Breaking Down the Real Meaning of an XDR Solution
Read More DZP, Poland's top law firm chose Fidelis Security as a single platform
Exclusive Webinar: Your NDR is not doing enough! Find out what you need to supercharge it!
In response to the ongoing national emergency for COVID-19, organizations and federal agencies are using a wide variety of technology capabilities to ensure operations and missions continue advancing, especially as most organizations increase their telework presence. This unprecedented volume of telework brings with it a number of new security challenges and considerations. Here’s a brief overview of best practices for ensuring your telework program is being carried out effectively and securely.
Organizations should begin by ensuring their Standard Operating Procedures are capable of supporting telework and remote monitoring/management of your infrastructure. Some may already have a large telework presence, in which case their SOPs may already cover work at home and remote management of the infrastructure – but now is a good time to verify that. Test each SOP by asking “how would we do that remotely?”
If the SOP doesn’t cover work at home and remote management of your infrastructure, then considering extending procedures so that it has clear and repeatable processes for supporting remote operations. This is especially important now as security operations teams may not be as available as they were under a more traditional work environment.
Federal agencies can find more information by referring to OPM’s Telework Guidance or NIST’s Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions documentation.
Virtual Private Network connections are the most common remote access method used by enterprise organizations and federal agencies. However, VPN vulnerabilities are constantly being discovered and exploited by malicious actors. As the backbone of telework, VPN security and policy needs to be carefully considered. Here are some of the most important steps agencies can take:
Federal security teams can find more detailed guidance on CISA’s VPN-Related Guidance webpage.
Last but not least, your work at home employees will likely be getting their Internet access via a home network, so it certainly helps to ensure your remote workers are securing those networks with best practices.
Federal agencies can refer to CISA’s webpage for Securing Wireless Networks for more information on securing home networks.
One of the primary avenues of attack for cyber adversaries is phishing. Phishing attacks trick end users into responding to a phone call, opening an email link or visiting a compromised domain in order to solicit personal information or introduce malware onto the victim’s device or larger enterprise. All teleworking employees should be aware of the danger of phishing and take steps to actively protect themselves against it. Best practices include:
Federal agencies seeking additional information, including what to do if you are the victim of a phishing attack, can refer to CISA’s Security Tip page for Avoiding Social Engineering and Phishing Attacks.
Threat actors continue to take advantage of the COVID-19 pandemic and continue to evolve and adapt their attack techniques to bypass detection. Enterprises and agencies need to plan for how they will remotely respond to cyber incidents, perform digital forensics to determine the extent of the infection, and remediate the infected devices or their telework employees.
Endpoint Detection and Response tools allow security operations personnel to quickly determine the extent of the infection, quarantine and clean up infected machines, and bring those machines back online – all remotely. Automation features within EDR enable your agency’s security operations team to remotely and globally change device configurations and deploy updated cybersecurity detection and response rules to your EDR agents, allowing you to deploy synchronized changes across your distributed assets in response to an intrusion and/or emerging cyber threats.
EDR also allows you to better manage and track vulnerabilities by generating an inventory of software loaded on your endpoints, comparing that against CVEs, and reporting the update and patch status of each endpoint – helping you to identify and mitigate risks that can be exploited through Phishing attacks.
Finally, EDR can be used to report other threat indicators such as reading and writing to USB devices and excessive processor and disk utilization that could be an indicator of an ongoing attack. This reporting enables your security operations team to track your exposure to threats in real time and coordinate remediation of unpatched devices.
Rami Mizrahi is the Vice President of Research and Development for Deception at Fidelis Security. He has been leading the Deception R&D team for over six years, since the inception of TopSpin Security and through the acquisition by Fidelis Security. Prior to that, he led the WAF development team at Breach Security. Rami has over 20 years of experience in software development, specializing in enterprise security.
See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.