How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable for remote work? How many of you had no idea how to make that happen, seemingly (and sometimes literally) overnight? How many of you were already prepared for such an event?
Remote workforces and mobile device management (MDM) are more important than ever in 2020’s pandemic reality. Unmanaged remote endpoints are one of the biggest risks to an organization’s cybersecurity posture today.
Don’t think of remote endpoints solely from the isolated ransomware/malware infection standpoint. Instead, think of them from a MITRE ATT&CK matrix perspective. Ask yourself these questions:
- Can attackers gain access to the endpoint?
- Can attackers establish persistence?
- Can attackers perform data collection and exfiltration?
- What could an attacker achieve by compromising an unmanaged remote endpoint?
- What can that endpoint bring back to the enterprise network with it when it returns to the office?
While working with Rapid7 customers over the past several months of quarantine and lockdown, it’s evident to me that many companies were caught completely off guard when facing the reality of being unable to work from their corporate offices.
Many customers have no ability to manage their endpoints remotely without them being connected to the company VPN, or in many cases, are unable to manage them at all. Many times, these VPN connections are unreliable, or the company had not planned for the network overhead required for a thousand employees connecting to the company VPN at the same time.
Companies have spent large amounts of money over the past several months rolling out more robust VPN solutions and mobile devices (like laptops and tablets) for users to be able to perform their jobs remotely. And security has seemingly taken a backseat to these larger efforts to keep workforces employed and productive.
Here are a few solutions we’ve seen many of our customers using for remote productivity and connectivity:
- VPN: Company-controlled VPN service installed and configured on remote endpoints for users to connect as necessary.
- Always-On VPN: A VPN connection that is “always on,” whenever the endpoint is connected to the internet. This configuration is more secure, as users are forced to connect to the company network in order to perform any work that requires the internet or network resources. This can help ensure users are not surfing dangerous websites or using other unapproved services such as personal email or file-sharing sites to perform official work.
- Bring-Your-Own-Device (BYOD): BYOD scenarios include installing a company-controlled VPN client and configuration on an employee-owned device. This configuration is less than desirable due to the inability to control the remote endpoint in any capacity due to the lack of ownership.
- Loose Controls: Some customers have even relaxed security measures that were in place prior to the pandemic. Due to the speed with which companies were forced to loosen security measures—such as removing multi-factor authentication requirements and disabling password rotation requirements—these actions have left some companies at great risk of being compromised.
Cloud-based remote management and security solutions are the key to beating remote work requirements imposed by federal and local governments.
There are still a large number of companies that seem to be cloud-averse when it comes to anything to do with endpoints or security, but this new reality makes it necessary to start adopting cloud-based solutions to manage your enterprise network.
Cloud managed services to consider for a completely remote or mostly remote workforce
A cloud-based antivirus solution that does not require connectivity to the enterprise network in order to receive signature or software updates is crucial in this new dynamic. Users are taking their systems to their home wireless networks, which have notoriously weak security.
Anti-malware and endpoint detection and response (EDR)
Having an EDR and anti-malware solution that is able to report to a cloud-based management console is also important to prevent malware infections and alert on suspicious or anomalous activity.
Having a cloud-based vulnerabaility management solutionsystem in place that can report back to a centrally managed vulnerability management system is important for assessing the overall level of risk that an organization has in regard to remote endpoints.
An effective asset management solution is crucial for an effective vulnerability management program. You cannot patch or secure what you do not know you have on your network. Asset management systems also help with remote support and resource planning.
Patch and software deployment
Are you able to patch or update software on remote endpoints easily and effectively? Is your current patch management solution able to reach remote endpoints reliably? Having a cloud-based patch and software deployment solution is key to ensuring your endpoints are kept up-to-date with the latest patches and version updates.
Data loss prevention
Are you able to see company data flowing across the enterprise network? Can you monitor the types of data flowing through VPN connections, personal emails, or cloud-based file sharing solutions?
These areas are just a few of the most important MDM or RMM solutions needed in today’s pandemic toolbox for the IT security professional.
If you already have some of these areas covered, can your tools integrate with one another to provide a single pane of glass administration console that enables your IT and security teams to perform day-to-day tasks?
Where can you consolidate tools into one platform? Can your patching solution act as your asset management solution as well? Can your endpoint detection and response system be a remote SIEM solution or a User Behavior Analytics system?
COVID-19 has altered the attack landscape forever. Work from home is likely not going anywhere and will only become more necessary as lockdowns continue. Some organizations have even opted to close offices and work remotely on a permanent basis after discovering how well their teams were able to work from the house. The need for mobile device management and the ability to detect and remediate vulnerabilities on remote endpoints is now a necessity rather than a convenience.