to make use of AI more effectively and built to rapid response to detected threats.

Predominantly, SOAR solutions can be seen in Security operations centers (SOC), taking advantage of it. Typically, SOAR solutions start small and automate where applicable so that the security posture can move from a level to another and moves to next levels based on the requirements. As the SOAR platforms evolve, they are requiring less experience from users.

SOAR provides a quick and accurate way to process large volumes of alerts and log data. Security analysts can take prompt action and respond to attacks also at the same time stay ahead of future attacks,

Many vendors offer SOAR products in the form of pre-built playbooks, guided investigation workflows, and automated alert prioritization, resulting in significant cost reduction and saving time. Seizing the opportunity, given that the entire eco-system is shifting to the cloud from on-premises and legacy, SOAR vendors are now offering SOAR as a service, and SOAR managed services. Prominent SOAR vendors are: ATAR Labs, Ayehu, Cyber bit, CyberSponse, D3 Security, Demisto, DFLabs, EclecticIQ, IBM, SplunkRapid7, Resolve, ServiceNow, Siemplify, Swimlane, Syncurity, ThreatConnect, and ThreatQuotient

SOAR – First coined by Gartner in 2017, SOAR is the best IT security solution that is allowing organizations to effectively, and efficiently reduce their overall security risk. According to Gartner by 2021, 70% of organizations having dedicated SOC, will include SOAR capabilities. It is estimated that the current SOAR market is close to $900 million, and will be close to two billion dollars in the next five years,

Discussed below are few of the SOAR capabilities, that it has to offer:

  • Threat intelligence
  • Case management based incident response
  • Vulnerability management – based on live data
  • Endpoint detection and response
  • Playbook management – create and manage playbooks

SOAR is on a definitive growth plane and is hugely driven with the fact that rising cyberattacks, shortage of skilled staff, tighter IT security regulatory compliance norms, and the steep rise in alerts are a good case for SOAR to its adoption. More SOC’s will adopt SOAR in a big way. Most organizations may look at third-party vendors to manage their SOAR, as they may lack the depth of expertise. While evaluating a good SOAR vendor, IT leaders must see if the vendor has an in-depth understanding of the organization’s IT environment, and challenges.