Preempt Blog

The latest insights and advice to keep your company protected from insider threats and breaches

The CISO Best Practices Guidance on Securing Access for Your Remote Workforce

CISOs and technology leaders who wrestle with a complex and expanded threat landscape after the recent scramble to enable remote access, are now assessing the security exposure from these new deployments. Several organizations that typically employ well-defined remote teams are now facing challenges while enabling remote access to all their employees. 

Some of the general security risks associated with enabling remote access – most commonly through VPN, VDI and direct access to cloud apps (SaaS) – for a large number of users, include challenges in complying with existing security policies that are no longer feasible during unprecedented times when everyone is rushing to go remote. The increase in logs can also tax your SOC analysts looking at SIEM tools by increasing the burden of storing and analyzing large amounts of data. The sudden shift can also result in changes to the user’s risk profile which in turn impacts your ML analysis systems which typically analyze user behavior to detect lateral movement. 

Assess New Attack Vectors

With everyone working remotely, cyber attackers have a larger attack surface to target – as the users may access critical resources using unsecured networks and unmanaged endpoints. Without the capability to monitor remote workers and where they are logging in from, the risk of potential breach from a distributed campus environment through VPN is high. While you may need to move quickly to allow your employees and contractors to work remotely, you can still make sure that only admins and users are allowed in and not any attackers. How? By enabling Multi-Factor Authentication (MFA) you can help mitigate unwanted access to your systems.

Monitor and Evaluate Policy Controls

According to the Data Breach Investigation Report from Verizon, “76% of network intrusions exploited weak or stolen credentials.” When your sources of risk are constantly changing, your team must be ready to make any necessary adjustments to the framework, which typically involves incorporating new monitoring tools and techniques. Frameworks like MITRE ATT&CK can help address specific threat areas. For instance, if your organization is susceptible to ransomware, you can determine and understand how it moves throughout the network using the MITRE ATT&CK framework. Also, the MITRE framework gives companies a roadmap to find risk gaps if there are changes in access policies.

Organizations with highly confidential information must take steps to verify that the users accessing it are who they say they are. You need to enforce identity verification by tracking user activity and initiate additional verification techniques like MFA based on user behavior every time user activity looks suspicious. 

Also, for further protection Conditional Access solutions can take this a step further and detect when remote administrative protocols (such as RDP) are being used for either legitimate or malicious use based on identity, behavior, and risk. Both alerting and real-time response provide greater defense in depth when an exploit happens. Also, reducing privileged account usage as much as possible can provide an additional way to reduce risk. Some of the immediate steps you can take to secure remote access for your organization are:

  • Closing gaps in your existing security stack that may miss threats when going remote via VPN, Virtual Desktop, and SaaS/Cloud access
  • Gaining visibility and risk measurement for a range of threats like lateral movement and credential compromise.
  • Taking steps to gain secure remote visibility and control over employees, contractors, and privileged users

Build a Zero Trust Program in a Complex Environment

In our recent CISO panel discussions on securing remote access for the workforce, we had many attendees asking questions on “How ‘Zero Trust’ can be implemented in a complex corporate environment where there are other important things to address and many issues to solve?”. 

One of our panelists, Randy Conner, VP IT Security of InterContinental Hotels Group (IHG) highlighted that we need to start by breaking down what we need to achieve Zero Trust, and identify projects that can be implemented now. Also, look for opportunities to piggyback by adding capabilities to other projects that are already in place. For instance, when rolling out MFA in a corporate environment you can also add capabilities to identify unusual patterns by analyzing user behavior. This helps build a risk profile to help security teams become proactive about improving security posture.

Will Passwords Be Replaced With Password-Less Experience?

Roman Blachman, CTO and Co-Founder of Preempt Security pointed out that many enterprises are usually surprised about the findings and also frustrated that passwords can be the weakest link in their IT security due to prevalence of weak passwords, password rotation, etc. 

Going fully password-less is a journey and there are many instances where enterprises use biometrics and physical tokens to enhance multi-factor authentication, but these can’t be changed and if compromised, it can cause a big impact on the enterprise’s security posture. So, passwords will be here to stay at least for the near future along with password-less systems like biometric authentication methods.

There were several other interesting questions from attendees during the panel discussions, like “How do you protect against Maze ransomware while securing remote access?” or “What are best practices for securing your remote access?”, and so on. Find out the answers to these questions and start securing remote access today by watching the webinar where CISO panel speakers Randy Conner, VP IT Security at InterContinental Hotels Group, and Roman Blachman, CTO and Co-Founder of Preempt Security, provide actionable best practices and guidance on enabling and securing remote access.

Access the webinar, today.

Topics: CISO, Risk,

Posted by Narendran Vaideeswaran on May 22, 2020 2:16 PM

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More

Developer

What State-Sponsored Attacks Can Teach Us About Conditional Access

People often think that state-sponsored attacks from groups like Lazarus...

Read More

Events

A Simplified Approach to Network Segmentation

Network segmentation has long been one of the most valuable tools for protecting ...

Read More

Research

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major

Read More

Product

Brute Force Attacks: Denying the Attacker, Not the User

According tohaveIbeenpwned.com, close to 8 billion accounts have been compromised...

Read More