All posts by Justin Turcotte

How COVID-19 Reinforced the Need for Mobile Device Management

Post Syndicated from Justin Turcotte original https://blog.rapid7.com/2021/01/07/how-covid-19-reinforced-the-need-for-mobile-device-management/

How COVID-19 Reinforced the Need for Mobile Device Management

How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable for remote work? How many of you had no idea how to make that happen, seemingly (and sometimes literally) overnight? How many of you were already prepared for such an event?

Remote workforces and mobile device management (MDM) are more important than ever in 2020’s pandemic reality. Unmanaged remote endpoints are one of the biggest risks to an organization’s cybersecurity posture today.

Don’t think of remote endpoints solely from the isolated ransomware/malware infection standpoint. Instead, think of them from a MITRE ATT&CK matrix perspective. Ask yourself these questions:

  • Can attackers gain access to the endpoint?
  • Can attackers establish persistence?
  • Can attackers perform data collection and exfiltration?
  • What could an attacker achieve by compromising an unmanaged remote endpoint?
  • What can that endpoint bring back to the enterprise network with it when it returns to the office?

While working with Rapid7 customers over the past several months of quarantine and lockdown, it’s evident to me that many companies were caught completely off guard when facing the reality of being unable to work from their corporate offices.

Many customers have no ability to manage their endpoints remotely without them being connected to the company VPN, or in many cases, are unable to manage them at all. Many times, these VPN connections are unreliable, or the company had not planned for the network overhead required for a thousand employees connecting to the company VPN at the same time.

Companies have spent large amounts of money over the past several months rolling out more robust VPN solutions and mobile devices (like laptops and tablets) for users to be able to perform their jobs remotely. And security has seemingly taken a backseat to these larger efforts to keep workforces employed and productive.

Here are a few solutions we’ve seen many of our customers using for remote productivity and connectivity:

  • VPN: Company-controlled VPN service installed and configured on remote endpoints for users to connect as necessary.
  • Always-On VPN: A VPN connection that is “always on,” whenever the endpoint is connected to the internet. This configuration is more secure, as users are forced to connect to the company network in order to perform any work that requires the internet or network resources. This can help ensure users are not surfing dangerous websites or using other unapproved services such as personal email or file-sharing sites to perform official work.
  • Bring-Your-Own-Device (BYOD): BYOD scenarios include installing a company-controlled VPN client and configuration on an employee-owned device. This configuration is less than desirable due to the inability to control the remote endpoint in any capacity due to the lack of ownership.
  • Loose Controls: Some customers have even relaxed security measures that were in place prior to the pandemic. Due to the speed with which companies were forced to loosen security measures—such as removing multi-factor authentication requirements and disabling password rotation requirements—these actions have left some companies at great risk of being compromised.

Cloud-based remote management and security solutions are the key to beating remote work requirements imposed by federal and local governments.

There are still a large number of companies that seem to be cloud-averse when it comes to anything to do with endpoints or security, but this new reality makes it necessary to start adopting cloud-based solutions to manage your enterprise network.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Cloud managed services to consider for a completely remote or mostly remote workforce

Antivirus

A cloud-based antivirus solution that does not require connectivity to the enterprise network in order to receive signature or software updates is crucial in this new dynamic. Users are taking their systems to their home wireless networks, which have notoriously weak security.

Anti-malware and endpoint detection and response (EDR)

Having an EDR and anti-malware solution that is able to report to a cloud-based management console is also important to prevent malware infections and alert on suspicious or anomalous activity.

Vulnerability management

Having a cloud-based vulnerabaility management solutionsystem in place that can report back to a centrally managed vulnerability management system is important for assessing the overall level of risk that an organization has in regard to remote endpoints.

Asset management

An effective asset management solution is crucial for an effective vulnerability management program. You cannot patch or secure what you do not know you have on your network. Asset management systems also help with remote support and resource planning.

Patch and software deployment

Are you able to patch or update software on remote endpoints easily and effectively? Is your current patch management solution able to reach remote endpoints reliably? Having a cloud-based patch and software deployment solution is key to ensuring your endpoints are kept up-to-date with the latest patches and version updates.

Data loss prevention

Are you able to see company data flowing across the enterprise network? Can you monitor the types of data flowing through VPN connections, personal emails, or cloud-based file sharing solutions?

These areas are just a few of the most important MDM or RMM solutions needed in today’s pandemic toolbox for the IT security professional.

Future considerations

If you already have some of these areas covered, can your tools integrate with one another to provide a single pane of glass administration console that enables your IT and security teams to perform day-to-day tasks?

Where can you consolidate tools into one platform? Can your patching solution act as your asset management solution as well? Can your endpoint detection and response system be a remote SIEM solution or a User Behavior Analytics system?

COVID-19 has altered the attack landscape forever. Work from home is likely not going anywhere and will only become more necessary as lockdowns continue. Some organizations have even opted to close offices and work remotely on a permanent basis after discovering how well their teams were able to work from the house. The need for mobile device management and the ability to detect and remediate vulnerabilities on remote endpoints is now a necessity rather than a convenience.

Explore Our Cloud-Based Security Solutions Today

Learn More

Top Security Recommendations for 2021

Post Syndicated from Justin Turcotte original https://blog.rapid7.com/2020/12/24/top-security-recommendations-for-2021/

Top Security Recommendations for 2021

Happy HaXmas! We hope everyone is having a wonderful holiday season so far. This year has been wild and unpredictable, and has brought unique risks and threats to the forefront of business activities. So, to help everyone stay safer in 2021, the Strategic Advisory Services team here at Rapid7 is going to share some security recommendations going into the new year to help you better secure your business and minimize risk.

Reserve Your 2021 Cybersecurity History Calendar

Get Started

Governance around remote work and work from home

When the pandemic hit, many companies found they lacked governance around remote work and mobile devices because they hadn’t facilitated that type of work in the past. Many companies were—and still are—resistant to change and averse to work-from-home opportunities for their employees.

If you find yourself in that position, consider implementing policies for acceptable use around remote work, mobile devices, and bring-your-own-device (BYOD). Having these policies and measures in place will help ensure employees are aware of what is and is not acceptable use of company assets or networks, what their responsibilities are, and organizational expectations and processes.

Mobile device management

Mobile device management is key when it comes to implementing work-from-home security measures. Without the ability to manage and protect remote endpoints, the risk is higher that your company network could be compromised by an unsecured system utilizing a VPN to access company networks. Additionally, ensure you have controls in place to limit corporate VPN access to corporate-owned and -controlled devices—you don’t know (and probably don’t want to know!) what is lurking on systems that may not be protected from internet threats.

Consider vulnerability management, antivirus, and anti-malware tools as primary requirements for corporate endpoints in the wild. Many companies haven’t had the ability to update antivirus on systems that aren’t connected to the company network or patch those same systems when not connected. Utilizing cloud-based solutions that can be updated remotely without first needing a VPN connection to the company network is ideal in the post-pandemic world.
Rapid7’s InsightVM tool can give you the cloud-based vulnerability management capabilities that you need to assess remote corporate endpoints.

Securing VPN connections

How many companies were caught without an operational client VPN option when the lockdowns went into effect? Many customers that we have spoken to during the pandemic had to rush to implement VPN solutions, whether that was a client-based VPN or some type of SSL VPN solution, to allow employees the ability to work from home.

While implementing these VPN solutions, many customers opted for the get-it-working approach and failed to secure those VPN entry points as well as they should have. One way of ensuring VPN connections are protected is to require users to use multi-factor authentication (MFA) to remotely log in to the company network. This will help to protect VPN accounts from compromise by adding a layer to the authentication process.

Having a pre-authentication check for security compliance on your VPN connections will also help ensure systems that are not properly configured or contain a vulnerability are not able to connect to the company network without the issue being remediated. This will help lessen the exposure of the company network through poorly secured remote endpoints. These capabilities are provided by many VPN solution and network access control solution providers.

Securing data in the cloud

We have seen many of our customers making the move to the cloud, using solutions like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud.

Securing your data in the cloud is key, even when there is not an ongoing pandemic. Ensure that your cloud infrastructure is secured and well protected from possible attack or compromise. While the security of the cloud platform is the responsibility of the provider, the security of the systems and data that you place in the cloud is your responsibility, and no one else is going to do it for you.

A strong identity access management (IAM) program implemented for your cloud systems can help you control permissions to resources and help prevent data loss or theft.

It’s extremely important to monitor your cloud deployments so you can detect any suspicious or anomalous behavior or activity. Can you detect a brute force attack in your cloud environment? Can you detect suspicious behavior in a timely fashion? If not, look at Rapid7’s InsightIDR tool to give you that capability, and much more.

Validating protective measures

The validation of protective measures should be performed regardless of whether we are responding to a pandemic, but it is important even more now than ever before. Many security and IT teams have deployed new solutions and measures to provide for their remote employees and have been busy responding to these new requirements during the pandemic.

Now that we are into eight months or more of working from home and social distancing, companies should begin the process of testing their protective measures and newly deployed security tools. This can be done through red, blue, or purple teaming or engaging third-party penetration testing teams to help ensure your newly deployed systems are protecting the network and remote endpoints as you believe them to be.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

More HaXmas blogs