Happy HaXmas! We hope everyone is having a wonderful holiday season so far. This year has been wild and unpredictable, and has brought unique risks and threats to the forefront of business activities. So, to help everyone stay safer in 2021, the Strategic Advisory Services team here at Rapid7 is going to share some security recommendations going into the new year to help you better secure your business and minimize risk.
Governance around remote work and work from home
When the pandemic hit, many companies found they lacked governance around remote work and mobile devices because they hadn’t facilitated that type of work in the past. Many companies were—and still are—resistant to change and averse to work-from-home opportunities for their employees.
If you find yourself in that position, consider implementing policies for acceptable use around remote work, mobile devices, and bring-your-own-device (BYOD). Having these policies and measures in place will help ensure employees are aware of what is and is not acceptable use of company assets or networks, what their responsibilities are, and organizational expectations and processes.
Mobile device management
Mobile device management is key when it comes to implementing work-from-home security measures. Without the ability to manage and protect remote endpoints, the risk is higher that your company network could be compromised by an unsecured system utilizing a VPN to access company networks. Additionally, ensure you have controls in place to limit corporate VPN access to corporate-owned and -controlled devices—you don’t know (and probably don’t want to know!) what is lurking on systems that may not be protected from internet threats.
Consider vulnerability management, antivirus, and anti-malware tools as primary requirements for corporate endpoints in the wild. Many companies haven’t had the ability to update antivirus on systems that aren’t connected to the company network or patch those same systems when not connected. Utilizing cloud-based solutions that can be updated remotely without first needing a VPN connection to the company network is ideal in the post-pandemic world.
Rapid7’s InsightVM tool can give you the cloud-based vulnerability management capabilities that you need to assess remote corporate endpoints.
Securing VPN connections
How many companies were caught without an operational client VPN option when the lockdowns went into effect? Many customers that we have spoken to during the pandemic had to rush to implement VPN solutions, whether that was a client-based VPN or some type of SSL VPN solution, to allow employees the ability to work from home.
While implementing these VPN solutions, many customers opted for the get-it-working approach and failed to secure those VPN entry points as well as they should have. One way of ensuring VPN connections are protected is to require users to use multi-factor authentication (MFA) to remotely log in to the company network. This will help to protect VPN accounts from compromise by adding a layer to the authentication process.
Having a pre-authentication check for security compliance on your VPN connections will also help ensure systems that are not properly configured or contain a vulnerability are not able to connect to the company network without the issue being remediated. This will help lessen the exposure of the company network through poorly secured remote endpoints. These capabilities are provided by many VPN solution and network access control solution providers.
Securing data in the cloud
We have seen many of our customers making the move to the cloud, using solutions like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.
Securing your data in the cloud is key, even when there is not an ongoing pandemic. Ensure that your cloud infrastructure is secured and well protected from possible attack or compromise. While the security of the cloud platform is the responsibility of the provider, the security of the systems and data that you place in the cloud is your responsibility, and no one else is going to do it for you.
A strong identity access management (IAM) program implemented for your cloud systems can help you control permissions to resources and help prevent data loss or theft.
It’s extremely important to monitor your cloud deployments so you can detect any suspicious or anomalous behavior or activity. Can you detect a brute force attack in your cloud environment? Can you detect suspicious behavior in a timely fashion? If not, look at Rapid7’s InsightIDR tool to give you that capability, and much more.
Validating protective measures
The validation of protective measures should be performed regardless of whether we are responding to a pandemic, but it is important even more now than ever before. Many security and IT teams have deployed new solutions and measures to provide for their remote employees and have been busy responding to these new requirements during the pandemic.
Now that we are into eight months or more of working from home and social distancing, companies should begin the process of testing their protective measures and newly deployed security tools. This can be done through red, blue, or purple teaming or engaging third-party penetration testing teams to help ensure your newly deployed systems are protecting the network and remote endpoints as you believe them to be.
More HaXmas blogs
- Help Others Be "Cyber Aware" This Festive Season—And All Year Round!
- UPnP With a Holiday Cheer
- Metasploit Tips and Tricks for HaXmas 2020
- Rapid7 Labs’ 2020 Naughty List Summary Report to Santa
- Taking Inspiration from Our Security Nation in an Otherwise Uninspiring Year
- Metasploit 2020 Wrap-Up
- Predicting the Unpredictable: What Will the Cybersecurity Space Look Like in 2021?
- HaXmas Hardware Hacking